How to install OpenVPN on pfSense: Ultimate Beginner Guide

Out of popular demand, I created this complete beginner guide on how to install OpenVPN on pfSense 2.5. This was one of the most requested tutorials that you guys wanted to have. As always, my guide is accompanied by a video and I guide you through each and every step, so you can easily follow along!

This guide uses the newest version of pfSense, version 2.5.1.

This guide has been updated in Mai 2021 to pfSense version 2.5.1
Table Of Contents

Step 1 – Creating a NO-IP Account

If you have a Static IP Address or already got a different DynDNS Service in place, you can continue with Step 2. For everyone else, we first set up a NO-IP Account because we will need it later on. Head over to NO-IP and create yourself a hostname. I recommend choosing a generic hostname so nobody can guess at it.

Install OpenVPN on pfSense 2.5

After clicking on Sign Up fill out the required fields and create your account. The free account requires you to confirm your hostname every 30 days. Activate your account via email. Log in to NO-IP with your account once confirmed and create a Username as prompted.

In your NO-IP Dashboard navigate to Dynamic DNS -> No-IP Hostnames and you should already see your IP Address and your DynDNS Name. In case you use another IP, adjust the entry accordingly. If you want to confirm that the IP is correct head to this website.

Setup DynDNS for pfSense 2.5

Good, now we have a DynDNS account, we can set this up in pfSense next.

Step 2 – Setting up DynDNS in pfSense

In pfSense, navigate to Services / Dynamic DNS and click on +Add. Now fill out the required fields as in the screenshot below. Choose your service from the list of services. In case you opted for NO-IP Free like me, choose No-IP (free).

Interface to Monitor is WAN. The hostname is the Hostname you set up for yourself on No-IP, in my case ceos3c.hopto.org. Scroll down and enter your No-IP Username and Password. Give the service a description and click Save.

DynDNS for OpenVPN

Once this is done, you should see the Cached IP in green, that means the IP is up to date.

Install OpenVPN on pfSense 2.5

Good. We are done setting up DynDNS.

Step 3 – Creating Certificates

Now we need to create a new Certificate Authority and a new certificate to install OpenVPN on pfSense 2.5.

Creating a new Certificate Authority

Navigate to System / Cert. Manager. Click on +Add to create a new Certificate Authority.

OpenVPN Certificate Authority

Fill everything as in the screenshot below. You can choose a higher Digest Algorithm if you want to.

OpenVPN Certificate

Click on Save once you are done.

Creating a Server Certificate

Now we need to create a new Server Certificate. Therefore, navigate to System / Certificate Manager / Certificates. Click on +Add/Sign to create a new certificate. Make sure to select your OpenVPN-CA that we created above as the Certificate Authority and also that you use your DynDNS Hostname as the Common Name. For Certificate Type make sure to choose Server Certificate.

Update Mai 2021: As Key type select RSA

Fill the rest out like in the Screenshot below. Click Save at the end.

OpenVPN Server Certificate

Step 4 – Creating a VPN User

Now we are going to create a VPN User. This User will be used to login to our VPN Client from a remote location.

Navigate to System / User Manager and click +Add to add a new User.

Make sure to tick Create Certificate for User and give the Certificate a descriptive name. Also, make sure to choose our OpenVPN-CA as the Certificate Authority.

Update Mai 2021: Also choose Key type RSA here.

Click on Save once you are done with that.

OpenVPN Create VPN User

Step 5 – Installing the OpenVPN Client Export Package

Now we need to install the OpenVPN Client Export Package to create our Windows Installer or download VPN Configuration Files for Linux. Navigate to System / Package Manager / Available Packages and type OpenVPN in the search field. Click on +Install to install it.

OpenVPN Export Client Package

Now that we have this in place we can go ahead and install OpenVPN on pfSense 2.5.

Step 6 – Install OpenVPN on pfSense 2.5

Navigate to VPN / OpenVPN / Wizards. Choose Local User Access and click Next.

Install OpenVPN on pfSense 2.5

Select our OpenVPN-CA and click Next.

Install OpenVPN on pfSense 2.5

Select the OpenVPN-Cert (Server Certificate) we created earlier.

Install OpenVPN on pfSense 2.5

The next step is a bit lengthy and will be divided into a couple of Screenshots. Make sure you fill everything out as in my example or adjust according to your own needs.

General OpenVPN Server Information and Cryptography Settings

Install OpenVPN on pfSense 2.5

Tunnel Settings

This is quite important to get right. Let me quickly elaborate. Let’s assume your local Network is 192.168.10.0/24. You want your Tunnel Network to be on a different Subnet, so you could choose 192.168.11.0/24 for your Tunnel Network.

Concurrent Connections means how many people can connect via OpenVPN simultaneously. If you only have one user for yourself, just set it to 1 for good measure. Also, check Redirect Gateway to force all traffic through the tunnel.

Leave the rest on Tunnel Settings on default.

OpenVPN Tunnel Settings

Client Settings

For DNS Default Domain enter the Domain you specified under System / General Setup. If you are unsure, just Navigate to System / General Setup (Right-Click -> Open in a new tab if you don’t want to interrupt the Wizard). And enter the IP Address of your DNS Server, if it’s your pfSense, enter the IP of your pfSense Firewall.

OpenVPN Client Settings

Click on next to continue.

Firewall Rule Configuration

On the last step of the Wizard tick both checkboxes to create Firewall Rules for both OpenVPN and Clients.

OpenVPN Firewall Rules

Finally, click Next and Finish. Now we are almost done.

Step 7 – Exporting and Installing the Client

Navigate to VPN / OpenVPN / Client Export. On top under Client, Connection Behaviour make sure to choose your DynDNS Hostname for Host Name Resolution. After this scroll down a little bit and hit Save as Default.

Check Use Random Local Port in case you want to connect more than 1 client simultaneously.

Install OpenVPN on pfSense 2.5

Now scroll down until you find OpenVPN Clients and you should see your VPNUser and a couple of Client Export Options next to it. If you are on Windows, you want to download the Current Windows Installer.

Install OpenVPN on pfSense 2.5

Once downloaded, right-click and select Install as Administrator. If a Windows Smart Screen Warning pops up, click on More Info and Run Anyway. Install OpenVPN leaving everything on Default. When getting prompted if you would like to install the TAP-Windows Provider V9 Network Adapters, click on Install.

Once installed double-click the OpenVPN GUI Icon from your Desktop to start it. When you restart your computer, OpenVPN will be started automatically in the future. You will see a little Screen+Lock Icon in your Taskbar now.

Step 8 – Connecting to OpenVPN with pfSense 2.5

Right-click the lock icon and select Connect. Enter your VPNUser Username and Password.

Install OpenVPN on pfSense 2.5

Allow connection through your Windows Firewall when prompted for it for both, Private & Public Networks.  You should now see that you are connected to your VPN indicated by the green light showing in the small Screen+Lock Symbol in your Taskbar.

Congratulations, you successfully installed OpenVPN on pfSense 2.5!

Troubleshooting

In case you run into any problems these are the first things to check:

  • Is the OpenVPN Service running? Navigate to Status / Services. Eventually, restart your pfSense if you’re not able to start it.
  • Check your Firewall Rules of all Rules were created, both the WAN and the OpenVPN Rule
  • Check if you entered the correct subnet mask (192.168.1.0/24) on your Tunnel and Local Network in your OpenVPN Config. It has to be .0/24 on the end, not .1/24 or something like that.
  • Check the System Logs under Status / System Logs to get hints

Conclusion

It can be a bit confusing if you go through this process for the first time, but once you have it set up, it’s a gift that keeps on giving. You have successfully learned how to install OpenVPN on pfSense 2.5!

The post How to install OpenVPN on pfSense: Ultimate Beginner Guide appeared first on Ceos3c.

Deixe uma resposta