Mobile IPsec on Pfsense

You can connect a number of devices to pfSense 2.0 using IPsec, most notably Android (Phones and Tablets) and iOS (iPhone, iPad, iPod Touch, etc) devices but anything that is capable of IPsec will typically work. This document covers the most common setup for mobile devices, which is IPsec using Xauth and a mutual Pre-Shared Key.

1. IPsec Server Setup

This is the setup for the pfSense side of the connection
#Mobile Clients

Setup Debian netboot server on Synology

1. Install dnsmasq

Before installing dnsmasq, install optware if you haven’t done so (see [1]). Then install dnsmasq via ipkg:

ipkg install dnsmasq

2. Configuration

Edit dnsmasq.conf in /opt/etc, the following is sample config (or check the original example [2]):

# DHCP IP range and lease
dhcp-range=192.168.0.100,192.168.0.200,255.255.255.0,12h
dhcp-leasefile=/opt/var/lib/dnsmasq.leases
# DHCP Fixed IP settings
dhcp-host=XX:XX:XX:XX:XX:XX,192.168.0.101
# DHCP gateway option
dhcp-option=option:router,192.168.0.1
# DHCP dns option, if you don't want to use dnsmasq's DNS service
dhcp-option=option:dns-server,8.8.8.8,4.4.4.2
 
# PXE boot options
dhcp-boot=pxelinux.0
enable-tftp
tftp-root=/volume1/netboot

3. Prepare tftp root directory

The above configuration sets the root directory for tftp server to /volume1/netboot. If it is not there already, create it and put Debian netboot files ([3]) there.

mkdir /volume1/netboot
wget –O - http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/netboot.tar.gz | tar xzf -