![watchguard mobile vpn with ipsec external interface watchguard mobile vpn with ipsec external interface](https://wiseindy.com/wp-content/uploads/2016/01/set-up-shrew-soft-ipsec-vpn-client-watchguard-03.png)
![watchguard mobile vpn with ipsec external interface watchguard mobile vpn with ipsec external interface](https://www.boc.de/watchguard-info-portal/wp-content/uploads/2018/09/2018-09-08_09h55_11.png)
You may share a URL to a blog that answers questions already in discussion.
![watchguard mobile vpn with ipsec external interface watchguard mobile vpn with ipsec external interface](https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/client/images/c_wm-license_data.jpg)
![watchguard mobile vpn with ipsec external interface watchguard mobile vpn with ipsec external interface](https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/images/web_vpn_mvpn-ssl-configuration-dialogbox2.jpg)
Encapsulated security payload (ESP) of IPsec VPN is available in Linux / Unix kernels which is uses by Strongswan in the second phase of VPN. Stongswan uses the OpenSSL implementation of cryptographics algorithms ( such as AES128/256, MD5/SHA1 etc) in the first phase (IKE phase) of IPsec VPN. It provides the internet key exchange (IKE) or automatic sharing of keys among nodes or gateways of IPsec VPN and then uses the Linux/Unix kernel implementation of authentication (AH) and encryption ( ESP). Both phases of IPsec (Key sharing and encryption) is implemented by Strongswan tool on Linux/Unix platforms. PfSense firewall uses an open source tool Strongswan which provides the IPsec VPN functionality. IPSec protocol allows to encrypt and authenticate all IP layer traffic between local and remote location. Cryptographic security mechanism are used in IPsec to protect communications over IP layer. Two components of IPsec protocol are Authentication Header (AH) and Encapsulating Security Payload (ESP) to provide packet integrity, authentication and confidentiality security features. This article is about securing IP layer using Virtual Private Network (VPN) also known as IPsec (Internet Protocol security) on well-known open source firewall PfSense.