Skip to content

SonicWall PFSense VPN

Setting up a tunnel between two different firewalls can be rather tricky at times. Here we’ll go over configuring a VPN with a SonicWall NSA 250 on 5.9.1.1-39 with a PFSense on 2.3.1-RELEASE-p5.

Let’s go over the config on the sonicwall first. On it, I only need to get to the DMZ network on the X2 interface. There are two networks on the PFSense side, so need to create two address objects and place them in a group.
addressobjects

Now with the address objects created, we can start on the VPN configuration. The Sonicwall has a static IP, the PFSense does not. It easier to get the tunnel up if we use domain names for the IKE IDs. I created a dynamic DNS name with NO-IP.org to use on the PFSense side.
general

For the network config I select the network on the Sonicwall side for the local network which is the X2 subnet, and for the remote networks, I select the address object group.
network

IKE proposals and lifetimes for the phase1 and phase2 policies on both sides need to match.
Proposals

On the advance tab just leave at default.
advanced

Now on the PFSense side you create a phase1 policy then phase2 policies for the 2 local networks.
PFtunnels

generalPF

Phase1PF

Phase1PF2

advancedPF

Next, create a phase2 policy.
Phase2PF

Phase2PF2

I enter in a host on the sonicwall side for the PFsense to ping to keep the tunnel up.
Phase2PF3

Now with any luck you should have green dots.
greendots