Openvpn configuration file

tv.andrey

Hello friends! :)

I am newcomer to pfsense and I do not know how to configure with the configuration file in the bottom of this message.
The opnevpn client for WIndows works correctly with this settings.
Please help me to set up connection.
And where is server certificate I meant the begin and end.

Andrew

client
dev tap
remote xxxxxxxxx 993
proto tcp-client
remote-cert-tls server
auth-user-pass
tls-client
pull
persist-key
resolv-retry infinite
reneg-sec 0
verb 3
script-security 2 system
auth-nocache
route-delay 2
redirect-gateway def1

<ca>–---BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

ega

Here is the how to

https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

I cant configure TAP device on OpenVPN server, it says a "Exiting due to fatal error" and the service doesn´t run.

I´m running pfsense 2.2.4, and I´ve read that there is not the best option for work with ovpn (here is the topic https://forum.pfsense.org/index.php?topic=99536.0), I´ll try with 2.1.5 to compare the performance and check if this particular situation with TAP device doesn´t exist in that version

I´ve implemented a OpenVPN server, TUN device, TCP protocol, and roadwarrior clients, so I can access LAN resources (shared directories, mapping hosts by IP address), with no problem, and of course can ping any device on the LAN, this cover my need.

Of course, by my client I can access local resources, but it can´t be done backward (local client cant ping vpn client)

Regards.-

tv.andrey

ok, I will try to understand

but where is the certificate(key) of server in my configuration file?
is there here or not
I misunderstood.
In previous topic I meant when pfsense connects as a client to another server.
On the one side is Linux based Opnevpn server on the other side pfsense.
if I understand pfsense rules correctly it is not remote access to openvpn service

ega

Ok understood your situation, you want to configure pfsense like a client, I have not done this before

Im not a experienced user, these instructions are what I would do, follow these steps on your own risk :o :o :o

Looking on my pfsense, I found an option to import certificates, I think that you must identificate the "Certificate data" and "Private key data", those are the name of the fields on "Import an existing certificate" on System>Certificate Manager>Certificate tab

I put your information on this fields and thats generated a certificate with this information

OU=Root CA, O=GlobalSign nv-sa, CN=GlobalSign Root CA, C=BE
Valid From: Tue, 01 Sep 1998 12:00:00 +0000
Valid Until: Fri, 28 Jan 2028 12:00:00 +0000

If the certificate has been imported correctly, then you must configure the client, go to VPN>OpenVPN>Client tab, click on add (+) and set the parameters of the server, and select the recently imported certificate as "Client certificate"

Keep me posted if that works

Greetings and successes

tv.andrey

ok, thank you for support.

Where can I get server certificate, information,which I posted two days ago is only all what I have.
I have to connect to another vpn server which supports other company I do not have any access to server.
I have asked support to provide me keys and so on but unfortunatelly I have not answer still now.
Where can I find certificate of server in configuration file?
How can you extract this information

@@@
OU=Root CA, O=GlobalSign nv-sa, CN=GlobalSign Root CA, C=BE
Valid From: Tue, 01 Sep 1998 12:00:00 +0000
Valid Until: Fri, 28 Jan 2028 12:00:00 +0000 @@@ ?

from my file?

In my opinion there are two certificate because there two @end@ and @finish@.

sorry for dummy question :)

andrew

ega

You cant get server certificate unless you have a server, this is not your case, you must have a client certificate

Do you have a pfsense installed? did you understand what I said on previous post?

ega

The first begin and end is for the "Certificate data", the second is for "Private Key" both are necessary for import a valid certificate.

That´s how I got the info of Certificate 8)

tv.andrey

thanks

now I wll test