{"id":8,"date":"2008-10-29T14:09:01","date_gmt":"2008-10-29T21:09:01","guid":{"rendered":"http:\/\/www.1oc.com\/blog\/?p=8"},"modified":"2008-10-29T14:09:01","modified_gmt":"2008-10-29T21:09:01","slug":"setting-up-a-vpn-tunnel-wit-pfsense-and-openvpn","status":"publish","type":"post","link":"http:\/\/blog.1oc.com\/?p=8","title":{"rendered":"Setting up a VPN tunnel with pfSense and OpenVPN"},"content":{"rendered":"

You’ll ned to pfSense boxes.<\/p>\n

On our example we have both connected to INTERNET each one with one public access on the WAN\u00a0interface.<\/p>\n

For the LAN we’ve set up 2 class C networks. Let’s call pfSenseA the one using\u00a010.110.8.1 (as LAN), and pfSenseB the one using\u00a010.110.9.1.<\/p>\n

First, Go to System ->\u00a0Advance\u00a0Options and\u00a0Enable Secure Shell. We’ll connect to one of the boxes in order to create CA\u00a0certificates.<\/p>\n

We’ll start working on pfSeseB\u00a0which\u00a0is going to be our SERVER.<\/p>\n

\"Enable<\/a>

Enable Secure Shell<\/p><\/div>\n

\u00a0And then SSH to the box.<\/p>\n

>\u00a0ssh admin@10.110.9.1<\/p>\n

You’ll be presented with the Console options:<\/p>\n

*** Welcome to pfSense 1.2-RELEASE-embedded on fwofficebackup ***<\/p>\n

\u00a0<\/p>\n

\u00a0\u00a0OPT1(DMZ) \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0-> \u00a0 rl0 \u00a0 \u00a0 -> \u00a0 \u00a0 \u00a0NONE<\/p>\n

\u00a0\u00a0LAN* \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 -> \u00a0 rl1 \u00a0 \u00a0 -> \u00a0 \u00a0 \u00a010.110.9.1<\/p>\n

\u00a0\u00a0WAN* \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 -> \u00a0 rl2 \u00a0 \u00a0 -> \u00a0 \u00a0 \u00a067.63.42.4<\/p>\n

\u00a0<\/p>\n

\u00a0pfSense console setup\u00a0<\/p>\n

***********************<\/p>\n

\u00a00) \u00a0Logout (SSH only)<\/p>\n

\u00a01) \u00a0Assign Interfaces<\/p>\n

\u00a02) \u00a0Set LAN IP address<\/p>\n

\u00a03) \u00a0Reset webConfigurator password<\/p>\n

\u00a04) \u00a0Reset to factory defaults<\/p>\n

\u00a05) \u00a0Reboot system<\/p>\n

\u00a06) \u00a0Halt system<\/p>\n

\u00a07) \u00a0Ping host<\/p>\n

\u00a08) \u00a0Shell<\/p>\n

\u00a09) \u00a0PFtop<\/p>\n

10) \u00a0Filter Logs<\/p>\n

11) \u00a0Restart webConfigurator<\/p>\n

12) \u00a0pfSense PHP shell<\/p>\n

13) \u00a0Upgrade from console<\/p>\n

\u00a0<\/p>\n

Enter an option:\u00a0<\/p>\n

Just option 8 (shell).<\/div>\n
If you mounted disk is read-only move to\u00a0another-one\u00a0with rw privileges like “\/tmp”<\/div>\n
Then create a Shared Key<\/div>\n
>\u00a0openvpn –genkey –secret shared.key<\/div>\n
copy it to the pfSense as follow:<\/div>\n
>cat shared.key<\/div>\n
and Copy the output.<\/div>\n
Now, let’s go to pfSenseA and Click on VPN -> OpenVPN and ADD (+) an new Server:<\/div>\n
\n
\n
\"Add<\/a><\/dt>\n
Add a Server OpenVPN<\/dd>\n<\/dl>\n<\/div>\n
Let’s Create a TCP one, and copy the pasted key from the shell to the Share Key Field.<\/div>\n
Add a Pool of unused addresses, in our example we’ll use 192.168.70.0\/24 and for Remote Network use the net for pfSenseA, in our case\u00a010.110.8.0\/24<\/div>\n
And we SAVE the changes on the pfSenseA<\/div>\n
\n
\n
\"Server's<\/a><\/dt>\n
Server<\/dd>\n<\/dl>\n<\/div>\n
Now, on pfSenseA, will go to VPN->OpenVPN and we create a Client.<\/div>\n
Configure the protocol as TCP and copy the SAME shared key we used on the server-side<\/div>\n
As Server Address enter the PUBLIC IP address of pfSenseB.<\/div>\n
As Remote IP use pfSenseB network\u00a010.110.9.0\/24 and for Interface IP use the pool of addresses you used on the Server-side (192.168.70.0\/25)<\/div>\n
NOTE. the attached image has the wrong IP Interface address, I’ve troubleshoot it at a later time.<\/div>\n
And SAVE it.<\/div>\n
\n
\"Client's<\/a>

Client<\/p><\/div>\n

\u00a0<\/p>\n

Make sure that you allow incoming TCP to the OpenVPN port on both ipSense comming from each other.<\/p>\n

Now ping from one network to the other, and DONE.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

You’ll ned to pfSense boxes. On our example we have both connected to INTERNET each one with one public access on the WAN\u00a0interface. For the LAN we’ve set up 2 class C networks. Let’s call pfSenseA the one using\u00a010.110.8.1 (as … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-8","post","type-post","status-publish","format-standard","hentry","category-firewalls"],"_links":{"self":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/posts\/8","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8"}],"version-history":[{"count":0,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/posts\/8\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}