Differences

This shows you the differences between two versions of the page.

--- pfsense:vpn:openvpn:create_and_configure_an_openvpn_server [2020/11/30 00:08] – peter
+++ pfsense:vpn:openvpn:create_and_configure_an_openvpn_server [2021/01/06 18:07] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== PFSense - VPN - OpenVPN - Create and Configure an OpenVPN Server ======
-Navigate to **VPN -> OpenVPN -> Servers**.
-Click on **Wizard**.
-<WRAP info>
-**NOTE:**  This will allow us to easily create our CA (Certification Authority), the Server Certificate and the configuration of the VPN Server;
-These components can also be created individually if required.
-</WRAP>
-  * Select **Local User Access**.
-Now create the CA, as a necessary parameter we must enter a **Descriptive name** that will allow us to identify it, while all the other parameters can be left by default.
-  * Key length: **2048 bit**.
-  * Lifetime:  **3650**.  (10 years).
-Create the Server Certificate to be associated with our VPN server, as per the CA will require a **Descriptive name** and leave the other default parameters.
-  * Key length: **2048 bit**.
-  * Lifetime:  **3650**.  (10 years).
-  * Click **Next**.
-Now Create the actual VPN server configuration.
-General OpenVPN Server Information:
-  * Interface:  **WAN**.  Or select the interface on which we want our service to listen.  If we have more than one WAN interface choose the one you want to dedicate to the service.  Later we can select multiple interfaces for greater redundancy.
-  * Protocol:  **UDP on IPv4 only**.
-  * Local Port:  **1194**.  Remember the port that is used for the VPN must be open on the listening interface.  Therefore it will be necessary to configure the Firewall to open this port.
-  * Description:  Choose the name to identify the server.
-Cryptographic Settings:
-  * TLS Authentication:  **Checked**.
-  * Generate TLS Key:  **Checked**,
-  * DH Parameters Length: **2048**.
-  * Encryption Algorithm:  **AES-128-CBC (128 bit key, 128 bit block)**.
-  * Auth Digest Algorithm:  **SHA256 (256-bit).
-  * Hardware Crypto:  **Intel RDRAND engine - RAND**.
-Tunnel Settings:
-  * Tunnel Network:  **10.20.30.0/24**.
-  * Redirect Gateway:  **Not Checked**.
-  * Local Network:  **192.168.1.0/24**.  If there are multiple LAN networks to which we want to give access, you can enter them by separating them with a comma.
-  * Concurrent Connections:  **<blank>**.  Can set this to the maximum number of client to allow access in.
-  * Compression:  **Omit Preferences (Use OpenVPN Default)**.
-  * Type-of-Service:  **Not Checked**.
-  * Inter-Client-Communication:  **Not Checked**.
-  * Duplicate Connections:  **Not Checked**.
-Client Settings:
-  * Dynamic IP:  **Checked**.
-  * Topology:  **Subnet - One IP address per client in a common subnet**.
-  * Netbios Node Type:  **None**.
-  * Click **Next**.
-Wizard Firewall Rule Setup
-  * Firewall Rule:  **Checked**.
-  * OpenVPN Rule:  **Checked**.
-  * Click **Next**.
-----
-===== References =====
-https://www.firewallhardware.it/en/pfsense-and-openvpn-guide-to-creating-and-configuring-a-road-warrior-vpn-server/