Hey guys! Ever wanted to connect two networks securely, like linking your home lab to your office, or maybe just setting up a secure tunnel between two of your locations? Well, you're in the right place! Today, we're diving deep into setting up a site-to-site VPN using OPNSense, inspired by the awesome IIPSec guide. This is a practical, step-by-step guide to get you up and running with a secure and robust VPN connection. Get ready to learn how to securely link your networks, protect your data, and understand the intricacies of VPN configuration. We'll be covering everything from the initial setup to the final testing phase. So, grab your coffee, and let's get started. By the end of this guide, you'll be well-equipped to create your own secure site-to-site VPNs with OPNSense. Ready to jump in?

Understanding Site-to-Site VPNs and Why You Need One

Okay, so what exactly is a site-to-site VPN, and why should you even bother with one? Basically, a site-to-site VPN creates a secure, encrypted connection between two different networks. Think of it like a private tunnel. Data travels securely through this tunnel, which means no prying eyes can eavesdrop on your sensitive information. This is super important if you're dealing with confidential data, remote access to resources, or just want to keep your network traffic private. This kind of VPN is generally used when two locations need to be constantly and reliably connected to each other, such as a company's main office and a branch location. It's different from a remote access VPN, which allows individual users to connect to a network. With a site-to-site VPN, the connection is always up and running, connecting entire networks.

There are several reasons why a site-to-site VPN is a solid choice. Security is a big one. All data transmitted through the VPN is encrypted, keeping it safe from hackers and snoops. Accessibility is another key benefit. It lets you access resources from either network as if they were on the same local network. This is great for sharing files, accessing servers, or running applications across multiple locations. You can seamlessly access your network resources, no matter where you are. This type of VPN is also helpful for network management. Centralized management allows you to control and monitor network traffic between different sites, which improves performance and reduces the chance of downtime. Cost savings can also be realized, particularly in contrast to dedicated leased lines or other expensive connectivity solutions. Furthermore, site-to-site VPNs can improve productivity. Teams located in different offices can collaborate more effectively. You don't have to worry about the security of sending unencrypted data over the open internet. Site-to-site VPNs offer a secure and reliable way to connect networks. If you have multiple locations or need to connect to other networks securely, it is a great choice.

Prerequisites: What You'll Need Before You Start

Alright, before we get our hands dirty with the configuration, let's make sure we've got everything we need. You’ll need a few things to make this work: first, two OPNSense firewalls. You'll set these up at each site. This guide assumes you have basic familiarity with OPNSense. If you're new to OPNSense, take some time to familiarize yourself with the interface and basic setup. Next, you need a public IP address at each site. These are the addresses that your firewalls will use to communicate with each other over the internet. Ensure both OPNSense firewalls have stable internet connections. A reliable internet connection is crucial for a stable VPN tunnel. A pre-shared key (PSK) or certificates are needed for the VPN configuration. Make sure you have the key or certificates ready. Finally, you’ll need to have the network information for both sites. This includes the local network IP address ranges (e.g., 192.168.1.0/24) and the subnet masks. This information is key for routing traffic correctly through the VPN tunnel. Knowing the local network IP ranges and subnet masks is essential to define the networks that will communicate through the VPN. Without this essential info, nothing will work! Remember that you'll have to configure both OPNSense firewalls to ensure the VPN connection works correctly. These are the bare essentials, so be sure you have everything ready before moving on to the next step.

Step-by-Step Guide: Configuring the Site-to-Site VPN

Now for the fun part: the actual configuration! We'll be using IPsec for our site-to-site VPN. IPsec is a widely-used and secure protocol that provides encryption and authentication for network traffic. IPsec is a collection of protocols, not just one. It has different features and algorithms for different aspects of security. This is how the magic happens! We'll break down the setup into several manageable steps.

Step 1: Accessing the OPNSense Web Interface

First, access the web interface of both OPNSense firewalls. Log in using your admin credentials. Make sure you can access the admin panel from both sites. Having access is essential, since you'll be configuring both firewalls independently. Navigate to VPN -> IPsec -> Tunnels -> Add Tunnel. This will be where you start creating the VPN tunnel.

Step 2: Phase 1 Configuration

• General Settings: Start by enabling the tunnel. Select IPv4 as the Internet Protocol. Choose an Interface – this is typically your WAN interface. For Remote Gateway, enter the public IP address of the remote OPNSense firewall. Set the Authentication Method to PSK (Pre-Shared Key). Enter a strong, unique PSK that you'll also use on the other firewall. A strong, complex key is key for a secure VPN. In My identifier, choose