Configuring pfsense to work with TUVPN.com

blueberrystoreΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

235 εμφανίσεις

Configuring pfsense to work with TUVPN.com


Introduction


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 1 of 23


Configuring pfsense to work with TUVPN.com

1. Introduction
pfSense is a free open source PC firewall and router software based on FreeBSD operating system.
This tutorial is written for the following pfsense version:


2. Preparation
· Download the OpenVPN Client Installer (TUVPN-2.1.4-installer.exe) from TUVPN.com.
· Unzip file. There is no need to install it.
· You can find the following files in TUVPN-2.1.4-installer\config.


Please keep in mind that some ovpn files might not be available due to changes of TUVPN services.
Configuring pfsense to work with TUVPN.com


CA Manager


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 2 of 23
You will need the following files later on:


3. CA Manager
· Go into your pfsense machine via your web browser.
· Go to System → Cert Manager.
· Click on the CAs Tab and hit the + button to insert a new CA.
· Open the ca.crt file in notepad and copy and paste the entire contents into the
Certificate date box.

Use the following screenshot as a guide:


· Hit Save.
Configuring pfsense to work with TUVPN.com


CA Manager


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 3 of 23

You will now see your CA as follows:


· Click on the Certificates tab and hit the + button.
· Open the file called usuario.crt with notepad and copy and paste the contents into
Certificate data box.
· Open the file called usuario.key with notepad and copy and paste the entire contents into the
Private key data box.
Configuring pfsense to work with TUVPN.com


CA Manager


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 4 of 23

Use the following screenshot as a guide:


· Hit Save.
Configuring pfsense to work with TUVPN.com


CA Manager


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 5 of 23

Youll now see your Certificate as follows:

Configuring pfsense to work with TUVPN.com


Login File


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 6 of 23

4. Login File
· Navigate to Diagnostics → Edit file.
· Write /conf/TUVPN.pas in the Save/Load from path box.
· Add your username and password you have received from TUVPN to the first line and second
line as follows:



· Hit Save.
Configuring pfsense to work with TUVPN.com


OpenVPN Client


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 7 of 23

5. OpenVPN Client
· Go to VPN > OpenVPN.
· Choose the Client tab.
· Click on the + button.

Use the following screenshot as a guide:

Configuring pfsense to work with TUVPN.com


OpenVPN Client


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 8 of 23


· In the Server host or address enter the specific IP address of the TUVPN server you want to
connect to.
· By disabling the Automatically generate a shared TLS authentication key a new box appears.
· Open the file called ta.key with notepad and copy and paste the entire contents into this box.
· Copy the following commands into the Advanced box:
auth-user-pass /conf/TUVPN.pas;reneg-sec 172800;resolv-retry
infinite;persist-key;persist-tun;route-method exe;route-delay 2;ns-cert-
type server;explicit-exit-notify 2;verb 3;inactive 86400
· Hit Save.
Configuring pfsense to work with TUVPN.com


OpenVPN Client


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 9 of 23

Youll now see your OpenVPN in pfsense as follows:


· Go to Status → System Log and choose the OpenVPN tab.
· Check the OpenVPN log for the line openvpn[21178]: Initialization Sequence Completed.

Once you see such message, your tunnel to TUVPN is up. If you do not see this, it means your settings
are incorrect. Go back and start again.
Configuring pfsense to work with TUVPN.com


Interfaces


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 10 of 23

6. Interfaces
· Go to Interface > (assign) and hit the + button and you will add a new interface OPT1 with a
pull down box next to it.
· Select the TUVPN connection.
· Hit Save.
· Go to Interfaces select the OPT1 connection.
· Tick Enable Interface and change the Description to TUVPN.
· Tick Block private networks and Block bogon networks.
· Hit Save

Youll now see a list of interfaces as follows:

Configuring pfsense to work with TUVPN.com


Firewall


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 11 of 23

7. Firewall
· Go to Firewall > NAT and choose the Outbound tab.
· Tick Manual Outbound NAT rule generation (AON - Advanced Outbound NAT).

You will now see a list of outbound rules as follows:


· Hit Save and Apply changes.
Configuring pfsense to work with TUVPN.com


Firewall


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 12 of 23

· Go to Firewall > Rules and hit the + button under the LAN Tab.
· Create the following rule.



· Hit Save and Apply changes.
Configuring pfsense to work with TUVPN.com


Firewall


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 13 of 23

You should see the following:


· Go to the TUVPN tab and create the following rule by hitting the + button.
Configuring pfsense to work with TUVPN.com


Firewall


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 14 of 23

Use the following screenshot as a guide:


· Hit Save and Apply changes.
Configuring pfsense to work with TUVPN.com


Firewall


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 15 of 23

You should see the following:

Configuring pfsense to work with TUVPN.com


Gateway


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 16 of 23

8. Gateway
· Go to System > Routing and choose the Gateways tab.
· Hit the e button of the TUVPN gateway.


Configuring pfsense to work with TUVPN.com


Gateway


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 17 of 23

Use the following screenshot as a guide:

Configuring pfsense to work with TUVPN.com


General Setup


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 18 of 23

9. General Setup
· Go to the General Setup
· Choose WAN for gateway of all DNS Servers.
· Hit Save.

Use the following screenshot as a guide:

Configuring pfsense to work with TUVPN.com


General Setup


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 19 of 23

Youre done at this point. You should go to http://whatismyip.com to see the TUVPN IP address.
If not, just reboot the machine and all should work fine at this point.
Configuring pfsense to work with TUVPN.com


Cron (optional)


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 20 of 23

10. Cron (optional)
The reneg-sec 172800 parameter you entered into t he Advanced box of the OpenVPN Client takes
care for the TLS re-negotation which happens every 172800 secs (= 2 days). Sometimes I had problems
that my internet connection got lost during this re-negotation so I decided to re-start OpenVPN every
night at 5:30 by a cron job automatically.

· Go to System → Packages and choose the Available Packages tab.
· Install the Cron Package.
· Go to System → Packages and choose the Installed Packages tab.

You should see the following:

Configuring pfsense to work with TUVPN.com


Cron (optional)


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 21 of 23

· Go to Services → Cron.
· Hit the + button and use the following screenshot as a guide:


· Copy the following commands into the command box:
/usr/local/bin/php -f /usr/local/www/restart_openvpn.php
· Hit Save.
Configuring pfsense to work with TUVPN.com


Cron (optional)


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 22 of 23

You should see your nex cron job in the last line as follows:

Configuring pfsense to work with TUVPN.com


Cron (optional)


How to create an OpenVPN client to TUVPN.com 27.12.2012.doc Page 23 of 23

· Navigate to Diagnostics → Edit file.
· Copy the following commands in the Save/Load from path box
/usr/local/www/restart_openvpn.php
· Add the following line in the box below:
echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php q



· Hit Save.

Youre done at this point.

· Go to Status → System Log and choose the OpenVPN tab.
· Check the OpenVPN log for restarting at your specificed time schedule.