FritzBox LAN 2 LAN VPN with pfSense

In this article I described how to set up a FritzBox LAN 2 LAN VPN with StrongSwan. Meanwhile I replaced Ubuntu on the server with pfSense. Of course I have set up my FritzBOX VPN connections again. So here’s a tutorial on how to set up a FritzBox LAN 2 LAN VPN with pfSense.

The prerequisites remain the same in comparison to the StrongSwan instructions:

  • Register your FritzBox with a DynDNS service (e.g. https://myfritz.net) and find your FritzBox domain name (e.g. myfb.myfritz.net)
  • Find your FritzBox’ private subnet, typically 192.168.178.0/24
  • Find (or define) the subnet on the remote site, e.g. 192.168.42.0/24
  • Find the hostname of the remote site, e.g. remote.example.com
  • Define a secret secret, e.g. S3cret123! (no, please do not use that, that’s my secret secret!)

Configure your FritzBox

Last time I presented a large configuration file that had to be imported into the FritzBox to set up the VPN connection. In the meantime I have found which encryption and hashing algorithms the FritzBox uses by default, so that we can simply use the default settings of the FritzBox and therefore the web interface built into FritzOS 7.x:

Configure pfSense

The pfSense configuration is similarly simple:

IPSec Phase 1 Configuration
IPSec Phase 1 Configuration
IPSec Phase 2 Configuration
IPSec Phase 2 Configuration

Conclusion

In my opinion, it’s pretty easy to set up a FritzBox LAN 2 LAN VPN with pfSense. The only hard thing is to figure out the preferred encryption and hashing algorithms supported by the FritzBox.

I have this running now with pfSense 2.4.4 with both a FritzBox 7490 and a FritzBox 7590.

An additional note: Sometimes does a Dual Stack connection not seem to be completely stable. In this case it helps to set Internet Protocol to IPv4 in phase 1.

Leave a Reply

Your email address will not be published. Required fields are marked *