# pfSense VPN site to site avec OPENVPN en L2 TAP en Shared KEY

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/XWLcJAeanYPGuSak-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/XWLcJAeanYPGuSak-image.png)

### <span style="color: rgb(224, 62, 45);"><span style="text-decoration: underline;">PARTIE SERVEUR</span> </span>

Mise en place du serveur VPN sur pfSense

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/rqpOLOHKw1D78Hcq-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/rqpOLOHKw1D78Hcq-image.png)

Configuration du openVPN "Server":

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/zxz4vBSpt4YdgDBY-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/zxz4vBSpt4YdgDBY-image.png)

Sélectionnez "tap - Layer 2 Tap Mode" dans le "Mode Configuration"

Modifier le "Server mode" en "Peer to Peer ( Shared Key )"

( attention cette configuration ne sera plus supportée sur les futures versions il est recommandé un certificat )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/EUZSgJXzNNGeHUQy-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/EUZSgJXzNNGeHUQy-image.png)

Configuration du port utilisé pour le VPN dans "Endpoint Configuration"

( Il est recommandé de modifier le port par défaut )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/KWpT0sSOIIVN9V1x-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/KWpT0sSOIIVN9V1x-image.png)

Configuration "IPv4 Tunnel Network" du "Tunnel Settings"

( ce réseau va être utilisé uniquement pour openVPN et n'aura pas d'impact sur le réseau )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/0jJUoxP6sJYZtiNS-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/0jJUoxP6sJYZtiNS-image.png)

Pouvez sauvegarder la configuration

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/JV2wHPul9vbDnArp-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/JV2wHPul9vbDnArp-image.png)

Une fois sauvegardée ça nous donne :

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/fxAF0vY5SxhUAtJ3-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/fxAF0vY5SxhUAtJ3-image.png)

Configuration du openVPN "Client Specific Overrides":

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/FdAXPXtaJV8tPXSE-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/FdAXPXtaJV8tPXSE-image.png)

Donner un nom "VPN" dans "Commun Name" dans "Override Configuration"

[![2023-10-08_18h16_15.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/IUaocAOwbo5DyBHI-2023-10-08-18h16-15.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/IUaocAOwbo5DyBHI-2023-10-08-18h16-15.png)

Configuration "IPv4 Tunnel Network" du "Tunnel Settings"

Pour "IPv4 Tunnel Network" mettez l'adresse IP de votre réseau local qui sera lié à votre VPN

( pour le reste vous pouvez le laisser comme dans le tutoriel ça n'aura pas d'impact sur le réseau )

[![2023-10-08_18h18_01.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/n9L8601WbaUwGmr1-2023-10-08-18h18-01.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/n9L8601WbaUwGmr1-2023-10-08-18h18-01.png)

Pouvez sauvegarder la configuration

[![2023-10-08_18h10_55.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/8TRafRA6w9j7qVUy-2023-10-08-18h10-55.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/8TRafRA6w9j7qVUy-2023-10-08-18h10-55.png)

Une fois sauvegardée ça nous donne :

[![2023-10-08_18h22_24.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/pF8bzPh80gxTOp3c-2023-10-08-18h22-24.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/pF8bzPh80gxTOp3c-2023-10-08-18h22-24.png)

Configurations des interfaces réseau

Allez dans "Interfaces" et ensuite dans "Assignments"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/xASeylgrUeeI8qAh-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/xASeylgrUeeI8qAh-image.png)

Ajouter la nouvelle interface disponible liée au VPN "ovpns1"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/iCsuZlY2Q5Hlxu1Y-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/iCsuZlY2Q5Hlxu1Y-image.png)

Aller sur la nouvelle interface "OPT1"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/kQU76BEhfF0u9Tk1-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/kQU76BEhfF0u9Tk1-image.png)

Activer l'interface via "Enable interface" et ajouter une description (le nom)

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/uuskl1KaYr6sgTfB-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/uuskl1KaYr6sgTfB-image.png)

Pouvez sauvegarder la configuration

[![2023-10-08_18h10_55.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/CLMmLwVGDuLkKymQ-2023-10-08-18h10-55.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/CLMmLwVGDuLkKymQ-2023-10-08-18h10-55.png)

Appliquer les changements

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/62lN5cdQCCxA71ED-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/62lN5cdQCCxA71ED-image.png)

[![2023-10-08_18h29_37.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/kje62EqMGrLFQW74-2023-10-08-18h29-37.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/kje62EqMGrLFQW74-2023-10-08-18h29-37.png)

Retourner dans "Interfaces" et ensuite dans "Assignments"

[![2023-10-08_18h23_27.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/4Iq2l9nuiw7yM1H7-2023-10-08-18h23-27.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/4Iq2l9nuiw7yM1H7-2023-10-08-18h23-27.png)

Allez dans la partie "Bridges"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/WwbgOudvb8M8ciHu-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/WwbgOudvb8M8ciHu-image.png)

Créer un "Bridges" entre l'interface du réseau local et l'interface du VPN

( pour cela vous avez juste à sélectionner les deux interfaces réseaux )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/J0QDMfvv4W3ox8mz-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/J0QDMfvv4W3ox8mz-image.png)

Ce qui nous donne cela:

[![2023-10-08_18h33_33.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/Y877U9Nty0JI9ckM-2023-10-08-18h33-33.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/Y877U9Nty0JI9ckM-2023-10-08-18h33-33.png)

Configuration des règles de "Firewall" dans "Firewall" et ensuite dans "Rules"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/tWfVfvE51iXN32t8-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/tWfVfvE51iXN32t8-image.png)

WAN:

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/aDd7YX7UxXji82hT-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/aDd7YX7UxXji82hT-image.png)

Ajout de la règle pour faire passer le trafic du VPN sur Internet (WAN)

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/0jpcZYrARxIKqPtV-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/0jpcZYrARxIKqPtV-image.png)

OVPNLINK:

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/0Ak7ZG3gsB26rOZw-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/0Ak7ZG3gsB26rOZw-image.png)

Ajout de la règle pour faire passer le trafic entre le VPN et le réseau

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/fGZt5PgfCiDHaHCk-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/fGZt5PgfCiDHaHCk-image.png)

Ajout de la règle pour bloquer le trafic du DHCP sur le réseau via le VPN

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/dOmydHHnvOaPJnXn-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/dOmydHHnvOaPJnXn-image.png)

OpenVPN:

[![2023-10-08_19h33_06.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/luutVRrMeQ0H1HmG-2023-10-08-19h33-06.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/luutVRrMeQ0H1HmG-2023-10-08-19h33-06.png)

Ajout de la règle pour faire passer le trafic entre le VPN et le réseau

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/4Crqz4W1J2pRgk97-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/4Crqz4W1J2pRgk97-image.png)

### <span style="text-decoration: underline;"><span style="color: rgb(224, 62, 45); text-decoration: underline;">PARTIE CLIENT</span></span>

Mise en place du client VPN sur pfSense

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/RElxmflggsSS8aBn-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/RElxmflggsSS8aBn-image.png)

Configuration du openVPN "Clients":

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/pcFexLtFYLuHH8PG-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/pcFexLtFYLuHH8PG-image.png)

Sélectionnez "tap - Layer 2 Tap Mode" dans le "Mode Configuration"

Modifier le "Server mode" en "Peer to Peer ( Shared Key )"

( attention cette configuration ne sera plus supportée sur les futures versions il est recommandé un certificat )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/EUZSgJXzNNGeHUQy-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/EUZSgJXzNNGeHUQy-image.png)

Configuration du port utilisé pour le VPN dans "Endpoint Configuration" et dans "Server host or address" mettait l'adresse IP de votre serveur openVPN.

(l'adresse IP public de votre routeur pfSense configurait auparavant)

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/TTWzRGnSVoiAnv0T-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/TTWzRGnSVoiAnv0T-image.png)

Ajouter la clé pré partagée qui a été générée sur le serveur openVPN

Mettez la dans "Cryptographic Settings" en suite "Shared Key"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/8hl6riT8CbiOTIjx-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/8hl6riT8CbiOTIjx-image.png)

Configuration "IPv4 Tunnel Network" du "Tunnel Settings"

Pour "IPv4 Tunnel Network" mettez l'adresse IP de votre réseau local qui sera lié à votre VPN

( pour le reste vous pouvez le laisser comme dans le tutoriel ça n'aura pas d'impact sur le réseau )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/Xivzm09KGGochPz7-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/Xivzm09KGGochPz7-image.png)

Pouvez sauvegarder la configuration

[![2023-10-08_18h10_55.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/8ry6q4DrwjVrLCrO-2023-10-08-18h10-55.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/8ry6q4DrwjVrLCrO-2023-10-08-18h10-55.png)

Une fois sauvegardée ça nous donne :

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/MM7e3jAAokwdZs3Q-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/MM7e3jAAokwdZs3Q-image.png)

Configurations des interfaces réseau

Allez dans "Interfaces" et ensuite dans "Assignments"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/xASeylgrUeeI8qAh-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/xASeylgrUeeI8qAh-image.png)

Ajouter la nouvelle interface disponible liée au VPN "ovpns1"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/sntue26q4hH1Www5-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/sntue26q4hH1Www5-image.png)

Aller sur la nouvelle interface "OPT1"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/kQU76BEhfF0u9Tk1-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/kQU76BEhfF0u9Tk1-image.png)

Activer l'interface via "Enable interface" et ajouter une description (le nom)

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/uuskl1KaYr6sgTfB-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/uuskl1KaYr6sgTfB-image.png)

Pouvez sauvegarder la configuration

[![2023-10-08_18h10_55.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/CLMmLwVGDuLkKymQ-2023-10-08-18h10-55.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/CLMmLwVGDuLkKymQ-2023-10-08-18h10-55.png)

Appliquer les changements

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/62lN5cdQCCxA71ED-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/62lN5cdQCCxA71ED-image.png)

[![2023-10-08_18h29_37.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/kje62EqMGrLFQW74-2023-10-08-18h29-37.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/kje62EqMGrLFQW74-2023-10-08-18h29-37.png)

Retourner dans "Interfaces" et ensuite dans "Assignments"

[![2023-10-08_18h23_27.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/4Iq2l9nuiw7yM1H7-2023-10-08-18h23-27.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/4Iq2l9nuiw7yM1H7-2023-10-08-18h23-27.png)

Allez dans la partie "Bridges"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/WwbgOudvb8M8ciHu-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/WwbgOudvb8M8ciHu-image.png)

Créer un "Bridges" entre l'interface du réseau local et l'interface du VPN

( pour cela vous avez juste à sélectionner les deux interfaces réseaux )

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/fIImURImTOtDReP8-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/fIImURImTOtDReP8-image.png)

Configuration des règles de "Firewall" dans "Firewall" et ensuite dans "Rules"

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/tWfVfvE51iXN32t8-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/tWfVfvE51iXN32t8-image.png)

WAN:

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/aDd7YX7UxXji82hT-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/aDd7YX7UxXji82hT-image.png)

Ajout de la règle pour faire passer le trafic du VPN sur Internet (WAN)

[![2023-10-08_19h34_22.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/W0Eobxo1mVvyuo8h-2023-10-08-19h34-22.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/W0Eobxo1mVvyuo8h-2023-10-08-19h34-22.png)

OVPNLINK:

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/0Ak7ZG3gsB26rOZw-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/0Ak7ZG3gsB26rOZw-image.png)

Ajout de la règle pour faire passer le trafic entre le VPN et le réseau

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/fGZt5PgfCiDHaHCk-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/fGZt5PgfCiDHaHCk-image.png)

Ajout de la règle pour bloquer le trafic du DHCP sur le réseau via le VPN

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/dOmydHHnvOaPJnXn-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/dOmydHHnvOaPJnXn-image.png)

OpenVPN:

[![2023-10-08_19h33_06.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/luutVRrMeQ0H1HmG-2023-10-08-19h33-06.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/luutVRrMeQ0H1HmG-2023-10-08-19h33-06.png)

Ajout de la règle pour faire passer le trafic entre le VPN et le réseau

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/4Crqz4W1J2pRgk97-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/4Crqz4W1J2pRgk97-image.png)

<span style="text-decoration: underline;">Contrôle de la connexion du VPN entre les deux routeurs</span>

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/FJOUV9yhUhapmBg1-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/FJOUV9yhUhapmBg1-image.png)

DEPUIS LE SERVEUR

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/fmb1jm8g3V6J45lC-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/fmb1jm8g3V6J45lC-image.png)

DEPUIS LE CLIENT

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/jbAMgjRCsEPfD5X8-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/jbAMgjRCsEPfD5X8-image.png)

 Pour continuer le test nous pouvons effectuer un "ping" entre les deux sites

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/sShz1CumtRLZbhDi-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/sShz1CumtRLZbhDi-image.png)

[![image.png](https://know.app.slaunay.com/uploads/images/gallery/2023-10/scaled-1680-/pekIjq0gn4ciSpne-image.png)](https://know.app.slaunay.com/uploads/images/gallery/2023-10/pekIjq0gn4ciSpne-image.png)