In my configuration example I have left all Client Settings in their default state. Next enter the local network IP address range in CIDR notation (this is usually your LAN) and then set your maximum number of concurrent connections. You also need to tick the checkbox labeled Redirect Gateway to ensure all clients only use the VPN for all their traffic. Under Tunnel Settings, enter the IP address range in CIDR notation for the Tunnel network (this will be the IP address range OpenVPN will use to assign IP’s to VPN clients). Under Cryptographic Settings, leave everything as default but change the Auth Digest Algorithm to SHA256 as per the example below since SHA1 is not that secure. Leave everything as default and give your VPN a description if you so choose as per the example below. The settings below are the default settings which ensure privacy and use PFSense as your DNS server etc.įirst, let’s configure the General OpenVPN Server Information. As each environment is different, you may need to adjust these to meet your specific requirements. Next you will need to complete the Server Setup form which consists of four sections: General OpenVPN Server Information, Cryptographic Settings, Tunnel Settings and Client Settings. Again, if you have not created one, follow the steps above. The next step is to select the VPN Server Certificate. If you have not created one, follow the steps above. Next Select the Certificate Authority and click ‘ Next‘. In the drop-down list provided, select ‘ Local User Access‘ and then click ‘ Next‘ Next click on the ‘ Wizards‘ tab to start the configuration sequence. To start go to VPN in the main menu and then click on OpenVPN. We will be using the OpenVPN configuration wizard for this step. The certificate infrastructure needed for OpenVPN is now complete so we can move onto the next phase, creating the OpenVPN service Configuring OpenVPN on PFSense Fill in the rest of the relevant information and once complete, click on ‘ Save‘. Note you need to select the ‘Create an internal Certificate’ method and ensure you select ‘Server Certificate’ as the certificate type. Next complete the form to create the certificate. Under System – Certificate Manager navigate to the Certificates tab and click on ‘ + Add/Sign‘. The next step is to create the certificate for the OpenVPN server which clients will use to verify the identity of the server when connecting to it. Once done, click on ‘ Save‘ and your Internal Certificate Authority will be created.Ĭreating the OpenVPN Server Certificate on PFSense Remember to give you CA a useful common name which you can use to identify it. Since we are building an Internal Certificate Authority, select this option from the drop-down list as highlighted in the image below and then fill out the necessary details about your organization in the fields provided. Next we need to fill out the form which PFSense will use to create the Certificate Authority. In the example below there isn’t one so click on ‘ +Add‘ to create a new one. You will then be presented with a dashboard detailing the list of CA’s installed on the server. The first step in the process is to navigate to the built-in PFSense Certificate Manager Creating a Certificate Authority on PFSense If you already have one configured you can skip this step. The first thing we need to do on PFSense is create a Certificate Authority. OpenVPN uses certificates to secure the VPN service for authentication and encryption purposes. Creating the Certificate Infrastructure needed for PFSense and OpenVPN They are also a more secure solution than exposing remote access protocols such as RDP or SSH directly over the Internet and also provide you with a level of privacy and security when you are using the Internet from insecure locations. VPN’s are very versatile infrastructure solutions which give you the ability to enable remote access to your local environment. There are 3 primary steps to installing and configuring OpenVPN on PFSense: Setting up OpenVPN on PFSense 2.4.x is a straightforward but rather long process but hopefully this step-by-step guide can give you the direction you need to implement this solution as painlessly as possible.