Site-to-Site VPN
-
Is it possible to create a tunnel between an OpenVPN Access Server and pfsense (Netgate SG-8860)?
I haven't been able to successfully establish the connection using Peer to peer SSL\TLS nor, peer to peer share key.
the OpenVPN Access Server is installed on an AWS instance and we currently can connect using the vpn client but I wanted to create a point to point to our office pfsense.
any info, I would appreciate.
thank you -
I followed this article step by step but still no luck https://chubbable.com/setup-pfsense-as-openvpn-client
-
OpenVPN access server is a special product by the folks that make OpenVPN. It's designed to use different clients/profiles than the OSS server (which is used by pfSense).
Looking at https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/ it seems you would need to export a client profile from your access server and then open it in a text editor and try to setup pfSense to match the settings the server wants.
-
Thanks for the response. the server config file that I exported give me the Cert, CA, Cert key, and Static key pulse Extra user-defined configuration such as, cipher AES-128-CBC , DIGEST:sha256 , remote ... 1194 udp $ tcp , and the following that I am not sure how to utilize them:
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0NOTE: LZO commands are pushed by the Access Server at connect time.
NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFOI have the following for pfsense client:
server mode = peer to peer ssl/tls
protocol = udp
device mode = tun layer 3
interface = wan
server host = public ip of openvpn server
server port = 1194
tls configuration = use a tls key is checked and tls key is there
peer certificate authority = selected the CA from config file
Client Certificate = the cert from config file
Encryption algorithm = aes-128-cbc
NCP Algorithms = aes-128-cbc
auth digest = sha256I am not sure what else I should configure here.
thanks, -
It looks similar there but between the formatting and other info it's hard to say.
Compare the actual OpenVPN config file in the profile from the Access Server with the client configuration made by pfSense under /var/etc/openvpn/
