Author: bodomenke

On-demand VPN for iOS & macOS with IPsec PSK (IKEv2) on pfsense with fire­wall DNS and traf­fic fil­ter­ing for VPN clients

When try­ing to imple­ment an IPsec based VPN on pfsense for iOS and macOS clients I was strug­gling with a num­ber of prob­lems. Espe­cial­ly ini­tial tun­nel con­nec­tion, authen­ti­ca­tion, DNS via VPN tun­nel, on-demand VPN con­nec­tions for iPhone and Mac, and rout­ing all VPN client’s traf­fic through the tun­nel were issues I could­n’t quick­ly find answers on the web. 

On sep­a­rate issues I found numer­ous answers — some­times con­tra­dict­ing each oth­er — and all of this were scat­tered on var­i­ous web­sites. For this rea­son I decid­ed to write down some con­fig­u­ra­tion instruc­tions so that oth­ers hav­ing sim­i­lar issues and myself can com­pre­hend and repro­duce a work­ing setup.

The instruc­tions are main­ly based on screen­shots show­ing the para­me­ters required for pfsense IPSec work­ing with iOS. I rec­om­mend to close­ly align with it. I did not include many com­ments, since those could have grown very extensive.

This con­fig­u­ra­tion is test­ed with iOS12 and iOS13 and pfsense 2.4.4‑RELEASE-p3 (arm) FreeB­SD 11.2‑RELEASE-p10.

Open the doc­u­ment on Google Doc and leave any com­ments here, if you were suc­cess­ful (or not). 🙂