Pfsense site to site scalability

Hi all

What are your experiences with site to site VPN’s using pfsense.

I am looking into the feasibility of rolling out pfsense with approx 200 remote sites connecting to a HQ.

Can pfsense scale this high with the right hardware? Looking for some real world feedback rather than spec sheets

Yes, but I would recommend contacting Netgate sales to get that size of a project properly scoped out.

The best solution I have come across for this is DMVPN deployed on Cisco routers. The beauty with this solution is that you’ll be able to use the basically the same config for DMVPN on all the spokes. The hubs will need to be right sized based on tunnel count and encrypted bandwidth. The spokes can be much smaller routers.

Personally I deployed this for a company with around 325 sites. I used Cisco 4331s for hubs and 4321s for spokes. You could go real cheap on this if you used 1800s and could go without support.

There are more modern ways to do this today, but DMVPN is still much better than managing a ton of IPSec tunnels individually.