Site-to-Site VPN

  • Is it possible to create a tunnel between an OpenVPN Access Server and pfsense (Netgate SG-8860)?

    I haven't been able to successfully establish the connection using Peer to peer SSL\TLS nor, peer to peer share key.

    the OpenVPN Access Server is installed on an AWS instance and we currently can connect using the vpn client but I wanted to create a point to point to our office pfsense.

    any info, I would appreciate.
    thank you

  • I followed this article step by step but still no luck

  • Rebel Alliance Developer Netgate

    OpenVPN access server is a special product by the folks that make OpenVPN. It's designed to use different clients/profiles than the OSS server (which is used by pfSense).

    Looking at it seems you would need to export a client profile from your access server and then open it in a text editor and try to setup pfSense to match the settings the server wants.

  • Thanks for the response. the server config file that I exported give me the Cert, CA, Cert key, and Static key pulse Extra user-defined configuration such as, cipher AES-128-CBC , DIGEST:sha256 , remote ... 1194 udp $ tcp , and the following that I am not sure how to utilize them:
    dev tun
    dev-type tun
    ns-cert-type server
    setenv opt tls-version-min 1.0 or-highest
    reneg-sec 604800
    sndbuf 0
    rcvbuf 0

    NOTE: LZO commands are pushed by the Access Server at connect time.

    NOTE: The below line doesn't disable LZO.

    comp-lzo no
    verb 3
    setenv PUSH_PEER_INFO

    I have the following for pfsense client:
    server mode = peer to peer ssl/tls
    protocol = udp
    device mode = tun layer 3
    interface = wan
    server host = public ip of openvpn server
    server port = 1194
    tls configuration = use a tls key is checked and tls key is there
    peer certificate authority = selected the CA from config file
    Client Certificate = the cert from config file
    Encryption algorithm = aes-128-cbc
    NCP Algorithms = aes-128-cbc
    auth digest = sha256

    I am not sure what else I should configure here.

  • Rebel Alliance Developer Netgate

    It looks similar there but between the formatting and other info it's hard to say.

    Compare the actual OpenVPN config file in the profile from the Access Server with the client configuration made by pfSense under /var/etc/openvpn/

Log in to reply