Openvpn access server, community version - client login from pfsense?
-
So I have a couple of lowend vps, and can install the openvpn as package, and click click can get an openvpn client running on windows working by just download loading the autologin profile for the user. This works for what I need them for, since really only need the vpn connection when the pipe to EU using comcast during primetime blows chunks.. So route my traffic through a lowend vps on my client and get the bandwidth I need to my server in NL. But would be nice to setup the connection in pfsense and be able to route just traffic through it based upon destination IP.. Then prob just leave it on all the time, etc.
So here is what the the .ovpn file looks like
Automatically generated OpenVPN client config file # Generated on Fri Feb 21 00:58:19 2014 by <snipped># Note: this config file contains inline private keys # and therefore should be kept confidential! # Note: this configuration is user-locked to the username below # OVPN_ACCESS_SERVER_USERNAME=username # Define the profile name of this particular configuration file # OVPN_ACCESS_SERVER_PROFILE=username@<snipped>.192/AUTOLOGIN # OVPN_ACCESS_SERVER_AUTOLOGIN=1 # OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True # OVPN_ACCESS_SERVER_WSHOST=<snipped>.192:443 # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START # -----BEGIN CERTIFICATE----- # MIIB/TCCAWagAwIBAgIEUwbqczANBgkqhkiG9w0BAQUFADA6MTgwNgYDVQQDEy9P <snipped># 9+raOGdiw4kk6AoJrnY8aYNROP3g2c5GwBFVMb/maUER # -----END CERTIFICATE----- # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP # OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1 # OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc. setenv FORWARD_COMPATIBLE 1 client server-poll-timeout 4 nobind remote <snipped>.192 1194 udp remote <snipped>.192 443 tcp dev-type tun ns-cert-type server reneg-sec 604800 sndbuf 100000 rcvbuf 100000 # NOTE: LZO commands are pushed by the Access Server at connect time. # NOTE: The below line doesn't disable LZO. comp-lzo no verb 3 setenv PUSH_PEER_INFO <ca>-----BEGIN CERTIFICATE----- MIIBszCCARygAwIBAgIEUwbqbjANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpP <snipped>3MRKc/K/qw== -----END CERTIFICATE-----</snipped></ca> <cert>-----BEGIN CERTIFICATE----- MIIBxzCCATCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpPcGVu <snipped>AN2Mg+B/TeDbM8fwA31m0jJaN1ld/zNwfRmC -----END CERTIFICATE-----</snipped></cert> <key>-----BEGIN PRIVATE KEY----- MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOooZQQ+FFQpCCUg <snipped>vyK/Lobsgan6 -----END PRIVATE KEY-----</snipped></key> key-direction 1 <tls-auth># # 2048 bit OpenVPN static key (Server Agent) # -----BEGIN OpenVPN Static key V1----- c974f3939fa1d32b26434a0b9aa6fed7 <snipped>7b15ea4ff1697e7b19cd67990c949c15 -----END OpenVPN Static key V1-----</snipped></tls-auth> ## -----BEGIN RSA SIGNATURE----- ## DIGEST:sha256 ## GekWFUES54lwhLZdaCRBAoJUbj3aObD3YaG7d6JtDnd1fYC8oM <snipped>## 8dT4a0Lw41YUvdJJL2iyM= ## -----END RSA SIGNATURE----- ## -----BEGIN CERTIFICATE----- ## MIIB5jCCAU+gAwIBAgIEUwbqdDANBgkqhkiG9w0BAQUFADA6MTgwNgYDVQQDEy9P <snipped>## S2Umksxn/4HTuQ== ## -----END CERTIFICATE----- ## -----BEGIN CERTIFICATE----- ## MIIB/TCCAWagAwIBAgIEUwbqczANBgkqhkiG9w0BAQUFADA6MTgwNgYDVQQDEy9P <snipped>## 9+raOGdiw4kk6AoJrnY8aYNROP3g2c5GwBFVMb/maUER ## -----END CERTIFICATE-----</snipped></snipped></snipped></snipped></snipped></snipped></snipped></snipped></snipped>
I have tried creating the certs individual certs via instructions here, and using them http://docs.openvpn.net/administration-guide/cli-command-line-interface/extracting-separate-certificate-files-for-a-user/
-rw-r–r-- 1 root root 652 Feb 23 12:40 ca.crt
-rw-r--r-- 1 root root 676 Feb 23 12:40 client.crt
-rw------- 1 root root 916 Feb 23 12:40 client.key
-rw-r--r-- 1 root root 3927 Feb 23 12:40 client.ovpn
-rw------- 1 root root 651 Feb 23 12:40 ta.keythat ovpn looks a bit different
# Automatically generated OpenVPN client config file # Generated on Sun Feb 23 12:40:33 2014 by username # Note: this configuration is user-locked to the username below # OVPN_ACCESS_SERVER_USERNAME=username # Define the profile name of this particular configuration file # OVPN_ACCESS_SERVER_PROFILE=username@<snipped>.192/AUTOLOGIN # OVPN_ACCESS_SERVER_AUTOLOGIN=1 # OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True # OVPN_ACCESS_SERVER_WSHOST=<snipped>.192:443 # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START # -----BEGIN CERTIFICATE----- # MIIB9zCCAWCgAwIBAgIEUGlF3TANBgkqhkiG9w0BAQUFADA3MTUwMwYDVQQDEyxP <snipped># WP1puOJyk4uKumLuCzE5hY/qvJjJRudT4VVQ # -----END CERTIFICATE----- # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP # OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1 # OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc. setenv FORWARD_COMPATIBLE 1 client server-poll-timeout 4 nobind remote <snipped>.192 1194 udp remote <snipped>.192 443 tcp dev-type tun ns-cert-type server reneg-sec 604800 sndbuf 100000 rcvbuf 100000 # NOTE: LZO commands are pushed by the Access Server at connect time. # NOTE: The below line doesn't disable LZO. comp-lzo no verb 3 setenv PUSH_PEER_INFO ca ca.crt cert client.crt key client.key tls-auth ta.key 1 ## -----BEGIN RSA SIGNATURE----- ## DIGEST:sha256 ## WpS5pQ41YOLfWiiDMOOM4JrY7W5+vWu4lLEh/ccvAuvZ2F6E9l <snipped>## YFRwcscBqHKB7mHyysZKI= ## -----END RSA SIGNATURE----- ## -----BEGIN CERTIFICATE----- ## MIIB4DCCAUmgAwIBAgIEUGlF3jANBgkqhkiG9w0BAQUFADA3MTUwMwYDVQQDEyxP <snipped>## hEhDoQ== ## -----END CERTIFICATE----- ## -----BEGIN CERTIFICATE----- ## MIIB9zCCAWCgAwIBAgIEUGlF3TANBgkqhkiG9w0BAQUFADA3MTUwMwYDVQQDEyxP <snipped>## WP1puOJyk4uKumLuCzE5hY/qvJjJRudT4VVQ ## -----END CERTIFICATE-----</snipped></snipped></snipped></snipped></snipped></snipped></snipped></snipped>
Gone through the pinned how tos, and just doesn't really line up and can not get it working. If someone can point me to how you use an autologin profile - or the name profile to the openvpn access server.
https://openvpn.net/index.php/access-server/overview.html
You have full control over the server side.. You can download different profiles, etc. If someone can point me in the right direction to get this connected I will be very happy to put together a full howto, etc with pretty pictures, etc. etc.
Lowend vps make for great vpn exits, for $15 a year you can get 500GB transfer a month, etc.
running
2.1.1-PRERELEASE (i386)
built on Thu Feb 13 13:59:46 EST 2014
FreeBSD 8.3-RELEASE-p14