Openvpn configuration file
-
Hello friends! :)
I am newcomer to pfsense and I do not know how to configure with the configuration file in the bottom of this message.
The opnevpn client for WIndows works correctly with this settings.
Please help me to set up connection.
And where is server certificate I meant the begin and end.Andrew
client
dev tap
remote xxxxxxxxx 993
proto tcp-client
remote-cert-tls server
auth-user-pass
tls-client
pull
persist-key
resolv-retry infinite
reneg-sec 0
verb 3
script-security 2 system
auth-nocache
route-delay 2
redirect-gateway def1<ca>–---BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
MDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQD
ExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+Bstjx
T9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxx
XDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpL
OQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/
UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq
+jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEG
MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpM
EjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3
dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0
cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8w
LQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAf
BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOC
AQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/
UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61
VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKb
WSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQ
OGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l
+MPpZqmyIJ3E+LgDYqeF0RhjWw==
-----END CERTIFICATE-----</ca> -
Here is the how to
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server
I cant configure TAP device on OpenVPN server, it says a "Exiting due to fatal error" and the service doesn´t run.
I´m running pfsense 2.2.4, and I´ve read that there is not the best option for work with ovpn (here is the topic https://forum.pfsense.org/index.php?topic=99536.0), I´ll try with 2.1.5 to compare the performance and check if this particular situation with TAP device doesn´t exist in that version
I´ve implemented a OpenVPN server, TUN device, TCP protocol, and roadwarrior clients, so I can access LAN resources (shared directories, mapping hosts by IP address), with no problem, and of course can ping any device on the LAN, this cover my need.
Of course, by my client I can access local resources, but it can´t be done backward (local client cant ping vpn client)
Regards.-
-
ok, I will try to understand
but where is the certificate(key) of server in my configuration file?
is there here or not
I misunderstood.
In previous topic I meant when pfsense connects as a client to another server.
On the one side is Linux based Opnevpn server on the other side pfsense.
if I understand pfsense rules correctly it is not remote access to openvpn service -
Ok understood your situation, you want to configure pfsense like a client, I have not done this before
Im not a experienced user, these instructions are what I would do, follow these steps on your own risk :o :o :o
Looking on my pfsense, I found an option to import certificates, I think that you must identificate the "Certificate data" and "Private key data", those are the name of the fields on "Import an existing certificate" on System>Certificate Manager>Certificate tab
I put your information on this fields and thats generated a certificate with this information
OU=Root CA, O=GlobalSign nv-sa, CN=GlobalSign Root CA, C=BE
Valid From: Tue, 01 Sep 1998 12:00:00 +0000
Valid Until: Fri, 28 Jan 2028 12:00:00 +0000If the certificate has been imported correctly, then you must configure the client, go to VPN>OpenVPN>Client tab, click on add (+) and set the parameters of the server, and select the recently imported certificate as "Client certificate"
Keep me posted if that works
Greetings and successes
-
ok, thank you for support.
Where can I get server certificate, information,which I posted two days ago is only all what I have.
I have to connect to another vpn server which supports other company I do not have any access to server.
I have asked support to provide me keys and so on but unfortunatelly I have not answer still now.
Where can I find certificate of server in configuration file?
How can you extract this information@@@
OU=Root CA, O=GlobalSign nv-sa, CN=GlobalSign Root CA, C=BE
Valid From: Tue, 01 Sep 1998 12:00:00 +0000
Valid Until: Fri, 28 Jan 2028 12:00:00 +0000 @@@ ?from my file?
In my opinion there are two certificate because there two @end@ and @finish@.
sorry for dummy question :)
andrew
-
You cant get server certificate unless you have a server, this is not your case, you must have a client certificate
Do you have a pfsense installed? did you understand what I said on previous post?
-
The first begin and end is for the "Certificate data", the second is for "Private Key" both are necessary for import a valid certificate.
That´s how I got the info of Certificate 8)
-
thanks
now I wll test