OPNSense - Setting up OpenVPN Remote Access SSL/TLS + User Auth Legacy

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone welcome back to another video from sis admin 102 in today video I will show you how to set up a openvpn remote access uh with SSL and TSL encryption and user authentications so basically your unique certificate and user authentication to uh access the VPN server remotely so one of the thing uh that you will need that you will need the Dynamic DNS or the DNS set up uh for your opsin uh so that way when you are away from home it will able to pick up that uh subdomain and point it to your public IP address so that's why it's able to access your um openvpn server remotely and if you already have a ddns let's get started we're going to go to uh Ops and when you log in it should be at Lobby by default and we would go to system and just and authorities so first you need to reate a certificate Authority so this going to uh issuing the certificate for the server and as well as the client if you already have one you can use uh the current one as well and I'm going to call it s admin 102 SSL ca for certificate Authority and now most're going to reate internal certificate Authority keyin uh we're going to use uh 4096 and H 512 this going to be uh for this whole tutorial this is the key L and the arithm we're going to use 4096 and 512 uh Li time 365 day that one year so I put another zero that 10 year and uh country select your home country country in there so mine is going to be us and the state going to be California CD San Jose organization going to be sis admin 102 LLC email address text support atmin 102c all right and you can keep a default common name for internal CA or you can name it the same at the descripted name whatever work for you as all you can uh differentiate uh which one is which all right and with that let go to the certificate we're going to reate a server certificate so add and we're going to reate an internal certificate I'm going to call it Sis admin 102 do cap LC remote VPN okay and I only have one certificate Authority so by default automatically pick that one and then this one going to be a server certificate actually yeah let's change that to a server certificate all right and uh the key L is going to be 4096 uh that just Al read them going to be h8 512 again life time I'm going to give it 10 years 3 65 everything else should be default uh common name copy make sure it the same or you can name it something else all right and lastly we're going to reate a user certificate you have to access system access and then user uh if you haven't have one you can reate a new user if you already have one you can just hit edit to get the certificate issue so I'm going to name it just admin 102 add name 102 oh actually password all right then full name say admin 102 LC email address again Tex support s me12 and everything else will be default member of uh I'm going to add it to admin rou you can add it to whatever rou you like depend on your setup and you going to select there to uh create a user certificate if you already have a a user you uh will select edit and same thing come in here and click the Rea certificate and we select set okay so it's going to be reaing an internal certificate and keep everything at default except for the key land we're going to select uh 4096 make sure everything is uniform and at age is 52 so your ca your server and your client should have the same and like time you can give it uh 365 or 10 year whatever you have you and we keep everything as default and there we go we should have a certificate now for your uh for our user perfect and lastly we're going to go to uh VPN and open VPN and servers we're going to reate a new server so there two way to do it you can click on the ACT and you will have to manually uh input everything using the Weezer the benefit is going to walk you through uh kind of guide you through the process and as would automatically generate the fire war rule for you so just a basic rule that will get you up and running all right and type of server that's going to be a local user ACC access by default uh however you you AAP radius you will have to change it to whatever appliable to you and next and since I only have one certificate Authority automatically select that one if you have multiple make sure you select the correct one and next again uh server certificate we're going to select the server certificate we created earlier and next uh interface going to be uh wng W protocol just leave a default UDP uh local Port is going to be$ 1194 that the default for openvpn and description is going to be sis admin 102 remote VPN okay and leave Das at default encryptions we're going to CH uh 256 GCM and the aror rithm we're going to select again 512 512 ivp4 uh tunnel Network this is your remote ipv4 network uh it's good that you select like uh The Uncommon one uh do not use a common one cuz you might have a ib conflict with whatever Network that you are connected to uh so pick the one that uncommon not like the one that you know um it come with like default and your router cuz a lot a lot of time like people don't just change their IP address they use the default setting 0/24 and you uh you have an option to uvp uh IPv6 but that option now so I'm going to use this fc0 colum and then that's going to be slash 64 all right and ivp4 local this is your local ivp4 so My ATT 10.2.2 Z and subnet is 24 ivp6 local network uh this one I have to look it up later on but again IB physic is optional and everything else you can keep as a default comparison you can keep a default as well but I'm going to use the LZ 4 version two and enter client Communications you can allow communication between clients that connected to This Server uh option is there uh it's your choice I'm going to keep it uh checked all right DNS default domain so it's going to be my local default domain so when the client connected to the VPN server the V VPN server will push the default domain to the client DNS server the first one going to be my local DNS server so that way um when a remote client connect to to my VPN servers uh it will able to um you know translate the um look it up look it up the Local Host so I able to access uh let's say my uh next Cloud locally is uh using the fully qualified domain name instead of using the IP address and uh only good idea to have a fallback uh DNS server uh so for fallback DNS server I'll be using the quad 9 so the 9.9.9 9 and the alternate one it would be 149. 112112 do11 two all right and the DD DNS server number four we're going to use loud CLA which is 1.11.1 all right ntp server is optional it's up to you you want to use it uh you can uh Google uh ntp servers you can use like n.gov and they give you U the IP address to put in there so you uh can send the T to the client that connected to your system and everything else should be default next and here is uh what make it easier to using the wizer compared to manually added in cuz here I have option for you to generate the uh 5 W rule configurations so that way you can get it up running and next next and finish all right let me just show you if you go to a firewall and you go to rules and you go to Wang and you go it's automatically reate the uh rule for you this is automatically generated and this is a incoming traffic IB V4 or V6 UDP it uh the detonation is when interest and you're going to go to uh the 1194 which is open VPN and you go to open PPN he is is generate another one for ipv4 and V6 uh from any to any so there we go let's see it actually re1 for Lane uh look like not but there we go okay so now we're going back to the open VPN and now we have a server already next step is to export the client uh oh I mean yeah there we go so client export so for the client export the host name is going to be uh your ddns you have two uh three opt for four option archive file only file only by default uh that the uh VPN configuration file uh the ren uh Bell uh and uh viscosity uh those are the same thing at VPN configuration but that U uh specifically make for the rainbow or the viscosity uh VPN client and we can leave at the default setting and you would uh select the user that you want to export their uh pbn configurations and if you're on uh Max OS you can uh addir drop the certificate to your iPhone for your mobile device uh if not uh you can email it and then you should be able to open the attach the email uh on your iPhone so on your iPhone make sure that you uh download the openvpn apps and then after that you can air drop or email your certificate or Google Cloud what have you all right I'm going to add drop it over to my and then you're going to select open open w open VPN interesting I'm going to air drop it again all right Next Step open with open VPN and there we go all right I'm going delete one a bit so I'm going to select a app and then you're going to put in your username and next time you don't want to enter the password you will save the password all right and we're going to select connect and then select allow and it ask you to put in your your pin and there we go it's connected to your uh VPN server and while we add it let's do uh the speed test all right now open up a speed test and this is on Google 5 5G let's see how fast it is and uh Google 5 5G actually pretty fast uh it using uh T-Mobile network by default but it doesn't have the limitation and tole uh like T-Mobile fast internet work wide uh anywhere you go uh as long as put in the country supported by Google I think a 200 plus country uh you will get the fast internet and free uh Tech messes um so that's a good thing it's like a pocket Wi-Fi that you can enable Hotpot and by the way the hotspot is full speed it not limited to like you know 512 or 256 like the other carrier and uh if you would like to switch to uh Google F uh I have the uh referral code on my uh channel in the tutorial if you using that referral code uh you will get $20 uh five credit and I will get the $20 as well and that concluded the today tutorial if you think the tutorial is helpful don't forget to subscribe like and share and I'll see you guys in the next tutorial bye-bye
Info
Channel: SYSADMIN102™
Views: 6,709
Rating: undefined out of 5
Keywords: Nhan, Nguyen, Sysadmin102, openvpn pfsense remote access, openvpn com remote access, pfsense openvpn remote access setup, pfsense remote access, pfsense openvpn remote access, pfsense vpn remote access, opnsense openvpn android mobile remote access, remote access vpn, how to set up openvpn on pfsense, openvpn access server, private internet access, pfsense private internet access, set up the authentication server, private internet access vpn setup
Id: qhq8y8SgwC4
Channel Id: undefined
Length: 16min 58sec (1018 seconds)
Published: Fri Sep 01 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.