From 10.52 USD

3.27 USD mo.  + 3  Months Extra

10 devices 1 User

See All Plans

30-Day Money-Back Guarantee

Receive a full refund if ApexGuard doesn’t meet your expectations.

Special Offer | Save 60%
GET APEX
GET APEX
Getting Started
Setup guide Frequently asked questions
General Information
Configuration Troubleshooting
Account & Billing
Account Billing
Platforms
Windows macOS Android iOS Linux Extensions Router

Configuring IPFire Firewall to Connect to ApexGuard

Learn how to use ApexGuard

Get started and stay protected

Prerequisites

  1. IPFire (version 2.27 or later).
  2. ApexGuard IKEv2 credentials:
    • Server address (e.g. ikev2.apexguard.com)
    • Pre-Shared Key (PSK), often listed under “Service Credentials” or “Manual Setup.”
  3. Your LAN Subnet (e.g., 192.168.0.0/24).
  4. Access to the IPFire Web UI (usually https://[IP_of_IPFire]:444).

1. Log in to the IPFire Web UI

  1. Open a browser → go to https://[IP_of_IPFire]:444.
  2. Enter your admin credentials.

2. Enable IPsec on IPFire

  1. In the top menu, go to FirewallIPsec.
  2. If the IPsec subsystem is stopped, click Start or Enable.

3. Add a New IPsec Connection

  1. Under IPsec, find Connection Status and Control.
  2. Click Add (or New IPsec connection).

4. Basic Connection Settings

  1. Connection name: Enter something like ApexGuard-PSK.
  2. Local Subnet:
    • If you want all LAN traffic to go through ApexGuard, leave this as your LAN subnet (e.g., 192.168.0.0/24).
  3. Remote Subnet:
    • If ApexGuard supports sending “all traffic,” you might set it to 0.0.0.0/0.
    • Some providers just require 0.0.0.0/0 for a full-tunnel.
  4. Gateway (Remote host/IP): ikev2.apexguard.com (or whichever server domain or IP your account shows).

5. Authentication Method: Pre-Shared Key

  1. Under Authentication Method, select PSK (Pre-Shared Key).
  2. Pre-Shared Key: Copy/paste your key from ApexGuard.

(If ApexGuard also gave you a username/password for XAUTH/EAP, see Guide 2.)

6. Phase 1 & Phase 2 (IKE & ESP) Settings

  • Phase 1 (IKE proposal): For a typical setup, pick a strong cipher set like aes256-sha256-modp2048 or as recommended by ApexGuard.
  • Phase 2 (ESP proposal): Similar approach (e.g. aes256-sha256).
  • Key lifetime: Common defaults: 28800s (IKE), 3600s (ESP). Match ApexGuard’s suggestions if they have them.

7. Save & Start the Connection

  1. Click Save.
  2. On the IPsec overview, your new connection ApexGuard-PSK appears.
  3. Toggle it Enabled and click Save or Start to bring it up.

8. Verify the Tunnel

  1. Check the Connection Status under IPsecConnection Status and Control.
  2. A successful tunnel typically shows Established or Connected.
  3. Go to LogsSystem LogsIPsec to see “IKE negotiation successfully completed” or similar.

9. NAT (If Needed)

  • Many home setups have the LAN behind IPFire using Masquerading on the RED/WAN interface.

If ApexGuard requires all LAN traffic be NATed through the VPN, you may add a custom firewall rule:

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ipsec0 -j MASQUERADE
  • Replace:
    • 192.168.0.0/24 with your LAN.
    • ipsec0 with the actual IPsec interface name (sometimes ipsec1 or similar).

10. Test Your Connection

  1. From a LAN device (e.g., a PC at 192.168.0.x), go to “What’s my IP” or the ApexGuard dashboard.
  2. If everything is correct, you’ll see your public IP is the ApexGuard IP, confirming all traffic is going through the tunnel.

Was this article helpful?

Thank you, you're making us better!

Related articles

EdgeRouter and Ubiquiti Setup with ApexGuard Setting Up ApexGuard on AsusWRT-Merlin Firmware Setting Up ApexGuard on TP-Link Routers Which Router Should I Use with ApexGuard?