Wiki

User Tools

Site Tools

Trace: minimal_gui_with_display_manager check_the_current_link_speed_for_the_gpu
pfsense:use_expressvpn:configure_pfsense_to_use_the_expressvpn_configuration_files

This is an old revision of the document!

PFSense - Use ExpressVPN - Configure pfSense to use the ExpressVPN configuration files

Configure pfSense settings

Navigate to System → Cert. Manager.

Under “CAs,” click the Add button.

Enter the following:

  • Descriptive name: ExpressVPN_CA.
  • Method: Import an existing Certificate Authority.
  • Certificate data: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text that is wrapped within the <ca> portion of the file. Copying the entire string from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—–.
  • Certificate Private Key (optional): Leave this blank.
  • Serial for next certificate: 0. Or Leave this blank if it is not populated.
  • Click Save.

After entering the information, your screen should look like this:

Stay on this page and click Certificates at the top.

Under “Certificates” click the Add button.

  • Method: Import an existing Certificate.
  • Descriptive name: ExpressVPN_cert. Or something meaningful to you.
  • Certificate data: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text that is wrapped within the <cert> portion of the file. Copy the entire string from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—–.
  • Private key data: With your text editor still open, look for the text that is wrapped within the <key> portion of the file. Copy the entire string from —–BEGIN RSA PRIVATE KEY—– to —-END RSA PRIVATE KEY—-.
  • Click Save.

After entering the information, your screen should look like this:

Navigate to VPN → OpenVPN → Clients.

At the bottom of the screen, click Add.

In General Information enter:

  • Disabled: Not Checked.
  • Server mode: Peer to Peer (SSL/TLS).
  • Protocol: UDP on IPv4 only.
  • Device mode: tun - Layer 3 Tunnel Mode.
  • Interface: WAN.
  • Local port: <blank>.
  • Server host or address: france-paris-1-ca-version-2.expressnetw.com. Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for text that starts with remote, followed by a server name. Copy the server name string into this field (e.g., server-address-name.expressnetw.com).
  • Server port: 1195. Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for text that starts with remote. Take the port number at the end of the text. (e.g., 1195).
  • Proxy host or address: <blank>.
  • Proxy port: <blank>.
  • Proxy Authentication: none.
  • Description: ExpressVPN client - France Paris 1. Change as required.

In User Authentication Settings enter:

  • Username: .
  • Password: .
  • Authentication Retry: Not Checked.

In Cryptographic Settings enter:

  • TLS Configuration: . Use a TLS Key.
  • TLS Key: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for text that is wrapped within the <tls-auth> portion of the file. Ignore the “2048 bit OpenVPN static key” entries and start copying from —–BEGIN OpenVPN Static key V1—– to —–END OpenVPN Static key V1—–.
  • TLS Key Usage Mode: TLS Authentication.
  • Peer Certificate Authority: ExpressVPN_CA. Select the “ExpressVPN CA” that you created previously in the Cert. Manager steps.
  • Client Certificate: ExpressVPN_cert. Select the “ExpressVPN Cert” that you created previously in the Cert. Manager steps.
  • Encryption Algorithm: AES-256-CBC (256 bit key, 128 bit block). Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text cipher. In this example, the OpenVPN configuration is listed as “cipher AES-256-CBC,” so we will select “AES-256-CBC (256-bit key, 128-bit block) from the drop-down.
  • Enable NCP: Not Checked. Enable Negotiable Cryptographic Parameters.
  • NCP Algorithms: Ignore this section.
  • Auth digest algorithm: SHA512 (512 bit). Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text auth followed by the algorithm after. In this example, we saw “auth SHA512,” so we will select “SHA512 (512-bit)” from the dropdown.
  • Hardware Crypto: Intel RDRAND engine - RAND. Unless you know that your device supports hardware cryptography, leave this at No Hardware Crypto Acceleration.

In Tunnel Settings enter:

  • IPv4 Tunnel Network: <blank>.
  • IPv6 tunnel network: <blank>.
  • IPv4 remote network(s): <blank>.
  • IPv6 remote network(s): <blank>.
  • Limit outgoing bandwidth: <blank>.
  • Compression: Adaptive LZO Compression [Legacy style,comp-lzo adaptive].
  • Topology: Subnet – One IP address per client in a common subnet.
  • Type-of-service: Not Checked.
  • Don’t pull routes: Not Checked.
  • Don’t add/remove routes: Checked.
pfsense/use_expressvpn/configure_pfsense_to_use_the_expressvpn_configuration_files.1587139058.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki