pfSense 2.4 OpenVPN Setup Foolproof Step-by-Step!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

yes what is up everyone I'm back for you with a new video this time comes the highly requested how to setup Open VPN on pfSense 2.4 video I will go with you through each and every step of the whole procedure many of you requested a video for that it's the most popular article on my website coz calm so it's about time to make a video on it and I will guide you through each and every step on how to install Open VPN on pfSense 2.4 and we will test everything with combination of pfSense 2.4 and windows 10 so let's get over to the computer and get started so I have a vanilla Windows 10 VM here which we are going to work with and I also have vanilla pfSense version 2 point 4 point 4 so that we can start with a clean slate I haven't set up anything prior to shooting this video so we will start from scratch all together I am going to use a dynamic DNS servers to basically get fixed or a static IP address so that I can access my Pearson's firewall remotely if you have a static IP address anyway from your internet service provider you don't need that but everybody else usually has a a p address that changes every 24 hours so for that purpose we need some service that basically makes our or translates our our 24-hour based changing IP address into an address that will always be the same so it basically updates a dynamic DNS record with the new IP address every time this IP address changes and how it's working is that the absence is doing this update for you and it updates the dynamic DNS provider all right this demonstration I've chosen a free add in DNS service which is called no IP so if you don't need a dynamic DNS provider or you already have one you can just skip this step this is called no IP so just go there open their website I put the link in the description below to I used them in the past and I was satisfied with it the only downside is that the free version every 30 days they will send you an email which in which you are quickly need to reconfirm your hostname so you just do two clicks and you have another 30 days of free dynamic DNS which is I think it's a fair deal okay so when you're signing up on this page enter a hostname just here and click on sign up you can still do that later you can just click on sign up here and first create an account I already have an account you can call that whatever you want I recommend you to choose some generic name and not something related to your business because that might lead people to be able to guess your dynamic DNS name which will enable them to somehow get access to your IP address and eventually start sniffing around or preparing some attack or rec on you okay so sign up fill in this form it's pretty straightforward and once you are logged in confirm your account with your email address I already signed up prior to this video so I'm going to simply login [Music] and when the first time you log in it's written there that you need to enable your account and probably that you need to create a hostname so the first thing you are going to do is you click on a dynamic DNS then and click on no IP host names if you already created that a needle and the assignor process you will already see your host name here with the IP address of your internet connection next to it alright so I will just call it for the demonstration like this as I said you just I just recommend you just type anything there like a longer number you don't need to remember that or anything you just need to set it up once so do it as generic as possible I will use my name for this purpose then you can choose one of those three domains right here and I'm just going to choose this one this is what I used I just have to quickly refresh the page and now you can see that automatically the IP address of my internet connection is in here and the same thing should happen for you but if you just signed up as I said your IP address will be already written in here so now we have our dim DNS in place and that's the first step that we need to do if we want to set it up with Dean there now we can just leave that open the background open a new tab and log into our pfsense as you can see it's vanilla I didn't even open it yet hope I don't have to go I have to go through the initial configuration again let's quickly do that this is important for later your domain I will show you where to find that we need that for the VPN I just leave everything on default just the timezone that happens when you really do a vanilla installation Europe Europe European but it just takes a second don't worry right okay and we're gonna change course we're gonna change the admin password click on reload and finish ok so now we are in the dashboard and the first thing we want to do is actually set up our gin DNS so we go to services and dynamic DNS and we click on add come on ok so now depending on what kind of service you are going to use you choose it from here there are plenty of services that come pre-configured in our case we use no IP free which is also here so if you have that just selected right here interface to monitor is of course our one interface and the hostname is in this case this hostname what we have just set up here or whatever your hostname is so just copy that in here and then we go down and we enter our hop or our no IP username and our no IP password give it a description we call it simply no IP down in us and click on save and now we see what's indicated by this green writing here that it's already connected to no IP and the address is updated it takes a couple of seconds longer until it shows up in the no IP dashboard but basically that's it for done DNS if you have a green IP address here you are all Sam the next thing we are going to do is we are going to create a certificate authority and what I wanted to tell you is first go to system general setup just in case you are not aware of it so you don't have to look it up later check up your domain name if you just have a local installation it's most likely that it's something like a local domain so just keep this domain name in the back of your head because we will need it in a couple of minutes ok let's go to system certificate manager and we create a new certificate authority we give it a descriptive name as it is Open VPN see a copy that name go down enter it on common name as well then select your a country code that suits you enter or don't enter an address I'm just going to do it for good measure eunuch sec click on save all right we have this certificate now now we need to create a service certificate as well so click on certificates up here click on add slash sign you want to create an internal certificate and we just call it open VPN server cert do the same thing again copy that make sure the certificate authority is the OpenVPN certificate authority that we just created in a previous step if you want you can rise up the algorithm but you also would have to rise it up in the open VPN CA that we just created so I just leave it on default for this demonstration okay the common name I will just use my Dan DNS address you can basically put there if you have a domain you just put it in there or you put up VPN service Urton it again I always used to do to put my Dan DNS address in here this is already comes pre occupied as we select the CA and then scroll down to certificate type and choose server certificate that's important to do click on save ok now we have a certificate authority in place and we have our server certificate the next thing we are going to do is we are going to create a new VPN user so go to system and go to user manager click on add choose a unit user name I just call it as it is like this choose a password this will be the user name and the password you will log in to your VPN once it's setup you can choose a full name you can put an expiration date you can put some custom settings there you can add him to some groups whatever you don't need to do that now and we also want to take to clear click to create a user certificate we give it a name which is Co sac or wait let's call it VPN user Co sec yeah so that we just can a certificate authority of course is the OpenVPN CA that is pre-selected it's the only one that we have here because it's the only one we created but make sure it's the OpenVPN CA in case you have more and I think yes that's it just click on safe okay user was time for the next step the next step we are going to install the VPN package export so go to system package manager available packages type Open VPN into the search term search field click on search and install the openvpn client export confirm it it should just take a couple of seconds by the way guys there's also an written article which I will link in the description of the video in case you prefer to go through that step by step okay success that sounds pretty good then we go to VPN Open VPN to actually set up Open VPN on pfsense ok we go to Wizards we want local user access so we click on next the certificate authority of course is the OpenVPN CA that we just created so click on next the certificate or the server certificate is the server certificate which created previously so you can see that I named it that it's obvious which one it is right click on next interface is when we leave that as well we leave this on default we leave the port on default you can change all of that if you want to but for this demonstration I'm just going to leave it on default I call it open VPN simple as it is we want TLS authentication generated TLS key we leave this all on default we go a bit more down and now we come to the tunnel settings which is important all right so as you can see I have the network one on two one six eight one point one here which is actually our local network so let's put it here one on two one six eight 1.0 you don't put you don't want to put one point one because this gives an arrow and won't be you won't be able to start your Open VPN server so you need to enter a correct cedar address which is point zero and then the subnet mask which is slash 24 in my case for the tunnel Network you want to choose a different subnet so in that case for this demonstration I choose two point zero slash 24 all right so just adjust it according to your own network and make sure the tunnel network is a different network than your local network click on redirect gateway to force all client generating traffic through this VPN tunnel so to make sure that all of the traffic from your connected VPN client goes through the tunnel that everything is encrypted okay concurrent connections says actually if you leave it empty it will not be a limit if you want a little bit more security just you just have one VPN user make sure to just put it on one so only one concurrent client can connect to the server that gives a little bit of extra security okay let's go more down I also always allow inter client communication so that in case you have multiple VPN clients connected to the server they can interconnect with each other if you don't take that they will not be able to do that so you can choose or not or choose to not to take this option here actually for for if you just have one user let's let's leave it out we don't need it okay good dynamic IP that's okay that's okay then we need default DNS default domain this is what I said so in this case it's local domain or whatever European sends domain is under system general setup okay that makes sense then the DNS server Marcus is my pfSense firewall itself so I simply enter the IP address of my pfSense firewall here scroll around scroll down go down and click on next then you want to take this to create a firewall rule for the traffic to allow the traffic from client to server and also an Open VPN rule to allow traffic from clients to the VPN tunnel click on next click on finish and congratulations you have setup Open VPN we are almost done with that we can see the tunnel network here and everything that's running now one thing I will always do now is check if the OPP and server is actually running so go to status and go to services and check that this is running see it's green in case it's red there might be an arrow so check all your settings again check if your tunnel and local network is in the correct format with the dots 0/24 and that's mostly the case that it won't start and for further investigation if you cannot figure out what it is you can still go to diagnostics and actually it's data's system locks you can go to open VPN and you will see a bunch of locks here that will point you in the right direction and maybe help you to find it where the error is ok so next we are going to export our client so go to VPN of VPN go to go to go to go to Klein export yes so if you are using the dynamic DNS that we have set up in the first step you want to choose hostname resolution you want to open it up and you see here that this hub to dot-org address is showing up here so in case you used on DNS selected that's very important you have to select it in my case for this demonstration to show you that the VPN is actually working I have to leave it on interface IP address if you have a static IP address and you want to use the static IP address to connect to your firewall then you also have to leave it on interface IP address all dynamic DNS you choose your dynamic DNS you okay good let's scroll down a little bit then we want to use random local port if you have more clients that want to connect to the VPN concurrently you have to choose this all right so it's written here use a random local source port el port for traffic from the client without the set to clients may not run concurrently that's self-explanatory so if you have more clients connecting tick this box we don't serve it on ticket good good good good good click on save as default perfect now you have everything set up let's I just double check it yes I have interface IP address that's fine and scroll down to open VPN clients you see your Open VPN user here and you see the certificate of the VPN user here Watch which was created earlier now click on download the windows installer to download the windows installer click on save takes a couple of seconds to download open it up right click it and run as administrator if you have this when a smart screen going on click on more info and click on run anyway click on yes I just closed this for now make it minimize it I need to upgrade my computer to run VMs more closely in the future so guys if you are able we leave everything on default here just click truly install I agree leave everything and default click Next if you want to support me go to CEO side calm click on the donate button and help him to buy a new computer click on install to install the tab driver I ready to operate seriously it's slow it's getting slow upgraded my CPU quite a while ago ok click on next click on finish click on close and double click Open VPN GUI to start opening began next time you restart your computer will automatically good you can see it in the lower right corner here there is your open BPM in GUI and right click click on connect enter your username enter your password and if you did everything correctly and you hit the enter key you will be connected and if the fireball comes up allow access private networks public networks whatever looks pretty good this morning is OK and worried about it and you see the grid lights that you are connected to your VPN so you successfully setup Open VPN I hope it worked for you too I give you a tip if you want to try the connection you just set up a mobile hotspot on your mobile phone connect your laptop to it and try to connect to the VPN like this to make sure it's actually working before you go to holiday and then you are disappointed that it doesn't work you know so just do that and as I said you can see that here if you use it from your local network by the way and you try to access the internet or your browser you want to browse any internet it will not work so always try it from a external internet connection like if you really want to try if it's working and if you want to disconnect simply right-click and disconnect you can also see if you go back to your pfSense go to dashboard where it is where this word is there was an option to see which clients are connected you can actually edit here you can click on the little plus and then you can add this openvpn widget and then you see that somebody was apparently connected or you see who is connected at the moment you can kick them off to it it's a little bit delay there so you will see if somebody is connected or if you are connected all right guys this concludes this tutorial if you like that please let me know in the comments below if this was easy to understand for you because I try to make this tutorials as easy as possible for everybody to understand even for total beginners so that people are able to actually secure their home network with very little knowledge and I also believe the written is the written article in the description below you can read through it go through it step by step if you want to and don't forget to subscribe to the channel to hit that like button if you actually like that video and hit a notification well to get notified about future pfSense videos thank you for watching and see you in the next one bye

Info

Channel: Stefan Rows

Views: 105,159

Rating: undefined out of 5

Keywords: openvpn pfsense, pfsense openvpn, pfsense 2.4 openvpn setup, pfsense 2.4.4 openvpn, setup openvpn pfsense, openvpn pfsense 2.4.4 setup, vpn pfsense, setup vpn pfsense, vpn connection pfsense, pfsense 2.4 openvpn configuration, pfsense openvpn configuration, pfsense openvpn tutorial, pfsense openvpn guide

Id: dBOQnApxzzQ

Channel Id: undefined

Length: 23min 1sec (1381 seconds)

Published: Wed Oct 31 2018