This blog will guide you on how to setup OpenVPN in Pfsense. OpenVPN is a free utility for setting up VPN connections between two networks using internet. Pfsense has already support for setting up OpenVPN. If you have older version of Pfsense, better to update it. To setup OpenVPN in Pfsense, follow the steps bellow.
Access the Pfsense server to start setting up OpenVPN. On your browser, type the IP address of the Pfsense server. Go to VPN->OpenVPN menu.
Select an Authentication Backend Type
Type of Server - Local User Access
Select an Authentication Backend Type
Type of Server - Local User Access
Setup OpenVPN in Pfsense
Choose a Certificate Authority (CA)
- If you don't have a certificate authority yet, click on Add new CA button and create a certificate. This is use in OpenVPN upon user login.
- If you don't have a certificate authority yet, click on Add new CA button and create a certificate. This is use in OpenVPN upon user login.
Descriptive name - enter the descriptive name of your CA.
Key length - default
Lifetime - default
Country Code - your country code
State or Province - the State or Province you live
City - your City
Organization - if none just leave it blank
Email - enter your email
Key length - default
Lifetime - default
Country Code - your country code
State or Province - the State or Province you live
City - your City
Organization - if none just leave it blank
Email - enter your email
Choose a Server Certificate
- Create a Server Certificate for your OpenVPN if there is none. Click on the Add new button.
- Create a Server Certificate for your OpenVPN if there is none. Click on the Add new button.
Complete the entries if possible. It seems that it is the same with creating a certificate authority. Just type a different descriptive name to distinguished. Then click on Create New Certificate.
General OpenVPN Server Information
Interface - WAN
Protocol - default is UDP
Local Port - 1194 but you use different port
Description - You may put description (Optional)
General OpenVPN Server Information
Interface - WAN
Protocol - default is UDP
Local Port - 1194 but you use different port
Description - You may put description (Optional)
Leave all other setting to default and click on Finish button. OpenVPN server is now ready. But we need to setup a user first used for OpenVPN connection.
Tunnel Settings
Tunnel Network - this is the network between the pfsense and the remote computer connected using OpenVPN. You may set other network you want in a CIDR notation. In the example 192.168.1.0, if I am connected to that pfsense server via OpenVPN, I may acquire an ip address on that network range.
Redirect Gateway - leave to default. But if you want to access computers on the pfsense network just check this one.
Local Network - this is the network that will be accessible remotely. This could be the network found inside a pfsense network. Tunnel network and local network must not be the same to avoid conflicts. I try testing by having a ping command on a remote computer inside the pfsense network but not working using this local network settings. I tried checking the Redirect Gateway and it did reply when I issue ping command to the remote computer. So my advice if you cannot ping the remote computer is to check on redirect gateway.
Concurrent Connections - set the number of concurrent connection you want. Of course there is limitation if your connection has lower bandwidth.
Tunnel Network - this is the network between the pfsense and the remote computer connected using OpenVPN. You may set other network you want in a CIDR notation. In the example 192.168.1.0, if I am connected to that pfsense server via OpenVPN, I may acquire an ip address on that network range.
Redirect Gateway - leave to default. But if you want to access computers on the pfsense network just check this one.
Local Network - this is the network that will be accessible remotely. This could be the network found inside a pfsense network. Tunnel network and local network must not be the same to avoid conflicts. I try testing by having a ping command on a remote computer inside the pfsense network but not working using this local network settings. I tried checking the Redirect Gateway and it did reply when I issue ping command to the remote computer. So my advice if you cannot ping the remote computer is to check on redirect gateway.
Concurrent Connections - set the number of concurrent connection you want. Of course there is limitation if your connection has lower bandwidth.
Create an OpenVPN User
To setup a user for OpenVPN, go to pfsense User Manager menu. On certificate, create a descriptive name and choose the certificate authority you have create for your OpenVPN. Leave all to defaults. You may change other settings if you want. Click on save button to add the user.
Go to OpenVPN->Client Export Utility to save the user OpenVPN configuration settings by exporting or downloading the zip file.
Remote Access Server - Choose the OpenVPN server.
Host Name Resolution - Interface IP Address
Verify Server CN - leave to default unless you know
Other settings to default.
Remote Access Server - Choose the OpenVPN server.
Host Name Resolution - Interface IP Address
Verify Server CN - leave to default unless you know
Other settings to default.
Click on Archive to download the configuration. This configuration contains all the OpenVPN user information including the password. Put this on a safe directory and copy this on the computer with OpenVPN client installed.
Try to test if OpenVPN is working. On the computer with OpenVPN client, run the client program and try to connect to the pfsense OpenVPN server. You can download OpenVPN client on the internet for updated version. You will be prompt for user and password. User the username and password you have created in the Pfsense used in OpenVPN. If connection is successful, you have setup the OpenVPN correctly.
Try to test if OpenVPN is working. On the computer with OpenVPN client, run the client program and try to connect to the pfsense OpenVPN server. You can download OpenVPN client on the internet for updated version. You will be prompt for user and password. User the username and password you have created in the Pfsense used in OpenVPN. If connection is successful, you have setup the OpenVPN correctly.
That's it guys. If you have questions, just leave me a message using comments bellow. Thanks.