Outgoing pfSense Connection to SafeUTM via IPsec


Setting up SafeUTM

1. In the SafeUTM web interface, open tab Services -> IPsec -> Devices.
2. Add a new connection:


Setting up pfSense

1. In the pfSense web interface, go to tab VPN > IPsec > Advanced Options, and in the Child SA Start Action field select option None (Responder Only).
2. Add a new connection:

3. Save the connection.
4. Click the button Show Phase 2 Entries and add a new Phase 2 and enter the following values:

All other values can be left by default.

5. Save the connection.
6. Then you need to allow traffic to flow between the pfSense and SafeUTM local networks in the pfSense firewall (go to tab Firewall -> Rules -> IPsec and create two rules that allow traffic to flow between the SafeUTM and pfSense local networks).
7. Also pay attention to the WAN firewall section – by default, incoming traffic from "gray" subnets is prohibited in it, so you need to remove this restriction.
8. Now go to tab Status -> IPsec (the connection that was created should appear there), and click on the Connect VPN button.

The setup is complete, the connection should be successfully established.

If the connection could not be established, and the pfSense firewall settings are correct, you should recreate the connection to UTM by specifying in the field Key ID the value specified in My identifier and Peer identifier of pfSense, and try to connect again. On the pfSense side, no changes are necessary.


Revision #7
Created 27 August 2022 15:48:15 by Val Redman
Updated 13 October 2022 15:37:42 by Val Redman