Openvpn configuration file



  • Hello friends! :)

    I am newcomer to pfsense and I do not know how to configure with the configuration file in the bottom of this message.
    The opnevpn client for WIndows works correctly with this settings.
    Please help me to set up connection.
    And where is server certificate I meant the begin and end.

    Andrew

    client
    dev tap
    remote xxxxxxxxx 993
    proto tcp-client
    remote-cert-tls server
    auth-user-pass
    tls-client
    pull
    persist-key
    resolv-retry infinite
    reneg-sec 0
    verb 3
    script-security 2 system
    auth-nocache
    route-delay 2
    redirect-gateway def1

    <ca>–---BEGIN CERTIFICATE-----
    MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
    A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
    b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
    MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
    YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
    aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
    jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
    xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
    1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
    snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
    U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
    9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
    BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
    AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
    yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
    38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
    AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
    DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
    HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----
    MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG
    A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
    b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
    MDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQD
    ExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
    AQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+Bstjx
    T9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxx
    XDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpL
    OQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/
    UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq
    +jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEG
    MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpM
    EjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3
    dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0
    cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8w
    LQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAf
    BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOC
    AQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/
    UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61
    VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKb
    WSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQ
    OGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l
    +MPpZqmyIJ3E+LgDYqeF0RhjWw==
    -----END CERTIFICATE-----</ca>



  • Here is the how to

    https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

    I cant configure TAP device on OpenVPN server, it says a "Exiting due to fatal error" and the service doesn´t run.

    I´m running pfsense 2.2.4, and I´ve read that there is not the best option for work with ovpn (here is the topic https://forum.pfsense.org/index.php?topic=99536.0), I´ll try with 2.1.5 to compare the performance and check if this particular situation with TAP device doesn´t exist in that version

    I´ve implemented a OpenVPN server, TUN device, TCP protocol, and roadwarrior clients, so I can access LAN resources (shared directories, mapping hosts by IP address), with no problem, and of course can ping any device on the LAN, this cover my need.

    Of course, by my client I can access local resources, but it can´t be done backward (local client cant ping vpn client)

    Regards.-



  • ok, I will try to understand

    but where is the certificate(key) of server in my configuration file?
    is there here or not
    I misunderstood.
    In previous  topic I meant when pfsense connects as a client to another server.
    On the one side is Linux based Opnevpn server on the other side pfsense.
    if I understand pfsense rules correctly it is not remote access to openvpn service



  • Ok understood your situation, you want to configure pfsense like a client, I have not done this before

    Im not a experienced user, these instructions are what I would do, follow these steps on your own risk  :o :o :o

    Looking on my pfsense, I found an option to import certificates, I think that you must identificate the "Certificate data" and "Private key data", those are the name of the fields on "Import an existing certificate" on System>Certificate Manager>Certificate tab

    I put your information on this fields and thats generated a certificate with this information

    OU=Root CA, O=GlobalSign nv-sa, CN=GlobalSign Root CA, C=BE
    Valid From: Tue, 01 Sep 1998 12:00:00 +0000
    Valid Until: Fri, 28 Jan 2028 12:00:00 +0000

    If the certificate has been imported correctly, then you must configure the client, go to VPN>OpenVPN>Client tab, click on add (+) and set the parameters of the server, and select the recently imported certificate as "Client certificate"

    Keep me posted if that works

    Greetings and successes



  • ok, thank you for support.

    Where  can I get server certificate, information,which I posted two days ago is only all what I have.
    I have to connect to another vpn server which supports  other company  I do not have any access to server.
    I have asked support to provide me keys and so on but  unfortunatelly I have not answer still now.
    Where can I find certificate of server in configuration file?
    How can you extract this information

    @@@
    OU=Root CA, O=GlobalSign nv-sa, CN=GlobalSign Root CA, C=BE
        Valid From:  Tue, 01 Sep 1998 12:00:00 +0000
        Valid Until:  Fri, 28 Jan 2028 12:00:00 +0000 @@@ ?

    from my file?

    In my opinion there are two certificate because there two @end@ and @finish@.

    sorry for dummy question  :)

    andrew



  • You cant get server certificate unless you have a server, this is not your case, you must have a client certificate

    Do you have a pfsense installed? did you understand what I said on previous post?



  • The first begin and end is for the "Certificate data", the second is for "Private Key" both are necessary for import a valid certificate.

    That´s how I got the info of Certificate 8)



  • thanks

    now I wll test


Log in to reply