would like to give a How to Create a remote user VPN Tunnel on Pfsense 2.0 Beta
1. Install pfsense2.0 Beta.I think getting into the detail is out of the scope of this tutorial
2. First lets generate certificates.
Section (A)
Go to
System-> Cert Manager ->on ca Tab Click add
Descriptive Name ca
Method = Create an internal Certificate Authority
Key Length = 2048 bits
lifetime = 3650 days
Distinguished Name
Country Code US
State or province Austin
City Texas
Organisation My Company
email Address
admin@mycompany.com common name internal-ca
Click Save
You can see a down arrow on the right side. click it and download the certificate
Section (B)
Now move to Certificate tab
Descriptive name server
Method Create an internal certificate
Certificate authority select ca (which we created in step 2 Section (A))
keylength 2048 bits
lifetime 3650 Days
Distinguished name
Country Code US
State or province Austin
City Texas
Organisation My Company
email Address
admin@mycompany.com common name internal-ca (or whatever)
Click Save
You can see two down arrows one is the certificate and other is the key. download them both.
3. Now lets create a VPN tunnel.
On the VPN tab select OpenVPN.Click add botton on the right hand side.
Server Mode Remote Access SSL/TSL
Protocol UDP
Interface WAN
Local Port 1194 (THis is a default port for OpenVPN)
Description Whatever u want
TLS Authentication remove the check box
Peer Certification authority ca(this is the same we created in step2 section (A))
Server Certificate Server(Which we created in Step2 Section (B))
DH Parameters 1024 Bits
Enryption Algorithm BF-CBC (128 Bits) (Choosing this does not require it to mention in ovpn config file we create later on client)
Tunnel Network 10.0.8.0/24 (These ip adddresses will be given to client connection this tunnel)
Local Network the one you are using on LAN.
Compression Check ON Compress tunnelpackets using LZO algorithm
Address Pool check on Provide a virtual adapter IP address to clients
Rest unchecked
click Save
4. Now we need to add a rule on the WAN interface. So go to
Firewall-> Rules->WAN tab
Click the add button on the righthand side.
Action Pass
Interface WAN
Protocol UDP
Source any
Destination any
Destination Port Range Select From OpenVPN to OpenVPN(if you are using any other port than 1194 mention here)
Description whatever you like
Click Save
5. Now we need to add a rule on the LAN interface. So go to
Firewall-> Rules-> Lan tab
Click the add button on the righthand side.
Action Pass
Interface LAN
Protocol any
Source any
Destination any
Destination Port Range
Description whatever you like
Click save
Our Server is up now and ready to accept connections
6. We are on the remote client machine now
Download OpenVPN CLient(for windows ) from here
http://openvpn.net/release/openvpn-2.1.1-install.exe Install it whatever default option
Now Go to C:\Program Files\OpenVPN\config\
Paste here all the certifcates and keys we created in step 2 i.e. (ca.cert, server.cert, server.key)
Now, (We are still in C:\Program Files\OpenVPN\config\)
create a file server.ovpn
Open it in Notepad
Paste the following from #### to ##### into it
####
client
dev tun
proto udp
remote x.x.x.x 1194 #(Where X.x.x.x is the public we configured on the WAN interface of Pfsense2.0)
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert server.crt
key server.key
comp-lzo
pull
verb 3
####
7. Right Click the file Select Start OpenVPN on this config file.
Now you should be able to connect to your Clients behind pfsense from anywhere in the world.(If you have an internet connection available)
8. In case if you would like to add more users to connect to this tunnel.
In Pfsense.Go to System->User Manager->Click on Add Button (remember we have logged in an admin right now)
On User Tab
Username rakesh(whatever you like)
password whatever
full name rakesh veduvar
expiration date leave it blank
group membership select admin move it to the right
click save
Again edit the same user settings, you will find two new options effective priviledges and User Certificates
(Effective priviledges is used to restrict particular user to see or edit everything on pfsense)
In User Certificates Click Add on the right hand side
Descriptive Name rakesh
Certificate Authority ca (The same we have created in Step 2)
keylength 2048 Bits
Lifetime 3650 Days
Click Save
Scroll Down to User Certificates. download the certificate and key.
LOg out
On donalf system install the same OpenVPN Client
repeat the same steps
but thsi time copy ca.crt, rakesh.cert, rakesh.key to C:\Program Files\OpenVPN\config\
Right Click the file Select Start OpenVPN on this config file.
You are on.
IN the same manner you came have many more remote user connecting to network behind pfsense.
I think this will come handy to users new to OpenVPmN and PFsense. and Also those who has shifted from previous versions to Pfsense 2.0 beta
Enjoy
I am using pfsense is India from quite sometime now. I am big fan of it for all it is giving us for free.What I could do in return is help users by doing
this.
THanks PFsense Love you .
pfSense Forum
