Enter a preshared key. You can use an online generator to create one. Please save this preshared key.

Experimental, use with care

1. Go to VPN → IPsec

2. Select +Add P1

Key Exchange Version: IKEv1

Internet Protocol: IPv4

Interface: <Your pfSense WAN Interface>

Remote Gateway: Privatise ROC IP Address

Authentication Method: Mutual PSK

Negotiation Mode: Main

Peer Identifier: Peer IP Address

Pre-Shared key: the same key you generated earlier.

Encryption Algorithm

Algorithm: AES

Key Length: 256 bits


DH Group: 2

Lifetime (Seconds): 86400

Advanced Options

Disable rekey: Unchecked

Margintime (Seconds): Empty

Responder Only: Unchecked

NAT Traversal: Auto

Dead Peer Detection: Checked

Delay: 10

Max failures: 5

Select Save.

3. +Add P2

Mode: Tunnel IPv4

Local Network: Network: Put your local LAN network subnet

Remote Network: Network: (

Phase 2: Proposal

Protocol: ESP

Encryption Algorithm-AES: 256bits

Hash Algorithms: SHA1

PFS Key Group: 2

Bringing the tunnel up

1. In the Menu Bar go to Status:→ IPsec

2. On the tunnel, you created select: Connect VPN

  • configure-pfsense.txt
  • Last modified: 2021/07/21 19:30
  • by rafi