Connect pfSense to VPN Provider (OpenVPN Client) - Full Setup

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
some here from Sheridan computers in this video I'm going to show you how you can use pfSense to connect to a VPN provider um now one thing I want to get out of the way is I don't trust VPN providers and I certainly don't recommend any of them the only reason they're in this video is to allow me to do this demo um if you're going to set up a VPN for privacy reasons set up a digital ocean droplet or a private server on linode it'll be much cheaper on monthly cost you control the machine you can delete the logs I'll not recommend that you do that one thing I use VPN providers for and which is why I have an account with one is literally just so I can appear in other countries and like test firewall wheels or whatever I need to do so if you're using one for privacy purposes I don't recommend these companies at all in fact most of them when you go on straight away they have big adverts saying if you subscribe to us right now you can get you can get like 50 off 70 off but you must click this button within like 24 hours because if you don't this offer's gone yeah you can log in like next week two weeks two months the offer will still be there so the candidate just dishonest right from the outgo so I don't trust them anyway whatsoever but anyway let's get on with the video and let's show you exactly how to do this Sheridan computers Communications support okay so the first thing we're going to want to do before we get started is we need to um download the openvpn configuration from whichever VPN provider you're doing so in this case I'm using the Pia so we're going to need to do is go into Pia to download and you need to download the openvpn so you can either generate your own for this I'm just going to use the standard openvpn config files provide that they provide let's go ahead and save that so it's a zip file so we're going to want to extract our ZIP file um so let's give us a list of zip files which are for which all the different conjures and things I'm just going to use a vpn1 for this uh copy that paste it there I can remove that zip file for now right so you need to go ahead and open this with a text editor so I'm going to open it right so once you've got your old VPN file um which is the open VPN configuration file this contains everything that we need um before we can get started the first thing we need to do is get off uh we need the certificate Authority for Pio so we need to copy everything between the two CA plugs so what we're going to do is grab everything from where it says begin certificate thank you so it's an end certificate I'm going to copy that and we're going to go into certificate manager I'm going to add a new ca so make sure you're on the ca tab go add uh I'm going to call this Pia CA we want to import an existing certificate of order I'm just going to paste that data that we copied into the certificate data field the key you can leave go ahead and save that so as you can see once we've saved it we've got the Pia certificate installed as a CA um it's all being well you should be able to see the expiration date so this one's 12th of April 2034 once we've done that we can go ahead and we can start setting up our VPN client so we've got a VPN openvpn clients um so we want to add a new client so let's go ahead and add this so click on the add button give it a description so we're going to call it Pia VPN clamp you obviously don't disable um the mode configuration you can leave defaults or peer-to-peer um until my three mode protocol we're going to have UDP on ipv4 only so obviously these uh if you go ahead and generate your own you're gonna need to change these for however you set it up with default GDP on ipv4 you use one interface for connecting now the local Port you can just ignore that uh so now it's need to start popping server hosting address so it's up here at the top so where it's got in the VPN configuration file it's got remote UK London privacy .network so we're going to copy that hostname um and paste that in there so we need the server port and as you can see the server ports 1198 so let's go ahead and change that um we can leave the rest of that the username you need to go in and stick in your Pia VPN and username they used to log into the control panel and things uh we don't want to use the TLs key you can leave the default Direction Authority so if you've got multiple certificate authorities within PF sent make sure you choose the right one you need to choose the Pio one um the rest of this we can leave PF sense will automatically detect it the way it's set up for default uh if you have Hardware acceleration go in and choose up using Hardware acceleration obviously will make the VPN faster so tunnel settings we can kind of leave these as defaults up until uh do not pull Roots so we don't want to pull the roots uh don't add remove roots so basically that's selling the openvpn that we don't want the client to change the routes on PF center it's probably not what you want um ping settings you can leave I think the rest of it we can leave fine if you do need to pass any custom options through you can do and obviously various options you don't really need to um but you can obviously copy any of those that you want in there the defaults are fine on PF Sentinel fairness Gateway creation I only need an ipv4 Gateway because I'm not using IPv6 on this so we go ahead and save up let me set a password in as I said you need to put username password interconnector let me go ahead and do that real quick I've gone ahead and stuck the username password in so now that should save fine I'm sure these are tickets today go ahead and save that and that's it I've basically got the client set up at this stage if we now look at the options there we've got the latest data set and if we're going to related status um you can pretty much see we've got traffic being sent and received um we've got the remote host so it looks like it's working at that stage and so we're gonna need to go ahead and set this up as an interface we'll go to interfaces assignments and you should have your VPN client here which we have let's go ahead and select that and add it to the new interface once you've added the interface just go into it enable it can give it a proper name so Pia and yeah spell it right ends um there's nothing that really you need to select in here anymore um make sure these are not ticked because you're getting private IP addresses assigned by your VPN provider so go ahead and save that apply the changes Okay so we've got the client created and we have the interface set up so just double check that should give us a Gateway so if we're going to system and routing it does in fact you can see that we have Pia and VPN V4 which is one that we've just set up um I always recommend that you change the default gateway and yet rather than leave it on automatic add to this specify your default gateway otherwise you can have problems it will go nuts and nothing's really saving though it was already set that way for us so now I've done that we want to create a couple of aliases just to make this easier for management going forward so we're going to go into firewall aliases um IP so what we're going to do here is give the IP address of each endpoint that we want to go over VPN so we're going to add VPN vbn out endpoint um and which best specify the list of each of the hosts that we want so this machine for example um let's go into Windows Powershell types in ipconfig so you can see my IP address is 192.168 1.10 so this is one of the clients that we're going to want to use so I'm just going to paste that in there Sam PC we're going to save that apply the changes so obviously you can um edit this and add as many endpoint addresses as you want so once we've got the Alias set up next thing we need to do is create a firewall rule to uh Sorry rules to push our traffic over the vpm um we needed the gateway to do that so what we're going to do is go to add now before you do this make sure it's above your local like we've got um allow Lan out you need to make sure it's above this because we're pushing the route different to the normal ones if it's below this it will just push it that way um and also be careful of I've got a lot of source set to anything um so you need to obviously take that into account so we're allowing anything from the LAN um so what we're going to do is to add we want to pass the traffic obviously don't disable the real the interface is going to be Lan IP just family is going to be ipv4 obviously it depends on the whatever configure downloaded or generated um defaults ipv4 protocol any and and here I want single all star halo and what we're going to do is use that Alias so VPN endpoints so anything that's uh IP address is listed in the aliasis VPN endpoint so you see I said create an alias just makes it easier because you can just add and removed from that as you want so traffic routed out VPN now we need to go into advanced um what we want to do is we want to put a tag on this is what I'm going to call this Pia so basically any traffic coming in to the destination that was specified which is any coming from them IP addresses um he's going to get thrown out wherever we tell you in a second but we just adding a tag on this so a tag cycle label as such and I'm calling this Pia you'll see why I do that it's because if you've got endpoints that you're going over that and using the VPN you don't really want going out you want interface and we'll use a tag to block that I'll go through that in a minute uh once we've done that we need to specify the Gateway so anything that's listed there we want it to go up through our VPN Gateway which is why we needed to create the rates the um we need the Gateway creating for it so which is why we had the interface and stuff like that um so this is like policy based routing so once we've done that we can go ahead and save that and we are pretty much Reddit at this stage so you can see we've got our source so VPN endpoints now if you hover over it'll show you what they are and going out the Gateway so any traffic coming on from here we want to go out that Gateway before our traffic we'll actually go at that Gateway uh we're gonna go ahead need to um set up some nut wheels so I've gone to firewall Nat outbound um so you should have it set to hybrid outbound so rather than just it's on automatic which is a default it just creates all the wheels for you we want to be able to specify our own we want to add a new rule in here um just from to ipv4 protocol is going to be any um interface is the Pia interface that we created so we send wants a nut on that interface so it will allow our traffic out and do Network address translation on it um our source Network this is going to be the same one we've created so VPN out endpoint and we're just going to change the mask to 32. there's basically anything listed in there before it's just 32 so it's not ranges just them that we're using um that on interface address go ahead and save that apply the changes um we're setting our net roll ups so we want the uh traffic through the Pia interface and my VPN endpoints with net address and that's pretty much all we need to do so if we go ahead now into where is it uh services and we have our open VPN client which is going to restart this but now once we've restarted that should be oh we need I forgot to ifconfig.io um so you can see uh the IP address that we connected on is 194 110 13 4 3. which is the VPN IP address so that is now working if we go ahead to fast.com show more info and you can see the client is London which is obviously the VPN file we chose um that's pretty much everything you need to do to get your VPN set up now I did mention um we tagged the traffic so if I uh go back into PF sense we're going to interfaces firewall rules no I did mention with the point of tagging the traffic was if you've got your endpoints and you want that traffic from the endpoint to go over the VPN if the VPN fails for the evening it'll just go out it'll use it actually I'll go out the um one interface as default as the default interface so we want to block that so if I got to add and we're going to block so one interface ipv4 any and we're going to do single hostile alias we want our VPN endpoints so we don't want anything from these allowed out unless they're connected to the VPN now to do this we're going to display an advanced and there's this tagged option here now if what did I put in Pia so we'll put in Pia so that needs to match the tags this is it and traffic which is tagged with that label so you need to make sure it's set the same as the one that you did um put a description in block traffic testing or BPM I'm gonna go ahead and save this and apply the wheels so basically blocking anything out of that interface from these vbn endpoints so if I go into VPN uh I'll be bpn clients and I disable this clone save up I can't disable it well it's got an interface assigned to it so we'd have to remove it um all right let's do the different one so Diagnostics services uh a VPN and I'm just going to stop the open VPN client for a minute so that's stopped so no I shouldn't have instant access from this machine go ahead and double check that and we have them our traffic is blocked so you can have multiple of these um what I can do go back into openvpn um let me select New York for example let me go ahead and open that problem with a text editor where's Sublime go ahead and open that I'm going to change remote holes to this if I go back into uh hypervpn clients edit that client and I'm going to change the remote host when I can find it the New York City go ahead and save up okay I'm going to Diagnostics uh it's not under lower status services restart our VPN service again uh Let me refresh this so we're on 194 110 13 43 let me go ahead and refresh this you can see straight away our IP address is changed I mean my horses James and the country code so we're now coming from the us so you can add multiple entries in um you just change it as of when you need to so that shows that we are working properly um Wireless comments on vpns so I don't endorse any VPN company at all um so a VPN is useful I guess for hiding traffic from your IP you kind of with vpns and VPN providers you can just kicking the can down the road so you had an it from your IP but then the VPN provider that you're using yeah they say they don't log things do they um yeah take that word for it I guess um but if you want a VPN provider so I did that with private internet access you can do exactly the same thing with nordvpn so I'll private internet access uh you can go you can see the prices so one month is like 12 a month uh if you commit to monthly plans uh yearly plans they go a lot cheaper um I think it's a BBM pricing so again um where is it pricing so they'll do it um it goes cheaper as you get it on the various options um You probably don't need any of this Dexter crap um so the standard one do you um like I say I wouldn't I don't really if you do it monthly they go up a significantly um like I said I don't really endorse any of these companies um but again they offer the option to download the VPN configuration file so you can do the exact same thing through them so if you wanted to get started with pfSense and um vpns and sending traffic over a VPN I hope that helped so you know if you've got TVs um whatever you want to send the traffic over you can do that and it doesn't have to be um VPN providers if you're doing a setup back to your office it's pretty much the same process um do me a favor if you found this video useful please hit that like button consider subscribing to the channel and hit notifications icon and you'll receive notifications of any new videos as they are released um it does help and it does encourage me to carry on doing the videos so I hope that helped and I'll see in the next one
Info
Channel: Sheridan Computers
Views: 14,139
Rating: undefined out of 5
Keywords: pfsense tutorial, pfsense openvpn, pfsense vpn, pfsense openvpn configuration, openvpn pfsense tutorial, pfsense openvpn client, pfsense setup openvpn, pfsense vpn client, pfsense openvpn client certificate, pfsense openvpn client kill switch, pfsense pia vpn setup, pfsense pia vpn, pfsense pia setup, pfsense pia openvpn, pfsense nordvpn setup, pfsense nordvpn client, pfsense openvpn nordvpn, pfsense vpn client setup, pfsense openvpn client import, openvpn client pfsense
Id: ffVPOaLCuMQ
Channel Id: undefined
Length: 22min 1sec (1321 seconds)
Published: Sun Feb 12 2023
Related Videos
Unboxing and Testing: Starlink in the UK | A First Look!
Sheridan Computers
1.4K
How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN
Lawrence Systems
112K
pfSense CE vs OPNsense 2024 ...and that video
Sheridan Computers
4.2K
It’s Been a Good Run, Phone Providers (Part 2)
Data Slayer
338K
VPN Everything! OpenVPN Gateway Tutorial
Craft Computing
213K
My pfSense Setup - VLANs, VPN, Firewall, DHCP
Raid Owl
82K
pfSense OpenVPN Setup Step by Step
syncbricks
1.1K
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
2.2M
pfsense: Blocking Threats With pfblockerNG Lists
Lawrence Systems
97K
Proxmox pfSense Setup Tutorial (2024)
Sheridan Computers
14K
I Made My Own Free VPN... But Better!
SomeOrdinaryGamers
309K
How to setup OpenVPN on PfSense
Barmine Tech
2.3K
Configure pfsense as OpenVPN Client in a Site to Site VPN using Netgate SG-1100
Smarthome and Theater Systems
10K
How To Fix Bufferbloat in pfSense For Better Network Performance
Lawrence Systems
31K
Tutorial: pfsense Wireguard For Remote Access
Lawrence Systems
153K
Why I no longer use a VPN (most of the time) and nor should you
Sun Knudsen
1.1M
pfSense - Configure VPN Client-to-Site with OpenVPN on pfSense Firewall
ToTatCa
6.1K
Install OpenVPN on pfSense - The Complete Step-by-Step Guide
Stefan Rows
31K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.