Configuring OpenVPN in pfSense
To access the private part of the network, configure OpenVPN
First of all you need to install the openvpn-client-export package. To do this go to the web interface System --> Package manager --> Available packages, type openvpn-client-export in the search bar and click install.
You need to wait for this to finish installing
After the installation we proceed to the settings.
Go to VPN --> OpenVPN and select Wizards.
In my example I will use local users
Click Next
On the next screen create CA
| Descriptive name | Descriptive name |
| Common Name | Internal name, if empty, Descriptive name will be used |
| Country Code | Two-letter country code |
| State or Province | Full name of the state/province |
| City | City Name |
| Organization | Name of organization |
| Organizational Unit | Division/Department Name |
Once filled in, click Add new CA and repeat the steps for Server Certificate
After creating the certificates, proceed to configuring the OpenVPN server.
Fill in the description
Select the interface, port and protocol for the future server
The Cryptographic Settings are as you wish and need them to be.
Let’s proceed with the Tunnel configuration
It is necessary to fill in
- IPv4 Tunnel Network - The network that will be allocated to clients must not overlap with your networks
- IPv4 Local Network - The network or networks that will be accessed from the VPN network.
Customize the settings as you wish and need, and click Next when complete.
Select Firewall Rule and OpenVPN rule
Click Next and Finish to finish
When finished, the new server should appear in the list.
The next step is to create a user, go to System --> User Manager --> Users and click Add
Fill in the user name, password
Next, select Certificate, fill in the fields and select the certificate that you created during the OpenVPN server configuration.
Click Save
Now go to VPN --> OpenVPN and click on the Client Export tab
For Client Connection Behavior, select Other and enter the Public IP or domain name if available.
Далее выбираем нашего пользователя и экспортируем конфигурацию
Configure the client according to your OS
For testing I have a virtual machine without a public IP address, now it should be accessible with a VPN connected
ssh ubuntu@10.128.0.26
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-79-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Aug 30 08:59:32 AM UTC 2023
System load: 0.0 Processes: 131
Usage of /: 23.5% of 17.63GB Users logged in: 0
Memory usage: 16% IPv4 address for eth0: 10.128.0.26
Swap usage: 0%
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
*** System restart required ***
Last login: Wed Aug 30 08:59:33 2023 from 10.0.8.2
ubuntu@test-vm:~$ It is also necessary to check who packets have started traveling through pfSense
Check which external IP we get
ubuntu@test-vm:~$ curl -4 icanhazip.com
51.250.89.142
ubuntu@test-vm:~$ Also make sure that pfSense is the gateway for the VM.
ubuntu@test-vm:~$ traceroute google.com
traceroute to google.com (64.233.165.102), 30 hops max, 60 byte packets
1 _gateway (10.128.0.1) 0.821 ms 0.801 ms 0.792 ms
2 * * *
3 pfsense.ru-central1.internal (10.128.0.11) 1.161 ms 1.151 ms 1.142 msAs we can see after gateway 10.128.0.1 there is LAN interface of pfSense.