Transit Connection to pfSense over the internet.¶
From the Controller go to Transit Network -> Setup -> Launch a Transit VPC GW.
Connect the transit VPC GW to the pfSense. Go to Transit Network -> Setup -> Connect to VGW/External Device. select External Device and input the following parameters.
- BGP Local AS number: ASN of the transit VPC GW
- BGP Remote AS number: ASN of the pfSense
- Remote Gateway IP Address: pfSense WAN Public IP.
Download the configuration by going to Site2Cloud -> Click on the Connection. select generic and Download Configuration and configure on pfSense accordingly.
4. Create an IPsec tunnel in pfSense¶
4.a Login to your pfSense dashboard. 4.b In the VPN menu, select IPsec. 4.c Click + Add P1 4.d Populate the fields according to your preferences. The important fields are (with extra emphasis on a few key fields):
Field Expected Value Key exchange version IKEv1 Remote Gateway Enter the public IP address of the Aviatrix Transit gateway here.
Phase 1 Proposal
Field Expected Value Authentication Method Mutual PSK My identifier WAN port Public IP Peer identifier IP address. Enter the private IP address of the remote Aviatrix Gateway Pre-Shared Key Enter the PSK from the Site2Cloud configuration downloaded at step 3.
Phase 1 Proposal (Algorithms)
Field Expected Value Encryption Algorithm AES - 256 bits Hash Algorithm SHA1 DH Group 2 (1024 bit)
Field Expected Value Disable rekey Unchecked
4.e Click Save 4.d Add a Phase 2 entry and click on save.
5. BGP Configuration on pfSense:¶
- 5.a Click on System -> Package Manager
- Check whether FRR package which is used for BGP configuration is avialable in installed packages or else install it by clicking on available packages and search for FRR
- 5.b Click on Services -> FRR BGP.
Click on Status -> FRR -> BGP to see the BGP routes.