Pfsense and openvpn for new users tutorial <– with Site-To-Site now
-
updatet the documentation with the suggestions of Mr. Ullrich, and as expected
everything works fine after doing that. Pfsense can handle the tun0 stuff by itself
so everything is even easier now.I scanned through it rather quickly but everything looks good at first glance.
I'll let someone more experienced with OpenVPN chime in, I just knew that tunX stuff was wrong.
-
removed the BETA tag, everything works as supposed here with that configuration.
-
updated the tutorial, Hernan Maslowski submitted "Easy-RSA on Windows",
you can download the latest Version at:http://www.uplinksecurity.de/data/pfsense-ovpn.pdf
mods, please add this to the tutorial section, you may link
directly if you like to. -
On page 15, Firewall: Rules
there is still an OVPN1 tag. On my system there is no tag, is this generated automatically? Or have you still assigned the tun interface? This is not possible any more and causes problems.
-
damn, i already cutted that, how the f*** does it made it in there again!?
Thanks, naturally thats crap. I fixed it.
-
dairaen
Nice work on the documentation, I wish it would of been around before I set it up (would of made it easier).
This will be very helpfull for users who want to setup Openvpn on Pfsense. -
cheers,
new version online, since ppl still seem to have
problems with OpenVPN i added "Site-to-Site" VPN, any volunteers
are welcome to verify the new section. -
sorry, uploaded a wrong version, please download again if you did,
a screenshot and some ip-adresses were wrong. -
Thanks for doing this! I have posted this to the tutorials section. Just let me know when to update it.
-
sorry, small update (should be the last for a while)
- removed the snapshot and RC stuff and advised ppl to use 1.0 Release.
- fixed some typos
- fixed some formatting stuff (i will never use Word & images again…)
And there is a small typo in your tutorial section, "warrior" is mispelled.
http://www.uplinksecurity.de/data/pfsense-ovpn.pdf
keep on ;)
-
dairaen, thanks a million you are the MAN!
Hunter
-
Tutorial sync'd on pfSense.com
-
cheers,
updated some parts to prevent further problems like:
http://forum.pfsense.org/index.php/topic,2448.0.htmlAs usual, latest version is found here:
http://www.uplinksecurity.de/data/pfsense-ovpn.pdfkeep on & kind regards
dairaen -
pfSense openvpn tutorial sync'd.
Thanks!
-
cheers,
again some updates:
- added a FAQ section at the bottom with solutions to the latest
postings - added link to "my certificate wizard"
http://www.uplinksecurity.de/data/pfsense-ovpn.pdf
kind regards
dairaen - added a FAQ section at the bottom with solutions to the latest
-
again some updates:
kind regards
dairaenThanks for your work! We really appreciate your help on this! :D
-
File in the tutorial section has been sync'd. Thanks!
-
For first time: sorry for my english ::)
Second: little problem
I've log in my pfsense by putty (for windows)
Option 8 (Shell)
down penvpn-2.0.9.tar.gz
tar -xvzf openvpn-2.0.9.tar.gz
cd openvpn-2.0.9
cd easy-rsa
vi vars
[…] After that some scripts need to be executed, if asked for “Common Name” enter
the hostname you used in “General Setup” this time. Here are my keystrokes:
[/tmp/openvpn-2.0.8/easy-rsa]# source ./vars […]source ./vars
export: Command not found.
D: Undefined variable.Why?
My Vars file:
_# NOTE: If you installed from an RPM,don't edit this file in place in
/usr/share/openvpn/easy-rsa –
instead, you should copy the whole
easy-rsa directory to another location
(such as /etc/openvpn) so that your
edits will not be wiped out by a future
OpenVPN package upgrade.
This variable should point to
the top level of the easy-rsa
tree.
export D=
/tmp/This variable should point to
the openssl.cnf file included
with easy-rsa.
export KEY_CONFIG=$D/openssl.cnf
Edit this variable to point to
your soon-to-be-created key
directory.
WARNING: clean-all will do
a rm -rf on this directory
so make sure you define
it correctly!
export KEY_DIR=$D/keys
Issue rm -rf warning
echo NOTE: when you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
Increase this to 2048 if you
are paranoid. This will slow
down TLS negotiation performance
as well as the one-time DH parms
generation process.
export KEY_SIZE=1024
These are the default values for fields
which will be placed in the certificate.
Don't leave any of these fields blank.
export KEY_COUNTRY=KG
export KEY_PROVINCE=NA
export KEY_CITY=BISHKEK
export KEY_ORG="OpenVPN-TEST"
export KEY_EMAIL="me@myhost.mydomain"_I must tell too:
D=5
D=5: Command not found.
while if I make 'D=5' on other shell (like ubuntu o similar) I write a variable.
I'm niubby for linux but I think that the Shell from prompt is'nt usually shell!
Help me!
-
you use a TAP device but have to use a TUN device
if you use the redirect it has to like like this:
push "redirect-gateway def1"
push "dhcp-option DNS x.x.x.x"you push the custom DNS since the clients loose their route to their local DNS after the redirect is in place.
-
I followed the instructions on setting up remote VPN's and it worked wonderfully. I am having one problem though - i have come back to create a new client cert using build-key but when i run it i am getting an error listing a bunch of options - almost like it doesn't know what to do. Does anyone have any suggestions on what I might do to be able to build a new key that will connect to our existing server (and its already generated keys)? I know all of the files that were originally generated still exist.
