Setting up a VPN

By Lilrich
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

Lilrich

Posted
Posted

Hello All,

I am after some help with my PfSense installation and hope that someone can help me out. What i am trying to do is setup a VPN connection to my home network so that when i am away from home i can access some shares that i have setup on one of my servers.

The PfSense: 192.168.33.1

The DHCP Range: 192.168.33.100-200

is there a way that in PfSense i can setup a VPN to allow me to do what i want?

Thanks

Richard

Link to comment
https://www.neowin.net/forum/topic/1094761-setting-up-a-vpn/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah what do you want to use pptp, ipsec, l2tp or openvpn - those are the 4 out of the box that you click and setup.

I would suggest openvpn, it runs on 1 port - which can be set to say 443 if need be - this port is normally always open no matter where you located. I use this pretty much daily to get into my network from work.

post-14624-0-24893700-1343643444.png

Rising Star

metro2012

Posted
Posted

@Metro why welcome to hell? Is there something i should know ;)

no.......i was setting up a openvpn server as well and i and budman made almost a 8 page thread. but thats because there were concepts that i did not have clear and because my situation was a bit more complicated. its very easy to set up a simply vpn connection with what you want.

did u look at openvpn's site? i think the best choice is openvpn as its generally well accepted on most platforms (windows, unix, osx, etc)

Mentor

Lilrich

Posted
  • Author
Posted

Budman, is that the only page that i need to fill in? I have been reading guides online that mention generating Certificates and Adding users etc then exporting bits and bobs to import into your client.

Thanks for that thought answers some of my questions :) What is that TLS Auth box, where did you get the data to go into there?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

yes you have to create a cert for the user, under usermanager - well to be honest you don't you could setup your open as user auth, or peer to peer shared key. But I would suggest creating cert.

As to what to export for the user, grab the "OpenVPN Client Export Utility" package

post-14624-0-87904500-1343727041_thumb.p

As to "Enable authentication of TLS packets. " It will create that cert for you once you click the box.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA.

Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

Mentor

Lilrich

Posted
  • Author
Posted
that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA. Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

What settings should i change then to set this up properly?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Are you making connection and just not getting authed?

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Mentor

Lilrich

Posted
  • Author
Posted
Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Their is a netgear router in front of my Pfsense box BUT it is in modem mode my pfsense box connects to the internet via that.

Are you making connection and just not getting authed?

I would appear to be making a connection as i get prompted for a username and password but then as soon as i hit return the connection drops.

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Okay i can do this later :)

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Will email now

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Not seeing any email? You going to email me what? The config file? If your getting prompted then that tells your connecting, port is open.

What does the status of your openvpn client say - can you pm me the logs of the connection.

Are you sure your putting in the correct username and password? That you setup for your account your wanting to use for access. Did you install the export package - what are you grabbing? It would not list your user for export if you don't have a cert on the account.

edit:

You say your on a mac right? Are you using http://www.thesparklabs.com/viscosity/ as your client, did you download the viscosity bundle from the export package?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Im in!

So saw your weatherstation on .250

C:\Windows\System32>ping 192.168.33.250

Pinging 192.168.33.250 with 32 bytes of data:

Reply from 192.168.33.250: bytes=32 time=143ms TTL=127

Reply from 192.168.33.250: bytes=32 time=144ms TTL=127

I set it to just tls vs + userauth.. You can set it back if you want. I just didn't want to have to deal with username/password.

There is no way you were ever getting asked for auth, that must of been just teh setting in the client. Your firewall rule was for udp 1194, the default openvpn port. I changed it to your setting of 443 tcp. Popped right in!

Feel free to delete my account, thanks that made it so much quicker in figuring out what was wrong. Or if you want you can leave it until you have connected in, etc. Or just disable it for now, if you ever want me to get back in.

edit: Hey so what are the details of this weatherstation? I have been interested in setting one up, but just never pulled the trigger. On your network, so assume your reporting info to somewhere, or just logging it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Politically funny images of the World

      By snowy owl · Posted

    • BleachBit 6.0.1 Beta

      By Copernic · Posted

      BleachBit 6.0.1 Beta by Razvan Serea When your computer is getting full, BleachBit quickly frees disk space. When your information is only your business, BleachBit guards your privacy. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean thousands of applications including Firefox, Microsoft Edge, Google Chrome, Opera, Safari, and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source. BleachBit has many useful features: Delete your private files so completely that "even God can't read them" according to South Carolina Representative Trey Gowdy. Simple operation: read the descriptions, check the boxes you want, click preview, and click delete. Multi-platform: Linux and Windows Free of charge and no money trail Free to share, learn, and modify (open source) No adware, spyware, malware, browser toolbars, or "value-added software" Translated to 64 languages besides American English Shred files to hide their contents and prevent data recovery Shred any file (such as a spreadsheet on your desktop) Overwrite free disk space to hide previously deleted files Portable app for Windows: run without installation Command line interface for scripting and automation CleanerML allows anyone to write a new cleaner using XML Automatically import and update winapp2.ini cleaner files (a separate download) giving Windows users access to 2500+ additional cleaners Frequent software updates with new features Going beyond standard deletion of files, BleachBit has several advanced cleaners: Clear the memory and swap on Linux Delete broken shortcuts on Linux Delete the Firefox URL history without deleting the whole file—with optional shredding Delete Linux localizations: delete languages you don't use. More powerful than localepurge and available on more Linux distributions. Clean APT for Debian, Ubuntu, Kubuntu, Xubuntu, and Linux Mint Find widely-scattered junk such as Thumbs.db and .DS_Store files. Execute yum clean for CentOS, Fedora, and Red Hat to remove cached package data Delete Windows registry keys—often where MRU (most recently used) lists are stored Delete the OpenOffice.org recent documents list without deleting the whole Common.xcu file Overwrite free disk space to hide previously files Vacuum Firefox, Google Chrome, Liferea, Thunderbird, and Yum databases: shrink files without removing data to save space and improve speed Surgically remove private information from .ini and JSON configuration files and SQLite3 databases without deleting the whole file Overwrite data in SQLite3 before deleting it to prevent recovery (optional) BleachBit 6.0.1 Beta release notes: BleachBit 6.0.1 beta is now available for testing. This maintenance-focused release includes bug fixes, updated translations, and a range of safe enhancements. This release fixes a Windows security issue that could allow arbitrary file deletion during privileged cleaning (reported by Zeze with TeamT5). It also adds new cleaners (including a DNS cache cleaner, Claude Code, and Visual Studio Code forks), support for multiple Chrome and Edge profiles, new deep scan options for developer directories like node_modules and venv, and safer, faster file shredding. All Platforms Added cleaners for Claude Code, DNS cache, and many Visual Studio Code forks. Added support for multiple Chrome and Edge profiles. Chrome can now clean downloaded AI models. Deep Scan can optionally remove venv, __pycache__, node_modules, and .angular directories. Deep Scan is faster by skipping directories on the keep list. File shredding is safer, faster, and leaves fewer recoverable traces. Improved handling of cookies, symlinks, Unicode filenames, external processes, and configuration files. Improved Expert Mode warnings and long warning dialogs. Fixed crashes related to cleaner detection, invalid Unicode, and malformed cleaner data. Clipboard is now cleared automatically after shredding files via paste operations. Linux Added AppImage support. Added cleaners for Visual Studio Code, Codeium, Librewolf (.deb), Transmission (Flatpak), and Profanity. Improved Linux trash detection, including Snap-installed applications and mounted drives. Fixed Wayland root CLI issues and several Snap-related problems. Improved package dependencies, AppStream metadata, and desktop file handling. Fixed startup crashes when Python Requests is unavailable. Windows Fixed a security vulnerability that could allow arbitrary file deletion when cleaning with elevated privileges. Added %WindowsSystem% variable support. Improved clipboard clearing using native Windows APIs. Improved installer experience on unsupported Windows versions. Reduced installer size and improved application robustness. Fixed Unicode handling, filename anonymization, Git revision reporting, and splash screen stability. [full release notes] Download: BleachBit 6.0 | Portable | ~20.0 MB (Open Source) View: BleachBit Home page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • DriversCloud 12.1.6

      By Copernic · Posted

      DriversCloud 12.1.6 by Razvan Serea With DriversCloud (formerly My-Config.com), you can explore your computer easily, safely and free. The application quickly scans your PC and identifies the hardware and software components. DriversCloud then establishes a list of the different drivers compatible with your OS and hardware. Download the drivers needed for the proper functioning of your computer. To detect your drivers, DriversCloud also displays a detailed summary of your hardware and software configuration, analyzes your BSOD, monitors in real-time your PC voltages and temperatures and lets you share your configuration online. Once the hardware components have been detected, you will be able to obtain with just a few clicks the latest drivers corresponding to the identified hardware. You can record your configuration on the site for free, and can get the corresponding URL to post the configuration to technical forums, e-mail and social networks. You can also download the detection result (the configuration) as a PDF file. To protect the user's privacy and data confidentiality, a 4-level confidentiality system was created that filters the XML marks and gives control to the user. The default level can be modified in the preferences. Using the maximum level will prevent the user from publishing his configuration and generating a corresponding PDF file. In non-connected mode, each XML configuration is stored on the server for one day (for practical reasons). However, you are given the opportunity to manually delete it. Created in 2004, and continually improved, My-Config.com has established itself on the web as a free service to PC users running Windows and Linux operating systems. The service is designed to work with the most common Internet browsers (Edge, Firefox, Chrome, Safari). Download: DriversCloud 64-bit | 20.0 MB (Freeware) Download: DriversCloud 32-bit | 18.9 MB Link: DriversCloud Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Microsoft about to radically change how often your Edge browser updates

      By +mram · Posted

      Ummmm Read my comment again.
    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • One Month Later
      AndreaB earned a badge
      One Month Later
    • One Month Later
      agatameier earned a badge
      One Month Later
    • Week One Done
      agatameier earned a badge
      Week One Done
    • Week One Done
      ssd21345 earned a badge
      Week One Done
    • Contributor
      MarkHughes4096 went up a rank
      Contributor

  • Popular Contributors

    1. 1
      +primortal
      516
    2. 2
      +Edouard
      189
    3. 3
      PsYcHoKiLLa
      148
    4. 4
      ATLien_0
      96
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!