Setting up a VPN

By Lilrich
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

Lilrich

Posted
Posted

Hello All,

I am after some help with my PfSense installation and hope that someone can help me out. What i am trying to do is setup a VPN connection to my home network so that when i am away from home i can access some shares that i have setup on one of my servers.

The PfSense: 192.168.33.1

The DHCP Range: 192.168.33.100-200

is there a way that in PfSense i can setup a VPN to allow me to do what i want?

Thanks

Richard

Link to comment
https://www.neowin.net/forum/topic/1094761-setting-up-a-vpn/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah what do you want to use pptp, ipsec, l2tp or openvpn - those are the 4 out of the box that you click and setup.

I would suggest openvpn, it runs on 1 port - which can be set to say 443 if need be - this port is normally always open no matter where you located. I use this pretty much daily to get into my network from work.

post-14624-0-24893700-1343643444.png

Rising Star

metro2012

Posted
Posted

@Metro why welcome to hell? Is there something i should know ;)

no.......i was setting up a openvpn server as well and i and budman made almost a 8 page thread. but thats because there were concepts that i did not have clear and because my situation was a bit more complicated. its very easy to set up a simply vpn connection with what you want.

did u look at openvpn's site? i think the best choice is openvpn as its generally well accepted on most platforms (windows, unix, osx, etc)

Mentor

Lilrich

Posted
  • Author
Posted

Budman, is that the only page that i need to fill in? I have been reading guides online that mention generating Certificates and Adding users etc then exporting bits and bobs to import into your client.

Thanks for that thought answers some of my questions :) What is that TLS Auth box, where did you get the data to go into there?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

yes you have to create a cert for the user, under usermanager - well to be honest you don't you could setup your open as user auth, or peer to peer shared key. But I would suggest creating cert.

As to what to export for the user, grab the "OpenVPN Client Export Utility" package

post-14624-0-87904500-1343727041_thumb.p

As to "Enable authentication of TLS packets. " It will create that cert for you once you click the box.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA.

Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

Mentor

Lilrich

Posted
  • Author
Posted
that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA. Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

What settings should i change then to set this up properly?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Are you making connection and just not getting authed?

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Mentor

Lilrich

Posted
  • Author
Posted
Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Their is a netgear router in front of my Pfsense box BUT it is in modem mode my pfsense box connects to the internet via that.

Are you making connection and just not getting authed?

I would appear to be making a connection as i get prompted for a username and password but then as soon as i hit return the connection drops.

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Okay i can do this later :)

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Will email now

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Not seeing any email? You going to email me what? The config file? If your getting prompted then that tells your connecting, port is open.

What does the status of your openvpn client say - can you pm me the logs of the connection.

Are you sure your putting in the correct username and password? That you setup for your account your wanting to use for access. Did you install the export package - what are you grabbing? It would not list your user for export if you don't have a cert on the account.

edit:

You say your on a mac right? Are you using http://www.thesparklabs.com/viscosity/ as your client, did you download the viscosity bundle from the export package?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Im in!

So saw your weatherstation on .250

C:\Windows\System32>ping 192.168.33.250

Pinging 192.168.33.250 with 32 bytes of data:

Reply from 192.168.33.250: bytes=32 time=143ms TTL=127

Reply from 192.168.33.250: bytes=32 time=144ms TTL=127

I set it to just tls vs + userauth.. You can set it back if you want. I just didn't want to have to deal with username/password.

There is no way you were ever getting asked for auth, that must of been just teh setting in the client. Your firewall rule was for udp 1194, the default openvpn port. I changed it to your setting of 443 tcp. Popped right in!

Feel free to delete my account, thanks that made it so much quicker in figuring out what was wrong. Or if you want you can leave it until you have connected in, etc. Or just disable it for now, if you ever want me to get back in.

edit: Hey so what are the details of this weatherstation? I have been interested in setting one up, but just never pulled the trigger. On your network, so assume your reporting info to somewhere, or just logging it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By Co-ords · Posted

      What about HL3?
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By ShadeOfBlue · Posted

      But building your own.. what? You can't build anything like the Steam Machine yourself. Even trying to get close costs a good deal more. Even just the CPU cooler in their price comparison is as big as the entire Steam Machine. If you want a regular gaming PC, then by all means, build that. If you want a a small console-like PC for the living room that is good for gaming, I'm not sure what else is a better deal. In the GN review, they only mentioned a small form factor Dell, which is like twice the size and hundreds of dollars more expensive.
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By ShadeOfBlue · Posted

      Those are some popular multiplayer games. But hardly "all". Just those that don't work on Linux currently due to specific anti-cheat implementations. I think it's also fair to point out the literally thousands of games that don't work on the PS5. And it's not locked at 1080p. That's the default, which you can change.
    • Ubuntu Livepatch arrives on Arm64 to eliminate system reboots for kernel updates

      By zikalify · Posted

      Ubuntu Livepatch arrives on Arm64 to eliminate system reboots for kernel updates by Paul Hill Canonical has just announced that its Livepatch service now supports computers with Arm64 processors. For those who are not familiar, Livepatch allows users to apply important kernel updates without any service interruption or rebooting. While home users will benefit from this, it’s even more important for critical machines that absolutely should not be going offline at all. The feature is available as part of Ubuntu Core 26 for Arm64 and Ubuntu Core 20 and onwards for AMD64. According to Canonical, this will improve the security of systems that aren’t security-maintained daily or weekly, and it helps organizations work towards Cyber Resilience Act (CRA) compliance. If you are familiar with Ubuntu, you probably know that most packages can be updated without having to restart the system. There is one big exception to this, and that’s the kernel; it typically requires you to reload the system to boot into the new kernel. With Livepatch, Canonical has done something so that you don’t need to restart to begin using the new kernel. Aside from Ubuntu Core 26, users with Arm64 chips running Ubuntu 26.04 LTS can also use Livepatch. If you want to learn more about Livepatch, check out its product page. There, you can also find a button to join Ubuntu Pro (it’s free for several home devices) so that you can enable Livepatch. By linking your computer to Ubuntu Pro, you will also extend the life of your Ubuntu install from five years to ten years. If you are running Ubuntu, let us know in the comments if you have been looking forward to this feature on your ARM-based computer. If you’ve had a compatible AMD64 machine for a while and never used this feature, let us know why in the comments!
    • The official Funny Pictures thread

      By Steven P. · Posted

  • Recent Achievements

    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post
    • Dedicated
      tuben earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      500
    2. 2
      +Edouard
      207
    3. 3
      PsYcHoKiLLa
      97
    4. 4
      Michael Scrip
      89
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!