having issues setting up Remote VPN to my network

comet424

ok so I have 1 laptop

I have 2 pfsense houses.... my house and my sisters house
I set up exact copies of pfsense… except
the certs..
my pfsense MikeshouseCA.. mikesServer(certificate)… mikes client(certificate)
sis pfsense MitchshouseCA, mitchsServer(Certificate).. mikes client(certificate)

like I mentioned toe get the option to export when I create a New user "mike" as the login you have to write something in "description" to work

now when you click the Vista install button
and installs... it creates 3 Files
pfSense-UDP4-1196-mike.opnvpn config file
pfSense-UDP4-1196-mike. personal info file
pfSense-UDP4-1196-mike-tls resitration file

now even though I created different certs on the 2 computers because I use "mike" as a login for both pfsense boxes.. these still create the same files above.. and the opn config file points to the personal info and registration file names and windows wont let me edit the opnvpn file to edit the names
so If I rename
pfSense-UDP4-1196-mike.opnvpn config file to mike.opnvpn config file now I have
mike.opnvpn
pfSense-UDP4-1196-mike personal info
pfSense-UDP4-1196-mike-tls

now when I run the Vista Install button on my laptop of my sisters pfsense button and it installs the 3 files I now have this

mikes.opnvpn config
pfSense-UDP4-1196-mike opnvpn config
pfSense-UDP4-1196-mike personal info
pfSense-UDP4-1196-mike-tls registration

and you can not just have the opnvpn config file.. I deleted the other 2 files

as I tried renaming the files so id have 6 files

so it be

mikeshouse opnvpn config
mikeshouse personal info file
mikeshouse-tls registration file
mitchshouse opnvpn config
mitchshouse personal info file
mitchshouse-tls registration file

or does it even matter or does it.. since I could have a different setting for "mike" on mitchsserver then "mike" on mikes server

as both config files point to the same file names that I trying to rename as there is a conflict
I have diselexia so comes out fine for me maybe not for you I tried to explain it better

comet424

here you see image 1.. my sisters pfsense

now I renamed config file to mitchshouse and ran my pfsense install

now I renamed my config to mikeshouse

and here is the conflict.
mitchshouse and mikeshouse both point to mikes house registration file and personal information file
so that means when I connect to mitchshouse its actually connecting to Mikeshouse pfsense.. I do not want this

as mitchshouse config is
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote sistersdyns 1196 udp
verify-x509-name "mitchshouseserver" name
auth-user-pass
pkcs12 pfSense-UDP4-1196-mike.p12
tls-auth pfSense-UDP4-1196-mike-tls.key 1
remote-cert-tls server

mikeshouse pfsense
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote myhousesdyns 1196 udp
verify-x509-name "mikeshouseserver" name
auth-user-pass

so that's why I get confused I should have 6 files those 2 files are specific to each server isn't it the TLS key and u they both don't have the same key
pkcs12 pfSense-UDP4-1196-mike.p12
tls-auth pfSense-UDP4-1196-mike-tls.key 1
remote-cert-tls server

johnpoz

So you want to be able to access either your sisters house or your house from your laptop? That is running windows I take it?

Or do you want your sisters house and your hose to be always connected via site to site vpn? You could setup site to site between your houses and then setup so you could access either house from either vpn server.

The only thing you need to download if your running windows client on your laptop is the inline ovpn file. It will have everything you need.

I would setup sistershouse and your house vpn server. From your laptop gui client you just need to pick the one you want..

Just rename the ovpn files to whatever you want before you place them in your config dir of your openvpn client.

Here I grabbed the opvn files from 2 of my servers. Placed them in the config directly after I renamed them to sisters and mikes.

It is that simple..

comet424

not at home to test but
ya laptop is running windows 10...
and when I click the export I click the windows vista or later button that is the EXE file and when installs creates the 3 files..

to get the tls and the registration file in the config file.. is that the bundled button to hit in the export or I read inline..

Ill try that when I get home

thanks for the help so far

comet424

as for the site to site I want that too..

so I want when my unraid box syncs with my sisters unraid box.. that pfsense would do site to site. then when unraid is done it would disconnect the site to site session

but on the laptop I want to be say I at friends house or a starbucks that I can access either network via laptop

comet424

so what im doing currently is the remote access vpn setting it up on 1 laptop both pfsenses.. and I get the 3 files generated twice but over writes the TLS key file since they both basically the same setup

comet424

so

mitchsserver mikesserver

mitchsCA mikesCA
mitchsserver Cert mikesserver Cert
user name mike user name mike

when I create user cert then I get "sdafas" because i found whatever the description and you have to give one under "user" when you create a cert has to be something or it doesn't create a user cert... so both have a user cert called "asdf" something like that as i didn't wanna give a description

then all said and done i went down to opnvpn and client export
and i click Vista or later button downloads the exe file it installs 3 files
but since both servers give the same files it over writes the key file and the personal file after i rename the open config file to either mikeshouse config or mitchshouse config

hope i summed it better

comet424

ugh the spacing didn't show up properly and i underlined mitchsserver and mikes server and it bolded it frig not what i wanted.. you need to add spaces between them below it

johnpoz

you don't need the EXE!!! Just install the client from openvpn site... Then export your inline ovpn..

That is suppose to make it easy to give out the exe to someone so they don't have to do anything but run an exe and it will be already for them to connect to 1 specific server.

Lets get your roadwarrior setup working before we work on a site to site. Why does it have to go down? Just easier to set it up and leave it up - then your unraids can sync whenever they want/need to.

comet424

well I wouldn't know i chose vista install exe because it says windows... and the inline says for android or apple.. is it not ill check it shortly i be home

but ill take a lot guess there is 3rd option then for windows
but as for to turn it down.. how much data does it use to keep open vpn connected?

my internet is a 5mpbs download and a 400-500kilobites upload if it doesn't use much data to slow my internet down more then what i have then ill just leave it connected all the time then for that site to site as i trying to setup also NordVpn for a secure web browsing for pfsense trying there 3 day trial and having issues with it but that's another topic lol

johnpoz

See the one that says most clients, that will work just fine on windows..

With such a connection I don't see how your going to be syncing any sort of data.. Be like watching paint dry ;)

How much data do you plan on syncing? But just the vpn open doesn't use much of anything..

comet424

oooh ok and here I been using the windows vista and later as it said windows... ill give it a try and let you know when I get home
I really appreciate it