Monthly Archives

February 2020

Finally, a pfSense VPN Guide that works!

I’ve been tinkering with IPSec on pfSense for a while, but struggled to find a solution which worked for a range of devices reliably. Happily, I have found a guide which I’ve tested on Windows, Android and iOS.

So thanks to Kliment Andreev for writing this guide.

The only thing I did have to do (and this may be related to my specific config) but I did have to manually add the IPSec rules to the WAN interface.

pfSense WAN Interface rules for IPSec

Here you can see that I have three rules, one which is the ESP traffic, then two UDP rules, where the destination source port is NAT-T and ISAKMP respectively. Note, NAT-T and ISAKMP are ready created protocols so you don’t have to manually define the port rules.


Works to produce a (slightly unstable) HLS stream from an incoming stream, using the NVMPI accelerated encoder.

ffmpeg -hide_banner -re -i -bufsize 16092k -analyzeduration 20000 -probesize 16092 -sn -dn -ignore_unknown -force_key_frames:v “expr:gte(t,n_forced*2)” -map_metadata “-1” -map_chapters “-1” -c:a copy -c:v hevc_nvmpi -num_capture_buffers 8 -x265-params “keyint=50:min-keyint=50:no-open-gop=1:scenecut=0” -level 4.0 -profile:v baseline -preset slow -rc vbr -movflags faststart+frag_keyframe -tag:v hvc1 -f hls -hls_time 2 -hls_list_size 6 -hls_flags delete_segments+append_list+split_by_time -hls_playlist_type event -g 50 /var/www/html/hls/videostream.m3u8

Seems to work fine until there is a network glitch.