OpnSense Firewall OpenVPN

Started by ืnut43150tier2, February 28, 2019, 11:26:38 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 28, 2019, 11:26:38 AM
It requires a few steps, but this will get you up and running with an OpenVPN client on your OpnSense and probably pfSense) router.

Steps:

Download VyprVPN Certificate150
Identify the server you want to use101

System --> Trust --> Authorities --> Import Golden Frog CA Cert (copy & paste it in from a text editor), name it VyprVPN

VPN --> OpenVPN --> Clients --> Add (with following settings)
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP
Device Mode: tun
Interface: WAN
Local port: (blank/empty)
Server host or address: us6.vpn. goldenfrog.com (use your server of choice here)
Server port: 443
Proxy host or address: (blank/empty)
Proxy port: (blank/empty)
Proxy authentication extra options: none
Server host name resolution: (unchecked)
Description: VyprVPN
User name/pass: Username: (your email address)
Password: (your password)

Cryptographic Settings

TLS Authentication: (unchecked)
Peer Certificate Authority: VyprVPN (see above, Import CA)
Client Certificate: None (Username and Password Required)
Encryption algorithm: AES-266-CBC (256 bit key, 128 bit block)
Auth Digest Algorithm: SHA256 (256-bit)
Hardware Crypt: (use it if you have it, e.g. Intel RDRAND engine - RAND)

Tunnel Settings (all blank or unchecked except)

Compression: Enable with Adaptive Compression

Advanced (add these to advanced):
resolv-retry infinite
keepalive 10 60
persist-key
persist-tun
persist-remote-ip
verify-x509-name us6.vyprvpn.com name
verb 3
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
redirect-gateway autolocal

(Check the logs to validate the name above [us6.vyprvpn.com] to match the certificate and server you are connecting to)

Verbosity Level: 3 (Recommended)
Start your client and look at the logs, you should get a successful startup, but you are not done yet.

openvpn[49494]: Initialization Sequence Completed

Firewall --> NAT --> Outbound --> Set to Hybrid
Add a manual rule
Interface: OpenVPN, leave the rest as defaults and save

Now go the web and see what it says, your home city or your VPN location.
Check What's My IP

*Try a trace route and you should go through the VPN IP address. Look at the VPN logs to see the VPN IP and static routes being created.

Good luck!
April 07, 2019, 04:25:58 PM #1
Hi there,
I'm facing some difficulties setting up bery basic configuration of a VPN connection to a remote VPN server on Opnsense 19.1.4
Access credentials seem to be ok as I get connection up as well as a tunnel IP Adress / Gateway & routes.
Unfortunately I cannot ping the remote interface (I've tried same credentals on a Windows client and ping and routing work ok).
Any suggestions?
Regards
Print
Go Up Pages1
User actions