ExpressVPN with two subnets
-
Hi All
I've had a request to post up how I did this so here it is:
I'm using ExpressVPN but I've also used this to set up Buffered and StrongVPN with a few minor adjustments.
I have an HP DL320 G5 that I use for a firewall and I've added a NIC card. The two NICs that are built into the server are WAN and LAN and the extra NIC is called WIRELESS.
LAN is connected to my local switch (Catalyst 3560)
WIRELESS is connected to a Cisco EA3500 wireless router in bridge mode connected to it.
This way WIRELESS and LAN are completely separate and do not talk. They are also separate subnets.
LAN is for my business, the server rack, a couple of desktops, printers, the telephony server and an internal web server/Postgresql database and finance package.
WIRELESS is for the phones, e-readers, streaming media boxes, Rasberry Pis, laptops, and friends.
First, go get the file from ExpressVPN.
Go to: https://www.expressvpn.com
click on "My Account" and then log in.
click "Setup Express VPN" (green box)
click :Manual Configuration" then expand the countries and pick your servers. I chose Denver for the USA and Vancouver for Canada.
You should have two .ovpn files downloaded.
Log into pfSense as admin.
System/Certificate Magr/add
-choose a name - ie ExpressVPNCM
-open the appropriate .ovpn file and paste the dection between <ca>and</ca> as certificate data.
-paste the RSA private key as cert private keySystem/Certificate Manager/Certificates/add
-method=import
-choose a name ie: ExpressVPNcert
-paste the section between <cert>and</cert> as certificate data
-open the appropriate .ovpn file and paste the dection between <ca>and</ca> as certificate data.
-paste the RSA private key as cert private keyVPN/OpenVPN/Clients/add
-Server mode = Peer to Peer (SSL/TLS)
-Protocol = UDP
-Devicemode = tun
-Interface = WAN
-Server host or address= [the server name from the file ie usa-denver-ca-version-2.expressnetw.com]
-Server Port = 1195 [from the file]
-Description = ExpressVPNDenverClient
-check = enable authentication of TLS packets
-key = [paste openvpn static key section from file]
-Peer cert authority = [from cert manager section 'ExpressVPNCM']
-Client Certificate = [from Certificates section 'ExpressVPNcert']
-Encryption Algorythm = [from file] AES-256-CBC
-Auth digest Algorythm = [from file] SHA512
-No Hardware Crypto Acceleration
-Compression = enabled without adaptive
-Custom options:
tun-mtu 1500
fragment 1300
mssfix 1450
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288Click SAVE
Status/System Logs/OpenVPN
last entry should be:
Initialization Sequence Completed
If this worked do it again for the second VPN server.
-
Crap!
I just lost the second post because the software logged me out before I hit post, Now I'm pissed off so I'll continue this later…
JayArr