ExpressVPN with two subnets



  • Hi All

    I've had a request to post up how I did this so here it is:

    I'm using ExpressVPN but I've also used this to set up Buffered and StrongVPN with a few minor adjustments.

    I have an HP DL320 G5 that I use for a firewall and I've added a NIC card. The two NICs that are built into the server are WAN and LAN and the extra NIC is called WIRELESS.

    LAN is connected to my local switch (Catalyst 3560)

    WIRELESS is connected to a Cisco EA3500 wireless router in bridge mode connected to it.

    This way WIRELESS and LAN are completely separate and do not talk. They are also separate subnets.

    LAN is for my business, the server rack, a couple of desktops, printers, the telephony server and an internal web server/Postgresql database and finance package.

    WIRELESS is for the phones, e-readers, streaming media boxes, Rasberry Pis, laptops, and friends.

    First, go get the file from ExpressVPN.

    Go to: https://www.expressvpn.com

    click on "My Account" and then log in.

    click "Setup Express VPN" (green box)

    click :Manual Configuration" then expand the countries and pick your servers. I chose Denver for the USA and Vancouver for Canada.

    You should have two .ovpn files downloaded.

    Log into pfSense as admin.

    System/Certificate Magr/add
    -choose a name - ie ExpressVPNCM
    -open the appropriate .ovpn file and paste the dection between <ca>and</ca> as certificate data.
    -paste the RSA private key as cert private key

    System/Certificate Manager/Certificates/add
    -method=import
    -choose a name ie: ExpressVPNcert
    -paste the section between <cert>and</cert> as certificate data
    -open the appropriate .ovpn file and paste the dection between <ca>and</ca> as certificate data.
    -paste the RSA private key as cert private key

    VPN/OpenVPN/Clients/add
    -Server mode = Peer to Peer (SSL/TLS)
    -Protocol = UDP
    -Devicemode = tun
    -Interface = WAN
    -Server host or address= [the server name from the file ie usa-denver-ca-version-2.expressnetw.com]
    -Server Port = 1195 [from the file]
    -Description = ExpressVPNDenverClient
    -check = enable authentication of TLS packets
    -key = [paste openvpn static key section from file]
    -Peer cert authority = [from cert manager section 'ExpressVPNCM']
    -Client Certificate = [from Certificates section 'ExpressVPNcert']
    -Encryption Algorythm = [from file] AES-256-CBC
    -Auth digest Algorythm = [from file] SHA512
    -No Hardware Crypto Acceleration
    -Compression = enabled without adaptive
    -Custom options:
    tun-mtu 1500
    fragment 1300
    mssfix 1450
    keysize 256
    auth SHA512
    sndbuf 524288
    rcvbuf 524288

    Click SAVE

    Status/System Logs/OpenVPN

    last entry should be:

    Initialization Sequence Completed

    If this worked do it again for the second VPN server.



  • Crap!

    I just lost the second post because the software logged me out before I hit post, Now I'm pissed off so I'll continue this later…

    JayArr