Prepare your Alibaba Cloud VPC
Before you start creating VPN Gateway and other necessary components you need to have already configured Alibaba Cloud VPC with VSwitches and Route Tables etc. Alibaba Cloud VPC details are listed below.
Prerequisites
The following conditions must be met before you deploy a VPN Gateway and should design your Alibaba VPC accordingly.
The Remote Site (On-Prem Data Center / Office) and the Alibaba Cloud VPC are not using the same Private CIDR Block Address Range.
Alibaba Cloud – VPC – IPv4 CIDR Block
Alibaba Cloud – VPC – VSwitches (Network Subnets)
Alibaba Cloud – VPC – Route Table
Steps to connect Alibaba Cloud VPC to pfSense Open Source Firewall via Site to Site IPSec VPN
- Create VPN Gateway
- Create Customer Gateway
- Create IPSec Connection
- Configure pfSense Firewall for the above configuration
- Configure routing for both directions
1. Create VPN Gateway
VPN Gateway is created and running normally.
2. Create Customer Gateway
3. Create IPSec Connection
In this scenario, I have used IKEv1. Therefore in the pfSense Firewall side also should use IKEv1.
Once you click Ok it will push configuration to the VRouter of your Alibaba Cloud VPC.
4. Configure pfSense Firewall for IPSec configuration
pfSense Phase 1, Configuration
pfSense Phase 2, Configuration
Now IPSec Tunnel between Alibaba VPC and pfSense Firewall is established. But in order to communicate with each other, We need to update the Alibaba VPC Route Table.
5. Configure routing for both directions
In pfSense Firewall all you need to do is mention the Remote Network Subnet which is configured in pfSense Phase 2, Configuration section.
Configure Routes in Alibaba VPC Route Table
Status of the IPSec VPN Connection
* Screenshots captured from Alibaba Cloud Console on Oct 20, 2019.
