pfSense Gold Subscription

Author Topic: How to create an OpenVPN client to StrongVPN  (Read 146905 times)

0 Members and 1 Guest are viewing this topic.

Offline ericab

  • Full Member
  • ***
  • Posts: 207
  • Karma: +0/-0
    • View Profile
How to create an OpenVPN client to StrongVPN
« on: November 09, 2010, 03:35:12 pm »
StrongVPN HowTo.
-- For pfSense version 2.0 (beta & RC)

Once you have completed this tutorial, you will have a pfSense box that automatically connects to StrongVPN, and routes all traffic from your LAN,
through the vpn gateway.

-----------------------------

---Section 1---

Step 1:

download the StrongVPN greeting file.

once extracted you are presented with these files:


Step 2:

from the pfSense interface, navigate to the dropdown menus:  System ---> Cert Manager

Step 3:

click the plus button as seen here:
to create a new certificate authority

Step 4:

enter a descriptive name for the new CA,
and ensure that "Import an existing certificate authority" is selected

Step 5:

go to the directory containing the files as seen in the first screenshot in this tutorial
open the file called "ca.crt" in notepad, and copy and paste the EXACT contents of it into the first box.
click SAVE. (the second box will remain empty, don't worry)

Step 6:

click on the "Certificates" tab:


click on the plus button:

Step 7:

ensure that "Import an existing certificate" is selected, and enter a descriptive name
go to the directory containing the files as seen in the first screenshot in this tutorial and open the file called "ovpn059.crt"
NOTE: depending on the server you have selected upon purchase, your client cert may have a number other then '059', so do not fret.
open in notepad, and copy and paste the contents of it into the first box.
open "ovpn059.key" (again, note that the number '059' will probably be different) and copy/paste the contents into the second box ('Private key data')

Step 8:

navigate to the system dropdown menus: VPN ---> OpenVPN

click the Client tab:

Step 9:

for this step; please just duplicate what you see in this screenshot, on your box.




-Note: In the "Cryptographic Settings" section, copy and paste the contents of the "ta.key" file into "TLS Authentication"
see here:


-Note 2: for ease, here are the "advanced configuration" options you can copy and paste: (remember to keep the trailing ; in place.) --->

verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;

now, Click Save


Step 10:

navigate to the system dropdown menus Status ---> System Logs, and click on the OpenVPN tab.
if the last thing you see in this log is "Initialization Sequence Completed" you are connected to StrongVPN; but, you are not done yet, as none of your traffic is traversing this line.

move on to section 2
------------------------------


---Section 2---

Step 1:

navigate to the system dropdown menus Interfaces ----> (assign)

click the plus button:

-Note in the previous screenshot you will notice a StrongVPN interface. you will NOT have that on your box yet, so dont worry.


Step 2:

after clicking on the plus button pfSense will tell you it has successfully added a new interface. the network port name will most likley be named

"ovpnc1". ensure that the new interface is selected as "ovpnc1" (it could be ovpnc2, ovpnc3, etc... depends if you have other ovpn interfaces or not)

Step 3:

navigate to the system dropdown menus Interfaces ---> OPT1 (or whatever your new interface from the previous step is)
Enable the interface.
Enter a Description --> "StrongVPN"
"Type" ---> none
leave everything else alone
click Save.


Step 4:

navigate to the system dropdown menus System ---> Routing

click the plus button:

ensure the Interface selected is the new one we have just assigned to the vpn client; should be "OPT1"
Enter the gateway name.
for "Gateway", enter "dynamic"
do NOT click "Default gateway"
for monitor IP, enter 208.67.222.222 (or whater will respond to ICMP)(208.67.222.222 is openDNS fyi)
leave "Advanced" alone
enter a description for "Description"
click save

Step 5:

navigate to the system dropdown menus Firewall ---> Rules
click on the LAN tab.

Step 6:

create a new rule that looks like this:

Action: PASS
--
Interface: LAN
Protocol: ANY
Source: LAN Subnet
Destination: ANY
--
Description: LAN to Internet force through VPN

**IMPORTANT**: scroll down to "Gateway" under the "Advanced features" of the rule.
Set gateway to your VPN interface.

it should look something like this:


click save.

the rule should look like this:


at this point, i would give the box a reboot (possibly an unnecessary step)
if this isnt an option, disable the VPN client, wait a minute and then go ahead and re-enable it.

CHECK OpenVPN syslog for errors !

navigate to "http://www.whatismyip.com/" and your public pacing IP will be one of strongvpn's IP's.



you're done !



**edit - November 23 2010**
-- removed persist-tun, from additional configuration options


**edit - March 9 2011**
-- from now on, in order for traffic to be routed through the vpn gateway; from the pfSense interface, navigate to the dropdown menus: FIREWALL --> NAT --> OUTBOUND --| enable "Manual Outbound NAT rule generation" and select save.
« Last Edit: October 02, 2011, 11:49:08 pm by cmb »

Offline _igor_

  • Hero Member
  • *****
  • Posts: 615
  • Karma: +2/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #1 on: November 10, 2010, 07:34:41 am »
Really great tutorial! Thanks much

Offline 0tt0

  • Full Member
  • ***
  • Posts: 275
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #2 on: November 10, 2010, 07:48:21 am »
I will add policy routing in mine and it will be 1.2.3-RELEASE


Offline lordalfa

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #3 on: November 22, 2010, 09:06:23 pm »
Good tutorial.

Have anyone tried OpenVPN over dual WAN links. The setup here is specific on which interface is being used.

Offline ermal

  • Hero Member
  • *****
  • Posts: 3829
  • Karma: +76/-4
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #4 on: November 23, 2010, 02:14:41 am »
I would not advice adding persist-tun in 2.0

Offline ericab

  • Full Member
  • ***
  • Posts: 207
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #5 on: November 23, 2010, 10:00:24 pm »
ermal, thanks for the heads up;
i have edited the how-to to reflect your advice

Offline zoltran

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #6 on: December 11, 2010, 04:28:43 pm »
Hello

Does any have StrongVPN working in pf 1.2.3 ?
Or can point me to a primer?
Thanks

Offline Hidden

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #7 on: December 17, 2010, 02:38:44 pm »
After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.


Offline Hidden

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #8 on: December 19, 2010, 02:06:58 pm »
after a factory reset (i screwed some thing up in squid) it works great.

Now i need some thing to route traffic over the vpn on url base.

i found this interesting setup:
http://webcache.googleusercontent.com/search?q=cache:EuMlcG_zcmIJ:www.shawnmolnar.com/blog/tag/hulu+hulu+netflix+script+vpn&cd=2&hl=nl&ct=clnk&gl=nl
( from google cache because the realsite is offline atm)

Offline yu130960

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #9 on: December 29, 2010, 07:07:28 pm »
After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.



+1

Offline yu130960

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #10 on: December 30, 2010, 06:26:11 pm »
after a factory reset (i screwed some thing up in squid) it works great.

Now i need some thing to route traffic over the vpn on url base.

i found this interesting setup:
http://webcache.googleusercontent.com/search?q=cache:EuMlcG_zcmIJ:www.shawnmolnar.com/blog/tag/hulu+hulu+netflix+script+vpn&cd=2&hl=nl&ct=clnk&gl=nl
( from google cache because the realsite is offline atm)

Would this work on pfsense?  Has anyone tried it?

Offline 0tt0

  • Full Member
  • ***
  • Posts: 275
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #11 on: January 07, 2011, 06:42:39 am »
After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.



I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

I haven't taken the time to finish my guide yet though.

« Last Edit: January 07, 2011, 06:44:34 am by 0tt0 »

Offline yu130960

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #12 on: January 07, 2011, 03:14:58 pm »
After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.


I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

I haven't taken the time to finish my guide yet though.



This would be the guide that I would be looking forward to.  I will try to figure out the tunnel as a virtual wan interface, but would love to see a guide on how to set this up.  I couldn't figure it out and just got my refund from StrongVPN within their 7 days.  I will sign back up if I can get this setup to work.

Thanks for the post.

Offline jeffnoone

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #13 on: January 28, 2011, 11:26:44 pm »
I am a complete newbie on FreeBSD and pfSense, but managing to get pfSense installed and then STrongVPN going using the various site tutorials. Suddenly pfSense has become very valuable to me for high-speed VPN connection. So thanks to ERicab and all here
Does this thread need to be updated given this post:
http://forum.pfsense.org/index.php/topic,32640.0.html

I made similar observations as ericab, as in that post
Enabling AON  uunder Firewall, NAT, outbound seems to be what was suggested in the thread linked, and seemed to work for me

Should this instruction be added to tutorial to get people up and running with most recent versions? - I dont know enough to know reliably one way or the other

Again thanks
Jeff

Offline yu130960

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #14 on: February 02, 2011, 12:42:34 pm »
After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.



I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

I haven't taken the time to finish my guide yet though.



I know the guide is not ready yet, but can someone point me to another guide that would help me set up PFsense 2.0 with Strongvpn with the option of routing only some clients through the VPN while allowing others to go through the default gateway.

Thanks
« Last Edit: April 09, 2011, 05:33:21 pm by yu130960 »