Success using Klaus F's TUVPN instructions to set up OpenVPN for PureVPN
-
How to set up PureVPN tunnel on a pfSense 2.2.6-RELEASE (amd64) firewall using OpenVPN
I had trouble getting PureVPN working with my pfSense firewall using OpenVPN. The official PureVPN instructions were incomplete and did not walk you thru setting up the firewall rules, etc. I was successful by using the TUVPN instructions posted by Klaus F. and making some adjustments. :)
For these same instructions with a few graphsics, click on:
https://obitori.org/dox/OpenVPN4PureVPN.pdf
Get your keys and certs by downloading them from here:
https://s3-us-west-1.amazonaws.com/heartbleed/ios/ios-files.zip(Odd URL, I agree, but it is the official link for the PureVPN instructions on OpenVPN. ??? The link comes from the official instructions here: https://support.purevpn.com/pfsense-openvpn-configuration-guide. :P)
Follow these instructions on setting up an OpenVPN link with TUVPN:
https://doc.pfsense.org/Create-OpenVPN-client-to-TUVPNcom.pdf
Thanks to Klaus F. for posting them! https://forum.pfsense.org/index.php?topic=57180.0 :D
Things that needed to be changed to work with PureVPN:
1. Wherever it says TUVPN, I substituted PureVPN.
2. Substitute the file named client.crt for the file called usuario.crt.
3. Substitute the file named client.key for the file called usuario.key.
4. Skip Page 6 (#4 Login File). Use the Username/Passwd box on pfSense to input the PureVPN username and password. You will see this box in the VPN-→OpenVPN screen. So, when you input the PureVPN server info, go down to the section titled, “USER AUTHENTICATION SETTINGS”, and input your username and password in the appropriate dialog boxes. Done!
5. On page 8 (instructions for #5, OpenVPN Client), substitute the file named, “wdc.key” for the file called “ta.key”
6. Uncheck the “Infinitely Resolve Server” option.
7. Check the AES-256-CBC (256-bit) encryption algorithm.
8. Check Compression: Enabled with Adaptive Compression
9. Do not paste any instructions into the Advanced Box.
Here is what my OpenVPN client for PureVPN looks like:
See the PDF at: https://obitori.org/dox/OpenVPN4PureVPN.pdf
[FYI, you can selectively add advanced options back in after you get the VPN up and running. However, if you skipped page 6's set up of the password file, you do not need, “auth-user-pass /conf/TUVPN.pas”. Instead, I used the new USER/PASS input settings on this same page and that worked.]
10. On page11, Step #7 – Firewall, the instructions tell you to click on Manual Outbound NAT rule generation (AON – Advanced Outbound NAT), which I did, but I did not find any rules for PureVPN. I went to the + button next to each rule that existed and copied it. In the copy, I changed the interface to PUREVPN and changed the description to note that it was a rule for the virtual VPN interface, PUREVPN, and not for the WAN (from which it was copied.)
11. On page 16, Step #8 – Gateway, When I edited the PureVPN gateway (from System-→Routing), I clicked and enabled the option, “Default Gateway”.
12. The directions on page 18, Step #9 – General Setup, instruct you to choose WAN for the “Use Gateway”. I think this means that your DNS queries go outside your VPN and this is not what I wanted. I selected PUREVPN and it worked. I ended up just leaving them as “none”, which I believe means that your DNS queries go over the same interface that the other data sessions use (the default gateway).
So, with all this, the PureVPN is up and working for me. The speed for a local node is satisfactorily fast and I am a happy customer now. (UK node from USA east coast was not fast enough.)
If this clueless noob can do it, so can you! 8)
Now, the tricky part is to turn it off:
https://forum.pfsense.org/index.php?topic=76734.0#top
I ran into the same problems as above…Well, the local node is fast enough, so I will punt for now.
-
Which version of pfSense are you using? I'm trying to configure a similar setup, but I haven't been able to get it to work with pfSense 2.2.6.
-
2.2.6-RELEASE (amd64)
Looks like the same as you…It worked for me. Good luck. If you bump into any problems, please post. Will try to be helpful...but am new at this myself.
-
Did you have to do anything special to configure the VPN gateway? Mine is getting an IP assigned from the VPN server at the other end, but the gateway always shows it is offline.
The gateway log shows:
apinger: ALARM: STRONGVPN_VPNV4(10.8.4.165) *** down ***