The easiest to configure VPN server is the OpenVPN server included in pfSense. However the does require an OpenVPN client to be installed on any client machine. The VPN will allow connections once the certificate and configuration is transferred to the client.
In order to create a VPN a certificate chain must exist in pfSense, this will be achieved by creating a CA and server certificate in the pfSense GUI.
To create a CA go to System -> Cert. Manager -> CAs and select Add. Set a descriptive name and select 'Create an internal Certificate Authority'. From there fill in the remaining fields and create the CA.
To create the server certificate go to System -> Cert. Manager -> Certificates and select Add/Sign. Set a descriptive name and select 'Create an Internal Certificate', make sure the CA is set to the CA previously created. Fill in the common name and alternate name fields, set certificate type to Server Certificate.
Once the certificates are setup go to VPN -> OpenVPN -> Wizard, select 'Local User Access' and press Next.
In the final tab enable auto-generation of both firewall rules.
Next go to VPN -> OpenVPN -> Servers and select Edit on the created server. Set server mode to 'Remote Access (User Auth)'.
In order to simplify the process of downloading the certificate and configuration needed for the client go to System -> Package Manager -> Available Packages and install 'Client Exporter Plugin'.
Once the package is installed go to VPN -> OpenVPN -> Client Export. Select the Remote Access server, set Host Name Resolution to Other and enter the external hostname used to connect. Enable Use Random Source Port. Once the configuration is complete select Inline Configurations -> Most Clients to download a configuration file with an embedded certificate.
In order to use an LDAP server for authentication instead of pfSense's user go to System -> User Manager -> Authentication Servers and select Add.
To use with FreeIPA a system account needs to be created on the server. For FreeIPA set: