As computer networking becomes more commonplace and we begin to take network connectivity for granted, users increasingly find the need to connect to private networks from remote locations. At one point, the only way to provide such connectivity was through private WAN circuits. In some cases, private WAN circuits may still be the best option, as they provide low latency and reliability; but they also have high monthly costs, and can be prohibitively expensive for many users.
Fortunately, they aren't the only option available to us. Virtual private networks (VPNs) provide us with a means of accessing a private network over a shared public network. The public network is, more often than not, the internet. Access to the private network is provided through an encrypted tunnel and, as a result, it is as if we have a point-to-point connection between the remote system and our private network. Moreover, all of this can be done with some rather generic computer hardware, such as the type of hardware that can run pfSense. Therefore, VPNs provide us with a secure means of accessing a private network from a remote location in a manner that is cost effective.
pfSense provides you with a means of easily implementing VPN connectivity. While we have to concede that a computer that barely meets the minimum specifications for pfSense is a poor candidate for VPN use—establishing and maintaining a VPN tunnel is rather CPU-intensive—pfSense can still enable you to set up a VPN much more cheaply than you would with most commercial equipment. Moreover, with third-party hardware add-ons, much of the encryption work can be offloaded from the CPU.
In this chapter, we will cover the following topics:
- VPN fundamentals
- Configuring a VPN tunnel
- Troubleshooting VPNs