Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ExpressVPN with two subnets

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JayArr
      last edited by

      Hi All

      I've had a request to post up how I did this so here it is:

      I'm using ExpressVPN but I've also used this to set up Buffered and StrongVPN with a few minor adjustments.

      I have an HP DL320 G5 that I use for a firewall and I've added a NIC card. The two NICs that are built into the server are WAN and LAN and the extra NIC is called WIRELESS.

      LAN is connected to my local switch (Catalyst 3560)

      WIRELESS is connected to a Cisco EA3500 wireless router in bridge mode connected to it.

      This way WIRELESS and LAN are completely separate and do not talk. They are also separate subnets.

      LAN is for my business, the server rack, a couple of desktops, printers, the telephony server and an internal web server/Postgresql database and finance package.

      WIRELESS is for the phones, e-readers, streaming media boxes, Rasberry Pis, laptops, and friends.

      First, go get the file from ExpressVPN.

      Go to: https://www.expressvpn.com

      click on "My Account" and then log in.

      click "Setup Express VPN" (green box)

      click :Manual Configuration" then expand the countries and pick your servers. I chose Denver for the USA and Vancouver for Canada.

      You should have two .ovpn files downloaded.

      Log into pfSense as admin.

      System/Certificate Magr/add
      -choose a name - ie ExpressVPNCM
      -open the appropriate .ovpn file and paste the dection between <ca>and</ca> as certificate data.
      -paste the RSA private key as cert private key

      System/Certificate Manager/Certificates/add
      -method=import
      -choose a name ie: ExpressVPNcert
      -paste the section between <cert>and</cert> as certificate data
      -open the appropriate .ovpn file and paste the dection between <ca>and</ca> as certificate data.
      -paste the RSA private key as cert private key

      VPN/OpenVPN/Clients/add
      -Server mode = Peer to Peer (SSL/TLS)
      -Protocol = UDP
      -Devicemode = tun
      -Interface = WAN
      -Server host or address= [the server name from the file ie usa-denver-ca-version-2.expressnetw.com]
      -Server Port = 1195 [from the file]
      -Description = ExpressVPNDenverClient
      -check = enable authentication of TLS packets
      -key = [paste openvpn static key section from file]
      -Peer cert authority = [from cert manager section 'ExpressVPNCM']
      -Client Certificate = [from Certificates section 'ExpressVPNcert']
      -Encryption Algorythm = [from file] AES-256-CBC
      -Auth digest Algorythm = [from file] SHA512
      -No Hardware Crypto Acceleration
      -Compression = enabled without adaptive
      -Custom options:
      tun-mtu 1500
      fragment 1300
      mssfix 1450
      keysize 256
      auth SHA512
      sndbuf 524288
      rcvbuf 524288

      Click SAVE

      Status/System Logs/OpenVPN

      last entry should be:

      Initialization Sequence Completed

      If this worked do it again for the second VPN server.

      1 Reply Last reply Reply Quote 0
      • J
        JayArr
        last edited by

        Crap!

        I just lost the second post because the software logged me out before I hit post, Now I'm pissed off so I'll continue this later…

        JayArr

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.