{ 2009 10 07 }

Set up SSL VPN for pfSense 1.2

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Purpose

An SSL VPN provides a tunneled connection which may be authenticated using PKI, or shared secret credentials. It is helpful in the sense that all it needs to operate is TCP port 443 open for SSL traffic, which may work better with existing firewall situations.

Procedures

First a reference of IP addresses and interfaces is needed to make this go a bit smoother.

pfSense version 1.2.1
WAN Interface: 172.17.100.3/24
LAN Interface: 192.168.101.1/24

  1. Loaded pfSense web interface by navigating to http://192.168.101.1/
  2. Navigated to VPN tab then OpenVPN underneath that.
  3. Clicked + symbol on right side of the blank table inside the server tab.
  4. Set protocol to TCP
  5. Placed a check in the box to assume dynamic IPs, so that DHCP clients can connect.
  6. Used address pool of “10.0.8.0/24″ for VPN clients.
  7. Selected BF-CBC (128-bit) cryptography.
  8. Selected Shared Key as Authentication Method.
  9. Inserted the shared key that was generate by the OpenVPN software which was generated on the client side.
  10. Checked the box to enable LZO compression.
  11. Entered “Client Access SSL” under Description.
  12. Save

Client Configuration

  1. Downloaded and installed OPenVPN and the OpenVPN GUI on client machine (Windows XP in this case).
  2. Navigated to Programs->OpenVPN->Generate a static OpenVPN key
  3. Clicked Enter to close the command prompt
  4. Navigated to “C:\Program Files\OpenVPN\config”
  5. Found “key.txt” and renamed to “client-access-vpn.key”
  6. Navigated to “C:\Program Files\Open VPN\sample-config”
  7. Copied the file “client.ovpn”
  8. Navigated back to the “config” folder and pasted the “client.ovpn” file
  9. Edited the file as seen below

remote 172.17.100.3
proto tcp-client
dev tun
tun-mtu 1500
ifconfig 10.0.8.2 10.0.8.1
secret client-access-vpn.key
ping 10
comp-lzo
verb 4
mute 1
route-delay 2
route-method exe
route 192.168.101.0 255.255.255.0 10.0.8.1

Client Connection

  1. Navigated to Programs->OpenVPN->OpenVPN GUI
  2. Right-clicked OpenVPN GUI icon
  3. Clicked Connect

Posted by Andrew on Wednesday, October 7th, 2009, at 9:07 am, and filed under General.

Follow any responses to this entry with the RSS 2.0 feed.