Setting up a VPN

By Lilrich
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

Lilrich

Posted
Posted

Hello All,

I am after some help with my PfSense installation and hope that someone can help me out. What i am trying to do is setup a VPN connection to my home network so that when i am away from home i can access some shares that i have setup on one of my servers.

The PfSense: 192.168.33.1

The DHCP Range: 192.168.33.100-200

is there a way that in PfSense i can setup a VPN to allow me to do what i want?

Thanks

Richard

Link to comment
https://www.neowin.net/forum/topic/1094761-setting-up-a-vpn/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah what do you want to use pptp, ipsec, l2tp or openvpn - those are the 4 out of the box that you click and setup.

I would suggest openvpn, it runs on 1 port - which can be set to say 443 if need be - this port is normally always open no matter where you located. I use this pretty much daily to get into my network from work.

post-14624-0-24893700-1343643444.png

Rising Star

metro2012

Posted
Posted

@Metro why welcome to hell? Is there something i should know ;)

no.......i was setting up a openvpn server as well and i and budman made almost a 8 page thread. but thats because there were concepts that i did not have clear and because my situation was a bit more complicated. its very easy to set up a simply vpn connection with what you want.

did u look at openvpn's site? i think the best choice is openvpn as its generally well accepted on most platforms (windows, unix, osx, etc)

Mentor

Lilrich

Posted
  • Author
Posted

Budman, is that the only page that i need to fill in? I have been reading guides online that mention generating Certificates and Adding users etc then exporting bits and bobs to import into your client.

Thanks for that thought answers some of my questions :) What is that TLS Auth box, where did you get the data to go into there?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

yes you have to create a cert for the user, under usermanager - well to be honest you don't you could setup your open as user auth, or peer to peer shared key. But I would suggest creating cert.

As to what to export for the user, grab the "OpenVPN Client Export Utility" package

post-14624-0-87904500-1343727041_thumb.p

As to "Enable authentication of TLS packets. " It will create that cert for you once you click the box.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA.

Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

Mentor

Lilrich

Posted
  • Author
Posted
that is a CA your showing not a certificate, the user your logging in with should have a cert. But my quick looks and should work, you don't have netbios enabled so you want be able to broadcast for names. But should be able to get logged in, if you have a cert on the user account signed by your CA. Your also asking for userauth, which I personally don't see the need for - user has to have the CERT to login, but sure you can also ask for password. I just think its more overhead for no real reason. Only person that would have my cert is ME, and if I lost it I would just revoke it, etc.

What settings should i change then to set this up properly?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Are you making connection and just not getting authed?

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Mentor

Lilrich

Posted
  • Author
Posted
Is your pfsense wan interface actually on the public? Or is there some device in front of it?

Their is a netgear router in front of my Pfsense box BUT it is in modem mode my pfsense box connects to the internet via that.

Are you making connection and just not getting authed?

I would appear to be making a connection as i get prompted for a username and password but then as soon as i hit return the connection drops.

Can you send me your export stuff and I can try to connect. Tell you what if you set pfsense to be remote admin, I can remote in and set it up for you, and then even test it from my box.

Okay i can do this later :)

Can't seem to connect, the way I read that is port is not even open - or your pfsense is not listening, or you have something blocking you before you pfsense. So for sure your pfsense is directly connected to the internet - you don't have some modem/router doing nat in front of it? I will PM you my email, send me your openvpn export packet with the connection info in it and I will try and connect.

Will email now

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Not seeing any email? You going to email me what? The config file? If your getting prompted then that tells your connecting, port is open.

What does the status of your openvpn client say - can you pm me the logs of the connection.

Are you sure your putting in the correct username and password? That you setup for your account your wanting to use for access. Did you install the export package - what are you grabbing? It would not list your user for export if you don't have a cert on the account.

edit:

You say your on a mac right? Are you using http://www.thesparklabs.com/viscosity/ as your client, did you download the viscosity bundle from the export package?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Im in!

So saw your weatherstation on .250

C:\Windows\System32>ping 192.168.33.250

Pinging 192.168.33.250 with 32 bytes of data:

Reply from 192.168.33.250: bytes=32 time=143ms TTL=127

Reply from 192.168.33.250: bytes=32 time=144ms TTL=127

I set it to just tls vs + userauth.. You can set it back if you want. I just didn't want to have to deal with username/password.

There is no way you were ever getting asked for auth, that must of been just teh setting in the client. Your firewall rule was for udp 1194, the default openvpn port. I changed it to your setting of 443 tcp. Popped right in!

Feel free to delete my account, thanks that made it so much quicker in figuring out what was wrong. Or if you want you can leave it until you have connected in, etc. Or just disable it for now, if you ever want me to get back in.

edit: Hey so what are the details of this weatherstation? I have been interested in setting one up, but just never pulled the trigger. On your network, so assume your reporting info to somewhere, or just logging it?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • The official Funny Pictures thread

      By Third Envoqation · Posted

    • TerraMaster F2-425 Pro review: a low-powered Intel NAS that ships with AI (OpenClaw)

      By Steven P. · Posted

      I agree, especially if it is cloud sourced, like this one is.. but I wouldn't say no to a local AI assistant similar to the Zettlab one which would be really helpful with my large Photos library, but also to perform tasks like installing Docker apps rather than me having to do it via Docker Compose, but I don't think we're quite there yet. Synology Photos is somewhat AI, you can ask it to search for certain people (if you have tagged them and it will attempt to match similar photos to the person) and if you put a search term in for "cars" for example, it will show you all photos with a car.
    • Google Pixel 11 series: Here's what to expect

      By macoman · Posted

      I doubt that Google will keep the same price... it may go up from that list published.
    • Sennheiser's audiophile grade HD 600 hits lowest ever price on Amazon Prime Day 2026

      By hellowalkman · Posted

      Sennheiser's audiophile grade HD 600 hits lowest ever price on Amazon Prime Day 2026 by Sayan Sen If you are in the market for high-quality audiophile-grade over-ear headphones then Sennheiser's HD 600 are a great choice for sure, especially today on Prime Day 2026 as the product has hit its lowest ever price (purchase link under the specs table down below). The Sennheiser HD 600 has long been regarded as a reference headphone for listeners seeking a detailed and natural listening experience. It is an open-back design that is built around the idea of acoustic transparency which is essentially said to allow sound waves to move freely for a more spacious and accurate presentation by reducing turbulence and the type of distortion that can result from it. At the heart of the product is Sennheiser’s proprietary driver system featuring a 42 mm driver paired with a lightweight diaphragm and aluminum voice coils. The company says this design helps deliver fast response times and better articulate sound across the audible frequency range. Comfort and durability are also key aspects of the HD 600 as the headphones feature soft velour ear pads designed for extended listening sessions. The HD 600 comes with a detachable 3-meter cable, a 6.3 mm stereo connector, and a 3.5 mm adapter for compatibility with a wide range of audio equipment. The technical specs of the Sennheiser HD 600 are given in the table below: Specification Value Transducer Principle Dynamic, Open-Back Ear Coupling Circumaural (Over-Ear) Frequency Response 12 Hz – 40,500 Hz Sound Pressure Level (SPL) 97 dB (1 V) Impedance 300 Ω Total Harmonic Distortion (THD) < 0.1% (1 kHz, 1 V) Cable Length 3 m (9.8 ft) Connector 3.5 mm Stereo Jack Plug Included Adapter 6.3 mm (1/4") Stereo Jack Adapter Weight 260 g Magnetic Field Strength 1.8 mT Driver Size 42 mm Dynamic Driver Diaphragm Size 38 mm Get it at the link below: Sennheiser HD 600: $237.00 (Sold by Electronics Expo, Shipped by Amazon US) (Was: $449.95) Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases
    • The Microsoft Office feature that time forgot

      By cleverclogs · Posted

      woah

  • Recent Achievements

    • One Month Later
      timbobit earned a badge
      One Month Later
    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      476
    2. 2
      +Edouard
      170
    3. 3
      PsYcHoKiLLa
      104
    4. 4
      Michael Scrip
      88
    5. 5
      Steven P.
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!