How to import credentials to activate OpenVPN Client

WhiteTiger-IT · Dec 9, 2020, 9:56 PM

I have recently been working with pfSense and it is the first time that I have configured an OpenVPN client in pfSense.
I need to activate an OpenVPN client.
They sent me:

An opnv file

or, separately the files for:

Authority (ca.crt)
Client Cert (My-ID.crt)
Client Key (My-ID.key)

After that they provided me with this information:

Remote Address fqdn
Port 1194
router tun
Protocol udp
Compress none
Local IP 10.x.y.z / 24

But I didn't understand where and how to insert in pfSense.
Thanks in advance for the help.
==== Update ====
I did these operations:
I opened the two crt files with an editor and copied the contents of the key:
----- BEGIN CERTIFICATE -----
key
----- END CERTIFICATE -----
In System/Certificate Manager/Certificates
and in VPN/OpenVPN/Clients

Here I then set:
Protocol = UDP
Device mode = tun
Interface = WAN
Server host or address =the fqdn
IPv4 Tunnel Network = 10.x.y.z / 24

Finally I set up a rule in WAN and in OpenVPN

I think I've done everything right, but in Status/OpenVPN I see it's down.
Since the configuration is for a Client, I should be the one to activate the connection, but where?

viragomann · Dec 9, 2020, 10:28 PM

@whitetiger-it said in How to import credentials to activate OpenVPN Client:

Authority (ca.crt)
Client Cert (My-ID.crt)
Client Key (My-ID.key)

These files can be imported using the cert manager. System > Certificate Manager
The CA on the CAs tab > hit Add, select "import an existing CA" and enter the content of the file in the data box.

The client cert and key can be imported in the same way, but on the Certificates tab.

Then go to VPN > OpenVPN > Clients and configure the client based on the information you got and on the ovpn file.
Since you haven't a username and pw select "Peer to peer (SSL/TLS)" mode.

Just this one

Local IP 10.x.y.z / 24

might be the tunnel network. You should leave this blank. It is given by the server.

After you have configured the the client go the Interface > Assignments and select the clients instance at "Available network ports:" (like ovpnc1), hit Add, open the interface, set a friendly name and enable it, save the settings.

Further step depends on what you intend to use the OpenVPN connection.

WhiteTiger-IT · Dec 9, 2020, 10:44 PM

@viragomann
Thanks for the reply.
Meanwhile, I had already updated my post with what I did.
I hadn't activated the interface, which I did after reading your answer.
Nevertheless in Status/OpenVPN it always remains on reconnecting; ping-restart
On the server site it appears that I have never connected.

With this service they should provide me with a Static IP since my ISP gives me a private IP and I cannot reach the servers even with a DDNS

viragomann · Dec 9, 2020, 10:53 PM

@whitetiger-it said in How to import credentials to activate OpenVPN Client:

Nevertheless in Status/OpenVPN it always remains on reconnecting; ping-restart

So there may be something wrong in the setup. Since I neither know what you have configured nor what you should configure, there is no way to give hints.
You may check the OpenVPN log for details what's wrong.

WhiteTiger-IT · Dec 10, 2020, 9:36 AM

@viragomann
Now it works and I have my Static IP, but another problem arises for which, however, I open a separate topic.
In the meantime, thanks for the help.