• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

New OpenVPN server config

Scheduled Pinned Locked Moved OpenVPN
2 Posts 2 Posters 507 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    BlazeStar
    last edited by Aug 7, 2023, 9:45 PM

    Hello all,

    I'm about to configure a fresh new OpenVPN server.

    I've been running two OpenVPN servers for over 10 years without (much) changes. I'd like to start with a good config and would like advices on the preferred options that would be ideal in 2023.

    I'm using a Netgate 4100 with pfSense latest.

    I want to make a road warrior style setup, so I'm assuming a Remote Access service mode (SSL + User Auth).
    I have several servers, for example a SMB server, on my network.
    The OpenVPN server will be used to allow external users to connect to the network, and they will be working from home or remotely.

    The connexion is a 200 M/s download, 50 M/s upload.

    I want to have a very secure setup, but not overkill to the point that the performance are degraded significantly.

    I would like guidance on these options:

    • TLS Key
    • Usage Mode
    • TLS keydir direction
    • OCSP Check
    • DH Parameter Length
    • ECDH Curve
    • Data Encryption Algorithms (and fallback)
    • Auth digest algorithm
    • Hardware Crypto
    • Certificate Depth
    • Allow Compression
    • Topology
    • UDP Fast I/O
    • Gateway creation

    And anything else I may want to address.

    Thank you!

    G 1 Reply Last reply Aug 8, 2023, 5:28 AM Reply Quote 0
    • G
      Gertjan @BlazeStar
      last edited by Aug 8, 2023, 5:28 AM

      @BlazeStar

      pfSense 23.05.1 uses OpenVPN 2.6.2., so here it is https://openvpn.net/community-resources/
      You'll see that "Allow Compression" is something of the past.

      See also here https://openvpn.net/community-downloads/, goto the 2.6.2 release info.
      Look especially for the info "what was done using 2.4 and 2.5, and goes away with 2.6".

      My next best proposal, must see info are thee : Youtube => Netgate => Videos. There are at least 3 OpenVPN server videos. You 'must' see the first 2 of them.
      Even if they are old, they are still very valid. These videos are quiet long, but will give you the main oversight of all the aspects.
      Look at the the 7 minutes Configuring OpenVPN Remote Access in pfSense Software which will answer already most of your question.

      Last but not least : HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection.

      Btw : OpenVPN is one of the VPN methods. There are others.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 1
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received