SETUP REMOTE VPN ACCESS USING PFSENSE AND OPENVPN
Pfsense is a great firewall solution. Very reliable and comes with built in VLAN and VPN support. In this tutorial I’m going to demonstrate how to setup a user authenticated OpenVPN server in PfSense. In this guide I assume you already have a functional pfSense firewall running.
STEP 1: - OPEN OPENVPN WIZARD
A. Create a Virtual Machine for Pfsense
Select OpenVPN Authentication Backed Type
In this tutorial I have used “Local User Access” as the authenticated backed type.
STEP 2:- CREATE NEW CA
Create a Certificate Authority to generate certificates for the OpenVPN server.
Fill out the following fields to create a new CA.
STEP 3:- CREATE SERVER CERTIFICATE
Create a Server Certificate from the CA for OpenVPN.
STEP 4:- OPENVPN GENARAL SETTINGS CONFIGURATION
In this case OpenVPN interface will listen on external facing WAN interface which is connected to the internet.
Interface: WAN
Protocol: UDP on IPv4 Only
LocalPort: 1194
Description: VPN
Cryptographic Settings Configuration
This section can be left default or change it upon your security needs.
STEP 5:- OPENVPN TUNNEL CONFIGURATION
There are two important sections.
Tunnel Network
The tunnel networl should be a new network that does not currently exist on the network or the Pfsense firewall routing table.
When client connect to the VPN they will receive an address in this network.
Ex: 172.25.0.10/24
Local Network
Enter the network address of that client will connect to local network. Network address that Pfsense box resides.
Rest of the settings can be change according to your requirement.
STEP 6:- OPENVPN CLIENT SETTINGS
The settings in the client settings section will be assigned to OpenVPN clients when they connect to the network.
If you are also using pfSense as your local DNS server, you would enter them here. Separate DNS servers also can enter here.
Optionally DNS, NTP server can be provided to the VPN clients from here.
STEP 7:- FIREWALL RULE CREATION FOR OPNVPN
Traffic from client to server: - If this section enabled, OpenVPN wizard will automatically generate the necessary firewall rules to permit the incoming connection to Pfsense OpenVPN server from clients anywhere on the internet.
Traffic from clients through VPN:- If this connection enabled, OpenVPN wizard will automatically generate firewall rules which allow traffic from clients connected to the VPN to anywhere on the local network.
Finally finish the wizard.
STEP 8:- CREATE VPN USERS WITH CERTIFICATES
If you selected the “local user access” option during the VPN wizard then users can be added through the pfSense user manger.
Create new user.
STEP 9:- INSTALL OPNVPN CLIENT EXPORT PACKAGE
Install OpenVPN Client Export package using Pfsense package manager.
After the installation there will be a new tab named with “Client Export” in OpenVPN menu.
Modify “Hostname Resolution” field. By default this is set to the IP address of the interface running OpenVPN.
After any changes made, click the “Save as default” button to store the settings.
STEP 10:- DOWNLOAD THE OPENVPN CLIENT PACKAGES.
Download and install OpenVPN client application.
https://openvpn.net/index.php/open-source/downloads.htmlhttps://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe
Install downloaded OpenVPN profile.
Comments
Post a Comment