In recent years, Virtual Private Networks (VPNs) have come to play a key role in connecting to private networks over the public internet and connecting private networks at different locations to each other over the internet. They allow us to connect to private networks remotely and access resources as if they are local. At one time, such functionality was only available via private WAN circuits. Such circuits offer low latency and high reliability, but the high monthly costs make this option prohibitively expensive for many users.

Fortunately, we have the option of configuring a VPN. The downside of using a VPN, rather than a private WAN circuit, is that VPNs establish tunnels over the internet. As a result, they must be encrypted, and encrypting traffic requires processing power. Therefore, establishing and maintaining a VPN tunnel will require a system with more resources than the minimum pfSense specifications. This should be taken into consideration when selecting hardware for your system. In some cases, purchasing specialized hardware to offload some of the processing overhead from the CPU may be an economical decision, though in many cases, buying the most powerful CPU that fits your budgets will yield the biggest bang for your buck.

Hardware considerations aside, configuring VPN services in pfSense is a relatively easy process. In this chapter, we will first consider the process of choosing whether to use IPsec, OpenVPN, or L2TP. We will then cover recipes for all three of these protocols.