pfSense Plus Logo White

It’s All in the Applications

pfSense Plus is a powerful product with a rich set of add-in packages that allow customers to tailor it to almost any edge or cloud secure networking need. We have conveniently grouped its capability set into the five most commonly needed applications.

Get pfSense+

Programmers working in a software development company office.

What is a VPN?

A Virtual Private Network (VPN) provides secure network connections to traverse a public network, like the Internet. VPNs encrypt your internet traffic and conceal your online identity in real-time, making it more difficult for third parties to track your online activity or steal your data. There are two basic kinds of VPNs: remote-access and site-to-site.

For businesses, remote-access VPNs enable employees working anywhere to securely connect to the company’s local area network (LAN) via a VPN gateway, as if the employee was physically or wirelessly plugged into the LAN. A remote-access VPN requires the employee’s device to be equipped with client software which communicates with the VPN gateway, authenticates you as a remote user, and creates a secure tunnel between the employee device to the LAN. Consumers can also use VPNs for secure connections to a far-end destination by using a commercial VPN service provider.

Site-to-site VPNs provide secure connections between two or more LANs in different physical locations, using the public internet as a network backbone. There are two types of site-to-site VPNs: Intranet-based and Extranet-based. Intranet-based site-to-site VPNs connect multiple geographically-disparate LANs into a single private network, i.e., a Wide Area Network. Extranet-based site-to-site VPNs enable a company to connect its LAN to LANs within one or more other companies so information can be securely shared between partners, as an example.

pfSense Plus can be configured as a remote-access or site-to-site VPN.

Learn More about VPNs

Woman using laptop while sitting at home.
IPsec
OpenVPN
Wireguard
Site-to-Site & Remote Access VPN
SSL Encryption
VPN Client for Multiple OS's
L2TP/IPsec for Mobile Devices
IPv6 Support
Split Tunneling
Multiple Tunnels
VPN Tunnel Failover
NAT Support
Automatic or Custom Routing
RADIUS / LDAP

VPN Features

IPsec

Internet Protocol Security (IPsec) is a group of protocols used together to set up encrypted connections between devices. It helps keep data sent over public networks secure. IPsec is often used to set up VPNs, where it both encrypts IP packets and authenticates the source from where the packets originated.

More information can be found in our documentation.

Learn More

OpenVPN

OpenVPN is a VPN solution that implements secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

More information can be found in our documentation.

Learn More

Wireguard

WireGuard is an open-source VPN software solution designed with the intent of providing ease of use, high speed performance, and a low attack surface.

More information can be found in our documentation

Learn More

S2 and Remote Access VPN

Site-to-site VPNs allow multiple users' traffic to flow through each VPN tunnel. Remote-access VPNs only allow one user's traffic to travel through each VPN tunnel. pfSense Plus software supports both site-to-site and remote-access VPN capabilities via IPsec or OpenVPN.

More information can be found in our documentation here (IPsec) and here (OpenVPN).

SSL Encryption

Secure Sockets Layer (SSL) is an encryption-based Internet security protocol used to ensure privacy, authentication, and data integrity in Internet communications. OpenVPN is an SSL based VPN.

More information can be found in our documentation.

Learn More

VPN Client for Multiple Operating Systems

OpenVPN supports clients on a wide range of operating systems including all the BSDs, Linux, Android, Mac OS X, iOS, Solaris, Windows 2000 and newer, and even some VoIP handsets.

More information can be found in our documentation.

Learn More

L2TP/IPsec for Mobile Devices

pfSense Plus software supports remote access VPN for a variety of Android and iOS devices. Other clients may work as well.

More information can be found in our documentation.

Learn More

IPv6 Support

OpenVPN can connect a site-to-site tunnel to either an IPv4 address or an IPv6 address, and both IPv4 and IPv6 traffic may be passed inside of an OpenVPN tunnel at the same time. IPv6 is supported both in site-to-site and mobile clients, and it can be used to deliver IPv6 to a site that only has IPv4 connectivity.

IPsec is capable of connecting to a tunnel over IPv4 or IPv6 phase 1 peer addresses, but with some traffic limitations.

More information can be found in our documentation here (OpenVPN) and here (IPsec).

Split Tunneling

Split tunneling allows a user to access dissimilar security domains, e.g., a public network and a local LAN or WAN at the same time, using the same or different network connections.

More information can be found in our documentation.

Learn More

Multiple Tunnels

pfSense Plus software supports the ability to establish multiple VPN tunnels over a single physical interface - useful, for example when securely connecting a number of office locations to one another.

More information can be found in our documentation.

Learn More

VPN Tunnel Failover

pfSense Plus software supports both OpenVPN and IPsec tunnel failover.

More information can be found in our documentation here (OpenVPN) and here (IPsec).

NAT Support

pfSense Plus software supports both OpenVPN and IPsec tunnel failover.

More information can be found in our documentation here (OpenVPN) and here (IPsec).

Automatic or Custom Routing

OpenVPN and IPsec tunnels can be configured using either auto-generated or custom-designed routes.

More information can be found in our documentation.

Learn More

Local User Authentication or RADIUS/LDAP

pfSense Plus software allows for user authentication to be managed either by local user authentication or by RADIUS/LDAP as an authentication source for a VPN.

More information can be found in our documentation here (OpenVPN) and here (IPsec).

Who Needs a VPN?

Young black mother and smiling daughter playing on digital tablet at home

Home Users

IPsec, PPTP, L2TP, and OpenVPN. Many home users use OpenVPN at home to provide secure access to their home network as well as privacy on public networks

Where Should VPNs Be Deployed?

As with firewalls, wherever you have an Internet connection - either for personal incognito or business use, VPN connections are inherently more secure than unencrypted connections. Common deployment locations include the network edge where each of the following connect to the Internet:

  • Home
  • Office
  • Data Center
  • Public Cloud - owned and operated by a third-party cloud service provider
  • Private Cloud - physically located at your organization’s on-site datacenter, or hosted by a third-party service provider

To serve each location (whether physical or virtual) and customer deployment preference, pfSense Plus is available on a turnkey Netgate appliance, a virtual machine instance, and on select public cloud service provider marketplaces.

pfSense-Plus-Deployment-Diagram

What Makes pfSense Plus a Great VPN solution?

easy-to-use

Easy to use

  • User-friendly web interface makes configuration and administration easy - even for users with limited networking knowledge
  • Observe key operating metrics like network utilization, CPU load and disk space usage with built-in Zabbix monitoring
  • Comprehensive documentation and a wealth of YouTube videos for specific assistance
deployment-flexibility

All the features you need

  • Supports the most popular technologies: IPsec.OpenVPN, L2TP, and PPTP
  • Supports remote-access and site-to-site use cases
  • Not just a VPN, also a full firewall and router solution
vpn

Proven reliability and resilience

  • Deployed on hundreds of thousands of Netgate appliances, 3rd party appliances, virtual machines, and cloud instances in every vertical on every continent
  • Highly lauded by customers for reliability and stability
  • Configurable as a High Availability (HA) cluster for business assurance
excellent-solution

Excellent overall solution value

  • Unbeatable combination of feature set (firewall, router, and VPN), price-performance and ease of use
  • Proven dependability for consumers, businesses and service providers 
  • World-class, highly-rated support options for business assurance