OpenVpn on PF 2 B4 remote access for users



  • Hello All,

    I am setting OpenVpn for our branch users we are using Pfsense 2 B4 18 Nov release.

    There are few settings i didn't understand well, first one on the servers settings mod of auth and listen Port UDP or TCP as showing in first screen shoot.
    Second setting what should i export for user and how do i create the config file for user.

    Please advice

    Thanks





  • Rebel Alliance Developer Netgate

    UDP is best unless you have no choice.

    Auth mode is up to you, if you plan on making the users in the GUI and giving them certificates, then what you have (SSL/TLS + User Auth) is best.

    Go to System > Packages and install the OpenVPN Client Export package, then you can go to VPN > OpenVPN, and you'll have a Client Export tab, from there you can download a config file, or even an executable installer that preloads the certificates into the OpenVPN client software.



  • @jimp:

    UDP is best unless you have no choice.

    Auth mode is up to you, if you plan on making the users in the GUI and giving them certificates, then what you have (SSL/TLS + User Auth) is best.

    Go to System > Packages and install the OpenVPN Client Export package, then you can go to VPN > OpenVPN, and you'll have a Client Export tab, from there you can download a config file, or even an executable installer that preloads the certificates into the OpenVPN client software.

    Thank you works great :D ,
    Now only one last issue i cant connect local LAN's from remote host ,did i forget  settings i see that firewall rule were created access with no restriction maybe there routing missing somewhere?

    Thanks again


  • Rebel Alliance Developer Netgate

    If you have more than one subnet, you need to push more routes to the clients using the custom options box. There are multiple threads and documents about that here on the forum and on the doc wiki. If you are unable to resolve the situation, please start a new thread with an appropriate subject so that it will draw more attention.



  • @jimp:

    If you have more than one subnet, you need to push more routes to the clients using the custom options box. There are multiple threads and documents about that here on the forum and on the doc wiki. If you are unable to resolve the situation, please start a new thread with an appropriate subject so that it will draw more attention.

    Again thank you
    I added route under```
    Advanced configuration >push "route 192.115.37.0 255.255.255.0";

    work like a charm

Log in to reply