Case Study – Using pfSense in the cloud while using Unifi at multiple sites around the world
Our client had Unifi gear at each site around the world – about 6 sites. The client intended to put their servers in the AWS cloud and link each site to the AWS environment. Our objective was to build the AWS environment and link each site to it, allowing each site to access each other site (in most cases) and additional allow remote-access staff to access the AWS environment along with each site.
We placed a pfSense server in AWS and configured it with an IPSec VPN to each site, and we configured remote-access VPN for remote workers using OpenVPN. Clients used Viscosity for the remote-access client software.
The problem we faced is that Unifi doesn’t/didn’t make clear how VPNs are configured. There is no documentation for it, and the settings aren’t available on the configuration screens. We originally intended to use OpenVPN for the site-to-site links, but we simply could not configure the two systems (Unifi and pfSense) with matching settings. We did have luck with IPSec which again was not documented.
The actual settings and walk-through is available here “https://agix.com.au/ipsec-site-to-site-vpn-between-unifi-and-pfsense/”.
With additional routing, firewall rules for inter-network restrictions, and accommodation of sites who’s IP addresses change periodically, we had a fully functional VPN spanning multiple technologies and continents.