Pfsense and openvpn for new users tutorial <– with Site-To-Site now
-
cheers,
again some updates:
- added a FAQ section at the bottom with solutions to the latest
postings - added link to "my certificate wizard"
http://www.uplinksecurity.de/data/pfsense-ovpn.pdf
kind regards
dairaen - added a FAQ section at the bottom with solutions to the latest
-
again some updates:
kind regards
dairaenThanks for your work! We really appreciate your help on this! :D
-
File in the tutorial section has been sync'd. Thanks!
-
For first time: sorry for my english ::)
Second: little problem
I've log in my pfsense by putty (for windows)
Option 8 (Shell)
down penvpn-2.0.9.tar.gz
tar -xvzf openvpn-2.0.9.tar.gz
cd openvpn-2.0.9
cd easy-rsa
vi vars
[…] After that some scripts need to be executed, if asked for “Common Name” enter
the hostname you used in “General Setup” this time. Here are my keystrokes:
[/tmp/openvpn-2.0.8/easy-rsa]# source ./vars […]source ./vars
export: Command not found.
D: Undefined variable.Why?
My Vars file:
_# NOTE: If you installed from an RPM,don't edit this file in place in
/usr/share/openvpn/easy-rsa –
instead, you should copy the whole
easy-rsa directory to another location
(such as /etc/openvpn) so that your
edits will not be wiped out by a future
OpenVPN package upgrade.
This variable should point to
the top level of the easy-rsa
tree.
export D=
/tmp/
This variable should point to
the openssl.cnf file included
with easy-rsa.
export KEY_CONFIG=$D/openssl.cnf
Edit this variable to point to
your soon-to-be-created key
directory.
WARNING: clean-all will do
a rm -rf on this directory
so make sure you define
it correctly!
export KEY_DIR=$D/keys
Issue rm -rf warning
echo NOTE: when you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
Increase this to 2048 if you
are paranoid. This will slow
down TLS negotiation performance
as well as the one-time DH parms
generation process.
export KEY_SIZE=1024
These are the default values for fields
which will be placed in the certificate.
Don't leave any of these fields blank.
export KEY_COUNTRY=KG
export KEY_PROVINCE=NA
export KEY_CITY=BISHKEK
export KEY_ORG="OpenVPN-TEST"
export KEY_EMAIL="me@myhost.mydomain"_I must tell too:
D=5
D=5: Command not found.
while if I make 'D=5' on other shell (like ubuntu o similar) I write a variable.
I'm niubby for linux but I think that the Shell from prompt is'nt usually shell!
Help me!
-
you use a TAP device but have to use a TUN device
if you use the redirect it has to like like this:
push "redirect-gateway def1"
push "dhcp-option DNS x.x.x.x"you push the custom DNS since the clients loose their route to their local DNS after the redirect is in place.
-
I followed the instructions on setting up remote VPN's and it worked wonderfully. I am having one problem though - i have come back to create a new client cert using build-key but when i run it i am getting an error listing a bunch of options - almost like it doesn't know what to do. Does anyone have any suggestions on what I might do to be able to build a new key that will connect to our existing server (and its already generated keys)? I know all of the files that were originally generated still exist.
-
if i remember right you just need to run the vars before using the build-key again.
-
Thanks… I tried that - no joy :-[
-
Can you describe the exact steps you took?
-
I ran it again, step by step, and its working now. It is simply running vars, then build-key <machinename>. Evidently I didn't type something correctly.
Thanks for your help. </machinename>
-
Hey Guys
The Link to this article is no longer working
http://www.uplinksecurity.de/data/pfsense-ovpn.pdf
Could the owner please update the link
Thanks
-
I already mailed him. No answer.
In the meantime you can find it here:
http://www.pfsense.org/mirror.php?section=tutorials/openvpn/pfsense-ovpn.pdfAlso note that on page 21 is a typo.
The field "Interface IP" should be 192.168.10.0/24 and NOT 192.168.1.0/24