Hey guys. I’m a big fan of Ubiquiti hardware and pfSense and I found a great use for Edgerouter X’s.
If you want to test out a site to site VPN and configure the firewalls with the real static ip address you’re going to use in production, you can do it off-line the following way:
- Set up the Edgerouter X with each interface separate.
- Assign the static IP range of your firewall to the interface.
- Do the same for each additional static IP for each other firewall, assigning 1 interface per static.
- Create a ruleset allowing all traffic to all interfaces.
This will allow you to set up several pfSense routers for example with site to site VPNs already configured with the correct static IPs and not have to change anything.
Hope the process is clear and that it helps some folks out. Thanks all!
Hi, Can you provide a drawing? A site to site VPN can only connect 2 branch offices?
Hey Mariem56, sorry I just saw this here. I’m not much for drawing, sorry! 5 year olds with crayons have better skills than me in that arena. The use case for me was two branch offices that needed new firewalls with a site to site VPN between each. I took a brand new edgerouter out of the box, set up eth1 with a static IP address which was the gateway IP for site 1. I then set up eth2 with the static gateway address of site 2. Then, when I hooked up the two firewalls, set their WAN addresses to their appropriate static IP addresses, the firewalls thought they were online. I was then able to set up OpenVPN and test it without having to be on-site at the customers location since the Edgerouter was able to simulate the Internet for me. Does that make better sense?
How about the performance? We have a branch office also and always do a remote assistance but maybe setting up VPN is the standard?