Tutorial: How to Configure IPSec Site-to-Site VPN Tunnel on OPNsense?

Dear OPNsense community,

IPSec is a collection of communication protocols that provide secure connections over a network. The phrase “IPsec” is an abbreviation where “IP” represents “Internet Protocol” and “sec” represents “secure.”

OPNsense provides VPN connectivity for both branch offices and remote users (Road-Warrior). Setting up a single, secure private network that connects several branch offices to a central location is simply accomplished using the OPNsense web user interface.

This guide will explain the process of configuring an IPsec site-to-site VPN tunnel using an OPNsense firewall.

Best Regards,

Zenarmor Team

I can’t think of any reason to prefer IPSec over Wireguard or OpenVPN for S2S VPN between OPNSense boxes.

It’s way more convoluted to set up and performs worse than both.

1. I needed IPSec because the main office router doesn’t support wireguard
2. IPSec is very close to wireguard in terms of performance. OpenVPN is not.

You may find WireGuard and OpenVPN tutorials below:

https://www.zenarmor.com/docs/network-security-tutorials/how-to-setup-wireguard-on-opnsense

https://www.zenarmor.com/docs/network-security-tutorials/how-to-install-openvpn-with-mfa-in-opnsense

1. I needed IPSec because the main office router doesn’t support wireguard

Quoting me: S2S VPN between OPNSense boxes.

Connecting routers that don’t support either Wireguard or OpenVPN is the only good reason to use IPSec on OPNSense.