User Tools

Site Tools


pfsense:kiss

Security KISS

Create account

Go to Security KISS website and create an account.

Get openVPN certificates

Login to your client area and download archive from this link: https://www.securitykiss.com/panel/download/linux.

Unpack downloaded archive. You should get files:

Now you are ready to setup your pfsense router.

pfSense router setup

Import certificates

Go to System –> Cert Manager

Create new CA authority:

  • Put descriptive name (eg. KISS).
  • Copy and paste certificate from ca.crt file you have downloaded before.

  • Save

Go to Certyficates tab, and import certificates:

  • Method: Import an existing certificate.
  • Put descriptive name (eg. Security KISS).
  • Copy and paste certificate from client.crt into Certificate data.
  • Copy and paste certificate from client.key into Private key data.

  • Save

Create openVPN connection

Go to VPN –> OpenVPN and click on Client tab.

Add a client

  • Disabled: Untick the box to enable client.
  • Server mode: Peer to Peer (SSL/TSL).
  • Protocol: UDP (or TCP depends the KISS server you want to use).
  • Device mode: tun.
  • Interface: WAN.
  • Server host or address: IP of Security KISS vpn server.
  • Server port: Port of Security KISS vpn server.
  • Description: A descriptive name (eg. Security KISS).
  • TLS Authentication: Untick the box.
  • Peer Certificate Authority: Choose the one you created in previous step.
  • Client Certificate: Choose the one you created in previous step.
  • Encryption algorithm: BF-CBC (128-bit).
  • Hardware crypto: No Hardware Crypto Acceleration.
  • Compression: Tick the box.

  • Save

:!: Now you need to observe the log. To ensure you are connected to Security KISS VPN server. Please ensure everything is fine before you proceed. This point is critical. :!:

Create an interface

Go to Interfaces –> Assign and add new interface.

Configure an interface

Go to Interfaces and configure newly added interface:

  • Enable: Tick the box.
  • Description: Use meaningful description.

Configure NAT

Go to Firewall –> NAT and click on Outbound tab.

  • You need to use Manual Outbound NAT rule generation.
  • Click on Save and the rules set will be generated.

Configure Firewall

Go to Firewall –> Rules.

Create new rule on OpenVPN tab

Create new rule on KISS tab

Tips and Tricks

Prevent changing your default gateway

If you do not want KISS to make itself a default gateway for your router, you just need to add route-nopull parameter to your openVPN client.

Go to VPN –> OpenVPN and click on Client tab. Now edit your client. Scroll to the very bottom and modify settings:

Create new rule on LAN tab

The best way to redirect your traffic through newly created VPN tunnel is:

Create aliases

Go to Firewall –> Aliases.

Create new rule on LAN tab

Go to Firewall –> Rules.

Create new rule:

From now on the traffic from hosts listed in aliases will be redirected through KISS openVPN tunnel.

All done. Test now.

You should have working Security KISS right now. Make sure everything is working as intended by checking your external IP. Eg. go to google.com and search for “IP”.

pfsense/kiss.txt · Last modified: 2014/06/28 02:49 (external edit)