Show Posts
1
18.7 Legacy Series / openvpn config import
« on: January 09, 2019, 08:34:40 pm »
I am new here and new to opnsense.
I have opnsense running behind a proxmox server.
All my webinterfaces(ispconfig plesk etc..) are only reachable through a vpn network which i maintain on one of my standalone servers. My production desktopsystem is the only vpn client which is permitted to reach all clients inside the vpn. At the moment i have a debian running behind the opnsense to reach opnsense gui through the LAN interface via the proxmox console. I like to reach the opnsense gui directly from my vpn.
My openvpn settings are running fine from the opnsense shell "openvpn --config config.conf". But i cant change firewall settings for the tun0 interface via gui. I assume importing my vpnconfig through the webinterface would give me the possibility to do so.
I miss some options inside the opnsense webgui so i cant import the config the usual way.
I think i could miss something or i missunderstood the gui interface in some way.
perhaps someone can help me
sorry for my bad english i hope someone can follow my thoughts
regards mornori
my config :
client
proto udp
remote someip 56789
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_XXXXXXX name
auth SHA384
auth-nocache
cipher AES-256-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
setenv opt block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-crypt>
I have opnsense running behind a proxmox server.
All my webinterfaces(ispconfig plesk etc..) are only reachable through a vpn network which i maintain on one of my standalone servers. My production desktopsystem is the only vpn client which is permitted to reach all clients inside the vpn. At the moment i have a debian running behind the opnsense to reach opnsense gui through the LAN interface via the proxmox console. I like to reach the opnsense gui directly from my vpn.
My openvpn settings are running fine from the opnsense shell "openvpn --config config.conf". But i cant change firewall settings for the tun0 interface via gui. I assume importing my vpnconfig through the webinterface would give me the possibility to do so.
I miss some options inside the opnsense webgui so i cant import the config the usual way.
I think i could miss something or i missunderstood the gui interface in some way.
perhaps someone can help me
sorry for my bad english i hope someone can follow my thoughts
regards mornori
my config :
client
proto udp
remote someip 56789
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_XXXXXXX name
auth SHA384
auth-nocache
cipher AES-256-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
setenv opt block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-crypt>