User Tools

Site Tools


pfsense:openvpn

OpenVPN Server

Prerequisites

Go to System –> Packages and install:

  • OpenVpn Client Export Utility

Server configuration

CA certificate

Go to System –> Cert Manager –> CAs and create Certificate Authority for your OpenVPN server:

Click Save and verify that your CA certificate looks similar to this:

Create VPN User

Go to Systems –> User Manager and create your OpenVPN user:

Do not forget to create certificate for the user.

OpenVPN Wizard

Now go to VPN –> OpenVPN –> Wizard. The wizard will help you to configure your OpenVPN server.

  • Type of Server: Local User Access

Click Next

  • Certificate Authority: My-OpenVPN (generated earlier)

Click Next

  • Certificate: my-vpnuser (generated for earlier)

Click Next

  • Interface: WAN
  • Protocol: UDP (or TCP if you prefer)
  • Local port: 1194 (or any other if you prefer)

  • Tick: TLS Authentication
  • Tick: Generate TLS Key
  • DH Parameters Length: 2048 bit (do not use smaller)
  • Encryption Algorithm: AES-256-CBC (256-bit) (or stronger)
  • Auth Digest Algorithm: SHA1 (160-bit) (or stronger)

  • Tunnel Network: 10.0.10.0/24 (or any other reserved for your VPN)
  • Local Network: 192.168.1.0/24 (put your LAN network here)
  • Concurrent Connections: 10 (use 10 connections in case one is dropped)

  • Tick: Dynamic IP
  • Tick: Address Pool

Finally click Next

  • Tick: Firewall Rule
  • Tick: OpenVPN Rule

Click Next

:-D You have configured your OpenVPN Server! Click Finish.

Exporting VPN setings

Now it is time to Export OpenVPN client settings. Go to VPN –> OpenVPN –> Client Export

:!: Please note: Do not forget to tick Use a password to protect the pkcs12 file….

Click on Archive in Client Install Packages and save the file.

Linux client configuration

  • Uzip pfsense-udp-1194-<user>-config.zip file.

  • Open Network Management Settings
  • Click Import and choose previously saved pfsense-udp-1194-<user>.ovpn file

  • Key password: key password from export and Store
  • Username: my-vpnuser
  • Password: my-vpnuser password and Store

Click OK and you are done.

Troubleshooting

Client cannot connect

  • Check Firewall Rules. If your last WAN rule is set to drop everything, it may be the case, that OpenVPN Wizard has put its rule even lower. In that case just move the rule before “Drop All”.
pfsense/openvpn.txt · Last modified: 2015/02/28 01:12 by abadonna