OVPN File to pfSense



  • All,

    I have a pfsense router that has a couple of tunnels setup already with OpenVPN and I want to add another. I freely admit that I religiously followed a guide previously - but I cannot find the guide any longer. Also, things are subtly different with this config.

    The existing tunnels are set up as anonomizers and route all traffic hitting the FW through an external VPN. This works

    The new tunnel is into a single NAS device at work running openvpn server (its a Synology BTW) and is there purely to allow me to mirror a folder and its subfolders at home (so I can work there). Its not there for any other purpose.
    I have the following files:
    servername.ovpn - see redacted version below
    ca.crt a duplicate of the second cert in the ovpn file.
    ca_bundle.crt a duplicate of the certs in the ovpn file

    At this stage - what I don't know understand what to do with the certificates. I seem to have two certificates duplicated multiple times.

    Any help?

    Regards

    Sean

    The redacted .ovpn file is here:

    dev tun
    tls-client

    remote xxxxxxxxxxxxxxx nnnn

    pull

    proto udp

    script-security 2

    comp-lzo

    reneg-sec 0

    cipher AES-256-CBC

    auth SHA512

    auth-user-pass
    <ca>
    -----BEGIN CERTIFICATE-----
    Cert Gubbins here
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    Cert gubbins here
    -----END CERTIFICATE-----

    </ca>



  • What is the actual problem you are having? Does the tunnel not connect? Does it connect but no traffic? Does it connect and has traffic but no DNS? You made sure your tunnel network was unique from local and remote networks, including your other VPN networks?



  • No problem yet. I was hoping someone might be able to tell me which cert was what and where it goes in pfsense, I have tried looking up the config of the ovpn config file, but there seem to be different varients and clearly my google fu is failing me

    Sean



  • You need to go to the Certificate Manager and add your VPN's CA certificate authority cert there first. Make sure you set the Method to Import an existing Certificate Authority. Paste your CA cert under Certificate Data then Save. The cert includes the starting and ending dashes so make sure to include those.

    Now you can run the wizard under VPN - OpenVPN - Clients. Most fields are self-explanatory. Go through it and see what happens. Come back if you have questions or problems.


Log in to reply