Configure VPN connection with OpenVPN on Pfsense
1. Lab:
All virtual machines are created on Hyper-v:
- Virtual Machine 1: pfsense.
- Virtual Machine 2: Windows server 2012 (to try to establish a remote desktop connection).
- Virtual Machine 3: Centos 7 (to try to establish a ssh connection).
In this tutorial, I got two IP addresses:
WAN: 192.168.1.100/24 (Let's suppose it a public IP)
LAN: 10.10.10.100/24
2. OpenVPN configuration:
2.1. Certificate configuration:
First, we should create an internal server certificate CA
Log in to pfsense with admin user
In System, click on Cert Manager
In CAs tab click on "plus" icon to add a new certificate
Put all the informations by the certificate
Now the certificate CA is created
We need to create an other certificate for the server.
In this part, most people create a user certificate. You need to make sure to select certificate type "Server Certificate" otherwise you will get an error message on VPN client "Handshake error"
2.2. User creation:
In System, click User Manager
Click on "plus" to add a new user
Fill the user informations
The VPN user is created
2.3. OpenVPN client package:
In System, click on Packages
Wait to load the available packages
Now we can see all packages
Move down on the page and search for OpenVPN Client Export Utility
Click on Confirm
Installing the package on pfsense
The client export package is installed
2.4. Configuring OpenVPN:
In VPN tab, click on OpenVPN
In Server tab, click on "plus" icon to add a new OpenVPN server
Select the user access type and click Next
Select the CA certificate we created in the previous step
Select the server certificate we created before and click Next
Fill OpenVPN information and click Next
Ckeck OpenVPN rules that must be created in the firewall rules and click Next
Click Next
Now the OpenVPN server is created
2.5. Firewall rules:
In firewall tab, click rules
Go to OpenVPN tab. We see that all traffic are allowed on OpenVPN rule but we need only the SSH and the remote desktop.
Delete the default rule and create two rules allowed the SSH (port 22) and the remote desktop (port 3389)
2.6. VPN client export:
In VPN tab, click on OpenVPN, go to Client Export tab
Move dow to the page and download the VPN client installer. We nned the Windows x64bit version
2.7. OpenVPN client installation:
Copy the install package to the client and execute it. Right click and "Run as administrator"
When the installation finish, OpenVPN icon appeared. Double click on it
An authentication Window will pop-up, Enter the login and password for the user we created
Wait for the connection to start
The VPN connection start successfully
2.8. Testing:
We have two local server: Windows and Linux
We will try to connect to the Windows server, open mstsc
We can connect now with remote desktop to the Windows Server
Let's try the SSH connection the Linux Server. Open Winscp or putty to run the test
SSH access works fine