Hello guys, Welcome to wire network. In this video we look at how to set up OpenVPN server in pfSense firewall. Step 1, Login Pfsense firewall. Next, Enter your username and password in the login page. Step 2, The first thing we need to do is a creating the CA certificate. To create the CA certificate, navigate to system, then click on the certificates. In the authority section, Click the Add button. Next, Enter a name for your CA certificate. Set the method to Create an internal Certificate Authority. Next, check the box to trust store Set the key type to RSA and key length to 4096. Next, Set your Digest Algorithm to sha512. Next, set the lifetime day as per your requirement. Set the ca certificate common name. Next, set the country code, state, city, organization and organization Unit. Click save finally You’ve created your Certificate Authority. Step 3, creating the server certificate. Next, go to certificates and then click on add/sign button. Make sure Method is set to Create an internal Certificate. Set the name for your server certificate. Next, Set the key type to RSA and key length to 4096. Set your Digest Algorithm to sha512. Set the lifetime and common name of your server certificate. Next, Select Server Certificate as the Certificate Type. Select IP address in alternative name dropdown menu and then enter your pfsense wan static ip address. Click on save button You’ve created your Server certificate. Step 4, Create a OpenVPN username and password. Navigate to system and then click on user manager. Click the Add button at the bottom right. Next, Enter a Username and Password for your user. Click on the save button click the pencil icon to the right of your new user. under User Certificates, click on add button. Make sure Method is set to Create an internal Certificate. Next, Enter a Descriptive name for your user certificate. Set the key type to RSA and key length to 4096. Set your Digest Algorithm to sha512. Set the lifetime and common name of your user certificate. Select certificate type to user certificate and then click to save. Next, scroll down to button and then click save button again. Step 5, creating the OpenVPN server. Navigate to VPN and then click on OpenVPN. Click the Add button on the bottom right. Next, Set the description for your OpenVPN server. Next, Set the Server mode to Remote Access (SSL/TLS plus User Authentication) Set the protocol to udp on ipv4 only Next, Set your WAN interface and OpenVPN Port to receive client connection. Make sure Use TLS Key and Automatically generate a TLS Key are enabled. Next, select server certificate in server certificate dropdown menu. Set the DH Parameter Length to 4096 Set the Auth digest algorithm to SHA512. In the IPv4 tunnel network, enter unused IP address subnet. Next, Enable Redirect IPv4 and IPv6 Gateway. Next, Enable UDP Fast I/O. Set the gateway creation to IPv4 Only and then click to save button. You’ve created your OpenVPN server. In step 6, we need to create a firewall rule to allow traffic to our OpenVPN server. navigate to firewall and click to rules. Go to OpenVPN and then click add button. Select action to pass. Next, select interface to OpenVPN. Set the address family to IPv4 and protocol to any. Next, select source to Network, and then enter your OpenVPN IP Address Subnet. Next, enter a rules description and click on the save. Click apply changes. Step 7, Creating firewall rule for allowed OpenVPN traffic on WAN. navigate to firewall and click to rules. In the WAN Submenu, Click the Add button. Select action to pass Next, select interface to wan, address family to IPv4 and protocol to UDP. Select source to any Next, select destination to wan address and then enter OpenVPN port number in destination port range. Next, enter rules description and then click on save. click apply changes Step 8, export OpenVPN client configuration. Navigate to system, then click on package manager. select the available packages submenu In the search item, type the OpenVPN and hit the enter. Next, install the OpenVPN client export package. Next, go to vpn and then click to OpenVPN. In the OpenVPN menu, click on client export submenu. In the inline configuration, click most client file. Next, launch your OpenVPN connect and upload export file you downloaded from pfsense. Next, enter your username and password you created in pfsense.
