This article shows you how to setup the OpenVPN on pfSense, so that a user can securely access their application servers without the needs to open public ports on the firewall.
* This procedure works for pfSense 2.0.x.
* This procedure use the pfSense internal user database, this is suitable for companies with only a few remote users. (In larger deployment, pfSense can use LDAP for centralized authentication).
== Create SSL Certificates ==
# Before we can install our OpenVPN server, we must set up our own certificate authority and a self-signed SSL server certificate. Please read [[How to setup pfSense SSL Certificate Authority]] for how to create them.
== Add OpenVPN Client Export Utility ==
# Open System > Packages. Open Available Packages tab.
# Find “OpenVPN Client Export Utility”, Click [+] to install it.
# Click [OK] to accept the installation and wait for the installation to complete.
== Create OpenVPN Server ==
# Open VPN > OpenVPN, then click the Wizards tab.
# On Type of Server, choose Local User Access, click Next.
# On Certificate Authority, choose the Example-RootCA we created. Click Next.
# On Certificate, choose the server certificate we created. Click Next.
# In General OpenVPN Server Information, change port to 11194 and input a Description.
# In Cryptographic Settings, don’t change anything (the default is fine).
# In Tunnel Settings, input the values like the picture below.
#* Tunnel Network: Use the suggested value (10.0.8.0/24).
#* Redirect Gateway: Normally Unchecked.
If you check this, OpenVPN will becomes the default gateway of the client. (E.g. Allow China users access blocked web sites).
#* Local Network: Input the LAN subnet on your VDC (as shown in Interface > LAN).
#* Concurrent Connections and Duplicate Connections is recommended, because users often have multiple devices (notebook, tablet, phone, etc).
# In Client Settings, input the DNS Default Domain (e.g. example.local) and the DNS Server (e.g. LAN IP of your pfSense) for the client.
# Click Next.
# Check Firewall Rule and OpenVPN rule, then click Next.
# Click Finish.
== Check Firewall Rules ==
# Now, we need to make sure the follow firewall rules were correctly added by the wizard.
# Open Firewall > Rules. On the WAN tab, there should be a rule that open the OpenVPN Server port on WAN.
# Open the OpenVPN tab, there should be a rule that allow everything from/to the OpenVPN network.
== Create Users ==
# Open System > User Manager. Open the Users tab. Click [+] to add a new user.
# Create an user “John”. Select “Click to create a user certificate”.
# Input the Descriptive name and click Save.
Now, our OpenVPN server has been installed. Next step is to install OpenVPN client for our Windows and Mac Users.