Sign in to follow this  
Followers 0

pfsense Setting up a VPN


38 posts in this topic

Posted

Hello All,

I am after some help with my PfSense installation and hope that someone can help me out. What i am trying to do is setup a VPN connection to my home network so that when i am away from home i can access some shares that i have setup on one of my servers.

The PfSense: 192.168.33.1

The DHCP Range: 192.168.33.100-200

is there a way that in PfSense i can setup a VPN to allow me to do what i want?

Thanks

Richard

Share this post


Link to post
Share on other sites

Posted

Yeah what do you want to use pptp, ipsec, l2tp or openvpn - those are the 4 out of the box that you click and setup.

I would suggest openvpn, it runs on 1 port - which can be set to say 443 if need be - this port is normally always open no matter where you located. I use this pretty much daily to get into my network from work.

post-14624-0-24893700-1343643444.png

Share this post


Link to post
Share on other sites

Posted

welcome to hell.......at least you have your angel budman to help you :p

(its not that difficult in a normal vpn situation; im just sayin that from another thread...)

Share this post


Link to post
Share on other sites

Posted

Excellent, thanks BudMan - will give this a shot when i get home tonight.

@Metro why welcome to hell? Is there something i should know ;)

Share this post


Link to post
Share on other sites

Posted

metro -- what you were doing is NOT even close to a normal setup!!

Share this post


Link to post
Share on other sites

Posted

metro -- what you were doing is NOT even close to a normal setup!!

reason why i mentioned its not that difficult in a normal situation :p cant wait to tell you when we implement it in a real world scenario (probably next week or so)

Share this post


Link to post
Share on other sites

Posted

BudMan do you think you can help me set this up? I am rather stuck.

Share this post


Link to post
Share on other sites

Posted

@Metro why welcome to hell? Is there something i should know ;)

no.......i was setting up a openvpn server as well and i and budman made almost a 8 page thread. but thats because there were concepts that i did not have clear and because my situation was a bit more complicated. its very easy to set up a simply vpn connection with what you want.

did u look at openvpn's site? i think the best choice is openvpn as its generally well accepted on most platforms (windows, unix, osx, etc)

Share this post


Link to post
Share on other sites

Posted

Happy to help, where are you stuck?

Share this post


Link to post
Share on other sites

Posted

There are lots of options that i am not really comfortable with filling in.

Certificates and IP ranges etc, i am not embaressed to say that i am a little confused by the whole config so a little guidence would be highly welcomed.

Share this post


Link to post
Share on other sites

Posted

here is mine, if that helps.

Just point out what you have questions on

post-14624-0-40363200-1343726044_thumb.p

Share this post


Link to post
Share on other sites

Posted

Budman, is that the only page that i need to fill in? I have been reading guides online that mention generating Certificates and Adding users etc then exporting bits and bobs to import into your client.

Thanks for that thought answers some of my questions :) What is that TLS Auth box, where did you get the data to go into there?

Share this post


Link to post
Share on other sites

Posted

yes you have to create a cert for the user, under usermanager - well to be honest you don't you could setup your open as user auth, or peer to peer shared key. But I would suggest creating cert.

As to what to export for the user, grab the "OpenVPN Client Export Utility" package

post-14624-0-87904500-1343727041_thumb.p

As to "Enable authentication of TLS packets. " It will create that cert for you once you click the box.

Share this post


Link to post
Share on other sites

Posted

Okay i will give this a go, going to be connecting to the VPN from a mac so i hope it will work.

Share this post


Link to post
Share on other sites

Posted

yeah no reason why it shouldn't mac runs openvpn client, then your good.

Please make sure your OUTSIDE your network!! Don't try connecting from inside your own network.

Share this post


Link to post
Share on other sites

Posted

Okay i have set the server page up, is this right?

post-185680-0-04220500-1343758511_thumb.

post-185680-0-20945900-1343758490_thumb.

post-185680-0-57958900-1343758499_thumb.

I have also added a user to the user manager screen

post-185680-0-00624000-1343758553_thumb.

and added a certificate

post-185680-0-65264700-1343758602_thumb.

Share this post


Link to post
Share on other sites

Posted

that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA.

Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

Share this post


Link to post
Share on other sites

Posted

that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA. Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

What settings should i change then to set this up properly?

Share this post


Link to post
Share on other sites

Posted

Oh man - if I only knew abt this when I was in HS...!

Damn it.

Share this post


Link to post
Share on other sites

Posted

I must be doing something wrong as i can't seem to connect to the VPN from outside the network, any ideas?

Share this post


Link to post
Share on other sites

Posted

Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Are you making connection and just not getting authed?

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Share this post


Link to post
Share on other sites

Posted

Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Their is a netgear router in front of my Pfsense box BUT it is in modem mode my pfsense box connects to the internet via that.

Are you making connection and just not getting authed?

I would appear to be making a connection as i get prompted for a username and password but then as soon as i hit return the connection drops.

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Okay i can do this later :)

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Will email now

Share this post


Link to post
Share on other sites

Posted

Not seeing any email? You going to email me what? The config file? If your getting prompted then that tells your connecting, port is open.

What does the status of your openvpn client say - can you pm me the logs of the connection.

Are you sure your putting in the correct username and password? That you setup for your account your wanting to use for access. Did you install the export package - what are you grabbing? It would not list your user for export if you don't have a cert on the account.

edit:

You say your on a mac right? Are you using http://www.thesparklabs.com/viscosity/ as your client, did you download the viscosity bundle from the export package?

Share this post


Link to post
Share on other sites

Posted

Budman i have emailed you login details for the pfsense box.

Share this post


Link to post
Share on other sites

Posted

Im in!

So saw your weatherstation on .250

C:\Windows\System32>ping 192.168.33.250

Pinging 192.168.33.250 with 32 bytes of data:

Reply from 192.168.33.250: bytes=32 time=143ms TTL=127

Reply from 192.168.33.250: bytes=32 time=144ms TTL=127

I set it to just tls vs + userauth.. You can set it back if you want. I just didn't want to have to deal with username/password.

There is no way you were ever getting asked for auth, that must of been just teh setting in the client. Your firewall rule was for udp 1194, the default openvpn port. I changed it to your setting of 443 tcp. Popped right in!

Feel free to delete my account, thanks that made it so much quicker in figuring out what was wrong. Or if you want you can leave it until you have connected in, etc. Or just disable it for now, if you ever want me to get back in.

edit: Hey so what are the details of this weatherstation? I have been interested in setting one up, but just never pulled the trigger. On your network, so assume your reporting info to somewhere, or just logging it?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.