Setup & Configuration Of OpenVPN On Pfsense 2.0 RC3 Outline With the recent release of Pfsense 2.0 there has been a significant number of improvements to the OpenVPN component. In previous versions of Pfsense, the client, CA and server certificates had to be created on a client machine and then copied across to the relevant configuration panes in OpenVPN. The client configuration was not bundled as a package for download directly from the Pfsense web GUI, and instead resided on the workstation where the certificates were originally created. For subsequent OpenVPN clients to be created the process would have to be re-run each time on the same client machine. This process is now covered by the Pfsense 2.0 web GUI. The full list of OpenVPN changes are as follows:- OpenVPN wizard guides through making a CA/Cert and OpenVPN server, sets up firewall rules, and so on. Greatly simplifies the process of creating a remote access OpenVPN server. OpenVPN filtering – an OpenVPN rules tab is available, so OpenVPN interfaces don’t have to be assigned to perform filtering. OpenVPN client export package – provides a bundled Windows installer with certificates, Viscosity export, and export of a zip file containing the user’s certificate and configuration files. OpenVPN status page with connected client list — can also kill client connections User authentication and certificate management RADIUS and LDAP authentication support In this guide I will outline creating a new OpenVPN server with local user authentication under Pfsense 2.0 RC3. If you have upgraded from Pfsense 1.2.3 (as is the case for myself) and already have OpenVPN configured, I would suggest removing the existing server and starting from scratch to avoid configuration issues. I will also cover the installation of the OpenVPN client on Windows 7, Snow Leopard 10.6.8 and Ubuntu 11.04 Download & Install The OpenVPN Client Export Package The first step is to obtain the client export package, so that we can quickly export all of the required configuration files for our OpenVPN clients. Login to your Pfsense 2.0 GUI and navigate to System > Packages. Scroll down and select ‘OpenVPN Client Export Utility’ and run through the installation. Remove Legacy OpenVPN Server And Certificates
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Setup & Configuration Of OpenVPN On
Pfsense 2.0 RC3
Outline
With the recent release of Pfsense 2.0 there has been a significant number of improvements
to the OpenVPN component. In previous versions of Pfsense, the client, CA and server
certificates had to be created on a client machine and then copied across to the relevant
configuration panes in OpenVPN. The client configuration was not bundled as a package
for download directly from the Pfsense web GUI, and instead resided on the workstation
where the certificates were originally created. For subsequent OpenVPN clients to be
created the process would have to be re-run each time on the same client machine.
This process is now covered by the Pfsense 2.0 web GUI. The full list of OpenVPN
changes are as follows:-
OpenVPN wizard guides through making a CA/Cert and OpenVPN server, sets up
firewall rules, and so on. Greatly simplifies the process of creating a remote access
OpenVPN server.
OpenVPN filtering – an OpenVPN rules tab is available, so OpenVPN interfaces
don’t have to be assigned to perform filtering.
OpenVPN client export package – provides a bundled Windows installer with
certificates, Viscosity export, and export of a zip file containing the user’s
certificate and configuration files.
OpenVPN status page with connected client list — can also kill client connections
User authentication and certificate management
RADIUS and LDAP authentication support
In this guide I will outline creating a new OpenVPN server with local user authentication
under Pfsense 2.0 RC3. If you have upgraded from Pfsense 1.2.3 (as is the case for myself)
and already have OpenVPN configured, I would suggest removing the existing server and
starting from scratch to avoid configuration issues. I will also cover the installation of the
OpenVPN client on Windows 7, Snow Leopard 10.6.8 and Ubuntu 11.04
Download & Install The OpenVPN Client Export Package
The first step is to obtain the client export package, so that we can quickly export all of the
required configuration files for our OpenVPN clients.
Login to your Pfsense 2.0 GUI and navigate to System > Packages. Scroll down and select
‘OpenVPN Client Export Utility’ and run through the installation.
Remove Legacy OpenVPN Server And Certificates
I would highly recommend removing your existing OpenVPN configuration prior to
running through the setup of in this guide.
Firstly navigate to System > Cert Manager. On the ‘CAs’ pane remove any existing
certificates. Once completed navigate to the’Certificates’ pane and remove any existing
certificates. (Do not remove the ‘Webconfigurator default’ certificate)
Finally navigate to VPN > OpenVPN and remove your existing server configuration.
Create New OpenVPN Certificates
We’re now ready to create the required certificates for OpenVPN to function with local
user authentication. Navigate to System > Cert Manager. On the ‘CAs’ pane choose to
create a new certificate and ensure you choose ‘Create an internal Certificate Authority’ in