Setting up a VPN

By Lilrich
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

Lilrich

Posted
Posted

Hello All,

I am after some help with my PfSense installation and hope that someone can help me out. What i am trying to do is setup a VPN connection to my home network so that when i am away from home i can access some shares that i have setup on one of my servers.

The PfSense: 192.168.33.1

The DHCP Range: 192.168.33.100-200

is there a way that in PfSense i can setup a VPN to allow me to do what i want?

Thanks

Richard

Link to comment
https://www.neowin.net/forum/topic/1094761-setting-up-a-vpn/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah what do you want to use pptp, ipsec, l2tp or openvpn - those are the 4 out of the box that you click and setup.

I would suggest openvpn, it runs on 1 port - which can be set to say 443 if need be - this port is normally always open no matter where you located. I use this pretty much daily to get into my network from work.

post-14624-0-24893700-1343643444.png

Rising Star

metro2012

Posted
Posted

@Metro why welcome to hell? Is there something i should know ;)

no.......i was setting up a openvpn server as well and i and budman made almost a 8 page thread. but thats because there were concepts that i did not have clear and because my situation was a bit more complicated. its very easy to set up a simply vpn connection with what you want.

did u look at openvpn's site? i think the best choice is openvpn as its generally well accepted on most platforms (windows, unix, osx, etc)

Mentor

Lilrich

Posted
  • Author
Posted

Budman, is that the only page that i need to fill in? I have been reading guides online that mention generating Certificates and Adding users etc then exporting bits and bobs to import into your client.

Thanks for that thought answers some of my questions :) What is that TLS Auth box, where did you get the data to go into there?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

yes you have to create a cert for the user, under usermanager - well to be honest you don't you could setup your open as user auth, or peer to peer shared key. But I would suggest creating cert.

As to what to export for the user, grab the "OpenVPN Client Export Utility" package

post-14624-0-87904500-1343727041_thumb.p

As to "Enable authentication of TLS packets. " It will create that cert for you once you click the box.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA.

Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

Mentor

Lilrich

Posted
  • Author
Posted
that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA. Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

What settings should i change then to set this up properly?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Are you making connection and just not getting authed?

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Mentor

Lilrich

Posted
  • Author
Posted
Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Their is a netgear router in front of my Pfsense box BUT it is in modem mode my pfsense box connects to the internet via that.

Are you making connection and just not getting authed?

I would appear to be making a connection as i get prompted for a username and password but then as soon as i hit return the connection drops.

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Okay i can do this later :)

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Will email now

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Not seeing any email? You going to email me what? The config file? If your getting prompted then that tells your connecting, port is open.

What does the status of your openvpn client say - can you pm me the logs of the connection.

Are you sure your putting in the correct username and password? That you setup for your account your wanting to use for access. Did you install the export package - what are you grabbing? It would not list your user for export if you don't have a cert on the account.

edit:

You say your on a mac right? Are you using http://www.thesparklabs.com/viscosity/ as your client, did you download the viscosity bundle from the export package?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Im in!

So saw your weatherstation on .250

C:\Windows\System32>ping 192.168.33.250

Pinging 192.168.33.250 with 32 bytes of data:

Reply from 192.168.33.250: bytes=32 time=143ms TTL=127

Reply from 192.168.33.250: bytes=32 time=144ms TTL=127

I set it to just tls vs + userauth.. You can set it back if you want. I just didn't want to have to deal with username/password.

There is no way you were ever getting asked for auth, that must of been just teh setting in the client. Your firewall rule was for udp 1194, the default openvpn port. I changed it to your setting of 443 tcp. Popped right in!

Feel free to delete my account, thanks that made it so much quicker in figuring out what was wrong. Or if you want you can leave it until you have connected in, etc. Or just disable it for now, if you ever want me to get back in.

edit: Hey so what are the details of this weatherstation? I have been interested in setting one up, but just never pulled the trigger. On your network, so assume your reporting info to somewhere, or just logging it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Samsung Galaxy Z Fold 8, Flip 8, Z Fold Wide: Everything you need to know

      By The Werewolf · Posted

      Samsung Galaxy Z Fold 8, Flip 8, Z Fold Wide: Everything you need to know The ONLY thing I need to know is the price, which I know will be way higher than I (and most people) are willing to pay for a phone... so basically nothing here I need to know. PS: Nice job getting that Apple reference to a non-existent and unrevealed product as "competition" in there. Cheque is in the mail.
    • AMD 9070XT

      By Steven P. · Posted

      Well I really think the repasting helped if your higher clocks have returned, maybe the next thing to look at is if there is a problem with your case airflow? I guess this because your 3080 has returned to optimal state, but is still staying too warm, which might suggest it was thermal throttling before you repasted, of which the only logical conclusion could be outside factors.
    • The official Funny Pictures thread

      By Steven P. · Posted

    • Samsung Galaxy Z Fold 8, Flip 8, Z Fold Wide: Everything you need to know

      By Hamid Ganji · Posted

      Samsung Galaxy Z Fold 8, Flip 8, Z Fold Wide: Everything you need to know by Hamid Ganji Galaxy Z Fold 7 - Image via Samsung The next generation of Samsung foldables is set to be unveiled next month at the second Unpacked event of the year. Samsung’s 2026 foldables are not expected to offer significant upgrades over their predecessors, with the Korean firm instead focusing on design refinements and conventional upgrades such as faster processors and better cameras. However, Samsung is reportedly planning to unveil an all-new passport-style foldable this year to rival Apple’s first foldable iPhone, which is expected to debut this September. Here’s a roundup of everything we know about Samsung’s upcoming foldable devices ahead of their official debut. When can we expect Samsung’s new foldables? The Galaxy Z Fold 7 and Z Flip 7 series were unveiled in July, and Samsung is expected to maintain this timeframe in 2026. Based on previous reports from Korean sources, Samsung will hold its Unpacked event on July 22 in London, UK, to pull back the curtain on the Galaxy Z Fold 8 series. The devices are also expected to hit the shelves a few weeks after launch. However, Samsung has yet to announce an official date. A new naming scheme? One of the most interesting changes we might see this year is a new naming scheme for Samsung’s latest foldables. SamMobile reported that since Samsung is expected to unveil three foldables this year, it has adopted a new naming strategy to simplify product identification for customers. Accordingly, the standard Galaxy Z Fold 8 will reportedly be called the Galaxy Z Fold 8 Ultra and will serve as the direct successor to last year’s Galaxy Z Fold 7. The “Ultra” suffix suggests the phone could feature higher-end specifications, such as additional rear camera modules. Samsung’s new passport-style foldable is expected to carry the Galaxy Z Fold 8 name without any suffix. This model is reportedly equipped with two rear cameras. No major changes are expected for the Flip model. Galaxy Z Fold 8 Ultra and Z Flip 8 anticipated specs Rumors over the past few months suggest Samsung is preparing several upgrades for its upcoming foldables, although the devices may continue to rely on larger batteries and faster charging speeds rather than dramatic design changes. The primary focus this year is expected to be the Galaxy Z Fold 8 and its wide-screen design. Galaxy Z Fold 8 Ultra official CAD renders - Image via AndroidHeadlines Here are the anticipated specifications for the Galaxy Z Fold 8 Ultra based on previous leaks: 6.5-inch outer display and 8-inch inner display, 120Hz refresh rate, and 2,600 nits peak brightness Snapdragon 8 Elite Gen 5 processor, paired with 12GB or 16GB of RAM and 256GB, 512GB, or 1TB of storage 4.1mm thickness when unfolded and a weight of 210g 200MP main camera, 50MP ultrawide camera, 10MP or 12MP telephoto camera, 10MP cover camera, and 10MP selfie camera 5,000mAh battery with 45W wired charging Android 17 and One UI 9 As for the Galaxy Z Flip 8, the device is not expected to be a major departure from its predecessor, although it could become slightly slimmer. Expected specifications include: Snapdragon 8 Elite Gen 5 or Exynos 2600 processor 12GB of RAM with 256GB and 512GB storage options 6.9-inch Dynamic AMOLED 2X inner dispaly and 4.1-inch Super AMOLED outer dispaly 50MP main camera, 12MP ultrawide camera, and 10MP selfie camera 4,300mAh battery with 25W wired charging Android 17 and One UI 9 Samsung’s foldables are also expected to launch with Gemini Intelligence, Google’s AI suite for automating tasks in Android ecosystem. Moreover, given current memory and component costs, some Galaxy Z Fold 8 Ultra and Z Flip 8 variants could see a price hike. Galaxy Z Fold 8 adopts a wide-screen design The centerpiece of the upcoming Unpacked event could be the Galaxy Z Fold 8, previously rumored as the Galaxy Z Fold Wide. This model adopts a passport-style form factor and is expected to compete directly with Apple’s iPhone Fold. Galaxy Z Fold 8 official CAD renders - Image via AndroidHeadlines Here’s what to expect: 7.6-inch primary OLED display and 5.4-inch cover display, 120Hz refresh rate, 2,600 nits peak brightness, and 4:3 aspect ratio Snapdragon 8 Elite Gen 5 processor, 12GB or 16GB of RAM, and 256GB, 512GB, or 1TB storage options 4,800mAh battery with 45W wired charging 50MP main camera, 50MP ultrawide camera, and 10MP selfie camera Android 17 and One UI 9 The three new foldable phones are unlikely to be the only devices unveiled at Samsung’s Unpacked event. The company is also expected to introduce the Galaxy Watch Ultra 2 and the Galaxy Watch 9 series.
    • Dopamine 3.0.6

      By Jaybonaut · Posted

      Thanks

  • Recent Achievements

    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter
    • One Month Later
      AndreaB earned a badge
      One Month Later
    • One Month Later
      agatameier earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      504
    2. 2
      +Edouard
      196
    3. 3
      PsYcHoKiLLa
      140
    4. 4
      ATLien_0
      88
    5. 5
      Steven P.
      81
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!