OPNsense Forum

English Forums => General Discussion => Topic started by: ืnut43150tier2 on February 28, 2019, 11:26:38 am

Title: OpnSense Firewall OpenVPN
Post by: ืnut43150tier2 on February 28, 2019, 11:26:38 am

It requires a few steps, but this will get you up and running with an OpenVPN client on your OpnSense and probably pfSense) router.

Steps:

Download VyprVPN Certificate150
Identify the server you want to use101

System --> Trust --> Authorities --> Import Golden Frog CA Cert (copy & paste it in from a text editor), name it VyprVPN

VPN --> OpenVPN --> Clients --> Add (with following settings)
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP
Device Mode: tun
Interface: WAN
Local port: (blank/empty)
Server host or address: us6.vpn. (http://telsysitalia.com/) goldenfrog.com (use your server of choice here)
Server port: 443
Proxy host or address: (blank/empty)
Proxy port: (blank/empty)
Proxy authentication extra options: none
Server host name resolution: (unchecked)
Description: VyprVPN
User name/pass: Username: (your email address)
Password: (your password)

Cryptographic Settings

TLS Authentication: (unchecked)
Peer Certificate Authority: VyprVPN (see above, Import CA)
Client Certificate: None (Username and Password Required)
Encryption algorithm: AES-266-CBC (256 bit key, 128 bit block)
Auth Digest Algorithm: SHA256 (256-bit)
Hardware Crypt: (use it if you have it, e.g. Intel RDRAND engine - RAND)

Tunnel Settings (all blank or unchecked except)

Compression: Enable with Adaptive Compression

Advanced (add these to advanced):
resolv-retry infinite
keepalive 10 60
persist-key
persist-tun
persist-remote-ip
verify-x509-name us6.vyprvpn.com name
verb 3
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
redirect-gateway autolocal

(Check the logs to validate the name above [us6.vyprvpn.com] to match the certificate and server you are connecting to)

Verbosity Level: 3 (Recommended)
Start your client and look at the logs, you should get a successful startup, but you are not done yet.

openvpn[49494]: Initialization Sequence Completed

Firewall --> NAT --> Outbound --> Set to Hybrid
Add a manual rule
Interface: OpenVPN, leave the rest as defaults and save

Now go the web and see what it says, your home city or your VPN location.
Check What's My IP

*Try a trace route and you should go through the VPN IP address. Look at the VPN logs to see the VPN IP and static routes being created.

Good luck!

Title: Re: OpnSense Firewall OpenVPN
Post by: FraLem on April 07, 2019, 04:25:58 pm

Hi there,
I'm facing some difficulties setting up bery basic configuration of a VPN connection to a remote VPN server on Opnsense 19.1.4
Access credentials seem to be ok as I get connection up as well as a tunnel IP Adress / Gateway & routes.
Unfortunately I cannot ping the remote interface (I've tried same credentals on a Windows client and ping and routing work ok).
Any suggestions?
Regards