As with IPsec, it is possible to create a site-to-site connection between two pfSense firewalls, although the process is somewhat different than it is with IPsec. The steps in setting up a site-to-site OpenVPN connection are as follows:
- Create a Certificate Authority and Certificates for authentication
- Configure the OpenVPN server on the first firewall
- Create firewall rules to pass OpenVPN traffic on the first firewall
- Import the certificates into the second firewall
- Configure the OpenVPN server on the second firewall
- Create firewall rules to pass OpenVPN traffic on the second firewall
We begin by creating the certificates we will use for authentication. Navigate to System | Certificate Manager ...