Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OpnSense Firewall OpenVPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpnSense Firewall OpenVPN (Read 3893 times)
ืnut43150tier2
Newbie
Posts: 5
Karma: 0
OpnSense Firewall OpenVPN
«
on:
February 28, 2019, 11:26:38 am »
It requires a few steps, but this will get you up and running with an OpenVPN client on your OpnSense and probably pfSense) router.
Steps:
Download VyprVPN Certificate150
Identify the server you want to use101
System --> Trust --> Authorities --> Import Golden Frog CA Cert (copy & paste it in from a text editor), name it VyprVPN
VPN --> OpenVPN --> Clients --> Add (with following settings)
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP
Device Mode: tun
Interface: WAN
Local port: (blank/empty)
Server host or address: us6.vpn
.
goldenfrog.com (use your server of choice here)
Server port: 443
Proxy host or address: (blank/empty)
Proxy port: (blank/empty)
Proxy authentication extra options: none
Server host name resolution: (unchecked)
Description: VyprVPN
User name/pass: Username: (your email address)
Password: (your password)
Cryptographic Settings
TLS Authentication: (unchecked)
Peer Certificate Authority: VyprVPN (see above, Import CA)
Client Certificate: None (Username and Password Required)
Encryption algorithm: AES-266-CBC (256 bit key, 128 bit block)
Auth Digest Algorithm: SHA256 (256-bit)
Hardware Crypt: (use it if you have it, e.g. Intel RDRAND engine - RAND)
Tunnel Settings (all blank or unchecked except)
Compression: Enable with Adaptive Compression
Advanced (add these to advanced):
resolv-retry infinite
keepalive 10 60
persist-key
persist-tun
persist-remote-ip
verify-x509-name us6.vyprvpn.com name
verb 3
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
redirect-gateway autolocal
(Check the logs to validate the name above [us6.vyprvpn.com] to match the certificate and server you are connecting to)
Verbosity Level: 3 (Recommended)
Start your client and look at the logs, you should get a successful startup, but you are not done yet.
openvpn[49494]: Initialization Sequence Completed
Firewall --> NAT --> Outbound --> Set to Hybrid
Add a manual rule
Interface: OpenVPN, leave the rest as defaults and save
Now go the web and see what it says, your home city or your VPN location.
Check What's My IP
*Try a trace route and you should go through the VPN IP address. Look at the VPN logs to see the VPN IP and static routes being created.
Good luck!
Logged
FraLem
Jr. Member
Posts: 80
Karma: 2
Re: OpnSense Firewall OpenVPN
«
Reply #1 on:
April 07, 2019, 04:25:58 pm »
Hi there,
I'm facing some difficulties setting up bery basic configuration of a VPN connection to a remote VPN server on Opnsense 19.1.4
Access credentials seem to be ok as I get connection up as well as a tunnel IP Adress / Gateway & routes.
Unfortunately I cannot ping the remote interface (I've tried same credentals on a Windows client and ping and routing work ok).
Any suggestions?
Regards
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OpnSense Firewall OpenVPN