Remote-access Guide

pfsense 2.3.4 openvpn remote access

by Miss Lulu Emard V Published 2 years ago Updated 2 years ago

How do I use pfSense with a VPN?

The safest way to accomplish the task is to setup a VPN that will allow access to the firewall and the network it protects. There are several VPN options available in pfSense software, such as Once a VPN is in place, reach the GUI safely using a local address on the firewall, such as the LAN IP address.

What is the shared secret on the pfSense firewall?

The Shared Secret is the password configured on the RADIUS server for accepting authentication requests from the IP address of the pfSense firewall. If there is an existing Certificate Authority defined on the pfSense firewall, it may be chosen from the list. To create a new Certificate Authority, choose Add new CA.

How do I set up an OpenVPN server on Windows?

In the “Servers” tab (the default tab), click on the “+ Add” button at the bottom right of the page. Server Mode: choose Remote Access (SSL/TLS + User Auth). Protocol: UDP on IPv4. Device Mode: tun. Interface: WAN, normally. More generally the interface on which the OpenVPN server should be reachable.

How do I change the certificate authority on the pfSense firewall?

If there is an existing Certificate Authority defined on the pfSense firewall, it may be chosen from the list. To create a new Certificate Authority, choose Add new CA.

How to add a group to OpenVPN?

Go on “Groups” tab, then click on the “+ Add” button at the bottom right. Give the name you want to the group. In our case we choose “OpenVPN-users”. Then click on the “Save” button. Once done, come back on the “Users” tab, then click on the “+ Add” button. The fields to be filled in are the following:

How does VPN work?

How it works. The goal is to offer a VPN solution for travelling or teleworking users allowing them to have secure access to the company’s LAN. These users can use a computer or a smartphone to connect. In all cases, they will use an OpenVPN client.

Is OpenVPN compatible with Mac?

OpenVPN = the perfect solution for home-office users. OpenVPN is easy to implement and is compatible with all types of platforms (Windows, Mac, Android, iOS, …) This article does not cover site-to-site mode configuration of OpenVPN (shared key or X.509).

What is pfSense package?

pfSense provides a package called openvpn-client-export which creates preconfigured OpenVPN profiles for you to download containing all the VPN settings and the user certificate if one is used. For Windows users it also allows you to download an OpenVPN client installer which will automatically install the OpenVPN client application and configure it with the VPN settings. This step is optional as you could configure the client settings manually but in most cases, doing it will simplify deployment.

What port does OpenVPN use?

The other setting you may wish to change is the listening port. By default OpenVPN listens on port 1194 in either UDP or TCP mode. You can change the port if you wish, either based on personal preference or if you are on a network which blocks VPN traffic or outbound ports.

How to export OpenVPN client?

The easiest way to configure client settings is to use the openvpn-client-export package we installed earlier. Go to VPN > OpenVPN > Client Export. At the bottom of this there is a section called OpenVPN Clients. In this section you will see a list of available users whose configuration we can export.

What branch of OpenVPN is used for Windows 7?

For Windows 7, 8 or 10 and their corresponding server versions you will want to use the 2.4.8 branch of OpenVPN client. For Windows XP or Vista (shown as win6 in this interface) you will need the older 2.3.18 branch (also, upgrade your PC). Download the installer you want and transfer it to the target PC. Download the correct installer and copy it to your target PC. The installer behaves like any standard Windows installer, just run it, click the “install” button and follow the prompts.

How to create a user in OpenVPN?

To do this we will need to create a user. Go to System > User Manager and add a user. You will need to configure a username and password as per the picture below. The other settings can be left as default although if you are only planning to grant the user temporary access you may want to set the account to expire automatically when access is due to be revoked.

How to install OpenVPN client export?

From the pfSense dashboard go to System > Package Manager > Available Packages and search for the openvpn-client-export package. Click the Install button to install it.

How to create a certificate for OpenVPN?

From the pfSense dashboard, go to System > Cert. Manager > CAs and click Add to create a new CA. Enter a descriptive name to help you identify what the CA is called and a common name which will appear on the certificates. The rest of the settings can be adjusted if required but the defaults should provide a reasonable balance between security and performance for most use cases. By default the CA lifetime is set to 3650 days (10 years) which is reasonable for a CA but can be adjusted if desired. If you wish you can also include location and organisation data but this is entirely optional.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9