In this lab, you will learn how to configure a Virtual Private Network (VPN) to establish a secure and encrypted connection over a public or untrusted network. You will explore the different types of VPN protocols, including PPTP, L2TP, SSTP, IPsec, and OpenVPN.

You will then dive deeper into the anatomy of IPsec, learning about the Authentication Header (AH) protocol, the Encapsulation Security Protocol (ESP), and the different modes of IPsec, including tunnel mode and transport mode.

Lab Objectives

  • Configure a site-to-site (tunnel mode) VPN between two networks using IPsec on the pfSense firewall
  • Create a remote access VPN (transport mode) using OpenVPN on the pfSense firewall
  • Understand the different types of VPN protocols and their characteristics
  • Learn about the anatomy of IPsec and its different modes

What to Expect

In this lab, you will work with the pfSense firewall to configure a site-to-site VPN and a remote access VPN. You will learn how to use IPsec and OpenVPN to establish secure and encrypted connections over a public or untrusted network.

By the end of this lab, you will have a deeper understanding of VPN protocols and how to configure them on a pfSense firewall. You will also have hands-on experience with IPsec and OpenVPN and be able to apply your knowledge to real-world scenarios. 

Lab Questions and Answers: 1.1 Core Concepts

1. What are the key benefits that a Virtual Private Network (VPN) provides to users?

A. Faster internet connection.

B. Unrestricted access to all websites.

C. Secure and encrypted connection over public networks.

D. Improved network performance.

Answer: C

2. Which VPN protocol is primarily used on Windows and often employs an insecure authentication method and an outdated streaming cipher?

A. L2TP

B. OpenVPN

C. SSTP

D. PPTP

Answer: D

3. Which mode of IPsec is used to secure peer-to-peer connections, encapsulating only the data within the IP packet?

A. Tunnel mode

B. Transport mode

C. Site-to-Site mode

D. Point-to-Point mode

Answer: B

4. What is the purpose of IKE Phase 1 in IPsec connections?

A. Authenticating the parties involved.

B. Encrypting data and passing it through the VPN tunnel.

C. Monitoring VPN tunnel states.

D. Establishing a connection trigger.

Answer: A

Lab Questions and Answers: 1.2 Guided Exercise

1. What protocol does the pre-configured rule on the WAN interface of the Site-A and Site-B firewalls allow?

Answer: ICMP



2. What is the P2 Protocol used in the IPsec tunnel configuration on the Site-A firewall?

Answer: ESP

3. According to the IPsec status page for the activated VPN tunnel, what is the complete Host Address for the local host?

Answer: 198.51.100.3:500

4. According to the IPsec status page for the activated VPN tunnel, what is the 3rd algorithm listed in the Algor field?

Answer: PRF_HMAC_SHA2_256

Lab Questions and Answers: 1.3 Challenge Exercise

1. What is the flag for this challenge?

Answer: VPNVIP!

Conclusion

Congratulations on completing the hands-on lab on configuring a site-to-site VPN using IPsec In this lab, you learned how to configure a site-to-site VPN tunnel between two networks using IPsec on the pfSense firewall.
You successfully configured the Site-A and Site-B firewalls to establish a secure and encrypted connection over the Internet. You also tested the VPN tunnel by pinging the Linux-B host from the Linux-A host and vice versa.
Key Takeaways
  • Configuring a site-to-site VPN using IPsec requires careful planning and configuration of the firewalls on both sides of the tunnel.
  • IPsec uses two tunnels: one for authentication (IKE Phase 1) and one for encryption (IKE Phase 2).
  • Firewall rules must be configured to allow traffic over the IPsec tunnel.
  • Testing the VPN tunnel is crucial to ensure that it is working correctly.
Configuring a site-to-site VPN using IPsec can be a complex task, but with practice and patience, you can master it. Remember to always follow best practices and security guidelines when configuring a VPN tunnel.