OVPN File to pfSense
-
All,
I have a pfsense router that has a couple of tunnels setup already with OpenVPN and I want to add another. I freely admit that I religiously followed a guide previously - but I cannot find the guide any longer. Also, things are subtly different with this config.
The existing tunnels are set up as anonomizers and route all traffic hitting the FW through an external VPN. This works
The new tunnel is into a single NAS device at work running openvpn server (its a Synology BTW) and is there purely to allow me to mirror a folder and its subfolders at home (so I can work there). Its not there for any other purpose.
I have the following files:
servername.ovpn - see redacted version below
ca.crt a duplicate of the second cert in the ovpn file.
ca_bundle.crt a duplicate of the certs in the ovpn fileAt this stage - what I don't know understand what to do with the certificates. I seem to have two certificates duplicated multiple times.
Any help?
Regards
Sean
The redacted .ovpn file is here:
dev tun
tls-clientremote xxxxxxxxxxxxxxx nnnn
pull
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
Cert Gubbins here
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Cert gubbins here
-----END CERTIFICATE-----</ca>
-
What is the actual problem you are having? Does the tunnel not connect? Does it connect but no traffic? Does it connect and has traffic but no DNS? You made sure your tunnel network was unique from local and remote networks, including your other VPN networks?
-
No problem yet. I was hoping someone might be able to tell me which cert was what and where it goes in pfsense, I have tried looking up the config of the ovpn config file, but there seem to be different varients and clearly my google fu is failing me
Sean
-
You need to go to the Certificate Manager and add your VPN's CA certificate authority cert there first. Make sure you set the Method to Import an existing Certificate Authority. Paste your CA cert under Certificate Data then Save. The cert includes the starting and ending dashes so make sure to include those.
Now you can run the wizard under VPN - OpenVPN - Clients. Most fields are self-explanatory. Go through it and see what happens. Come back if you have questions or problems.