Configuring pfsense to work with TUVPN.com 1. Introduction

Configuring pfsense to work with TUVPN.com
Introduction
Configuring pfsense to work with TUVPN.com
1. Introduction
pfSense is a free open source PC firewall and router software based on FreeBSD operating system.
This tutorial is written for the following pfsense version:
2. Preparation
•
Download the OpenVPN Client Installer (TUVPN-2.1.4-installer.exe) from TUVPN.com.
•
Unzip file. There is no need to install it.
•
You can find the following files in TUVPN-2.1.4-installer\config.
Please keep in mind that some ovpn files might not be available due to changes of TUVPN services.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 1 of 23
Configuring pfsense to work with TUVPN.com
CA Manager
You will need the following files later on:
3. CA Manager
•
Go into your pfsense machine via your web browser.
•
Go to System → Cert Manager.
•
Click on the CAs Tab and hit the + button to insert a new CA.
•
Open the ca.crt file in notepad and copy and paste the entire contents into the
Certificate date box.
Use the following screenshot as a guide:
•
Hit Save.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 2 of 23
Configuring pfsense to work with TUVPN.com
CA Manager
You will now see your CA as follows:
•
Click on the Certificates tab and hit the + button.
•
Open the file called usuario.crt with notepad and copy and paste the contents into
Certificate data box.
•
Open the file called usuario.key with notepad and copy and paste the entire contents into the
Private key data box.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 3 of 23
Configuring pfsense to work with TUVPN.com
CA Manager
Use the following screenshot as a guide:
•
Hit Save.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 4 of 23
Configuring pfsense to work with TUVPN.com
CA Manager
You’ll now see your Certificate as follows:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 5 of 23
Configuring pfsense to work with TUVPN.com
Login File
4. Login File
•
Navigate to Diagnostics → Edit file.
•
Write /conf/TUVPN.pas in the Save/Load from path box.
•
Add your username and password you have received from TUVPN to the first line and second
line as follows:
•
Hit Save.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 6 of 23
Configuring pfsense to work with TUVPN.com
OpenVPN Client
5. OpenVPN Client
•
Go to VPN –> OpenVPN.
•
Choose the Client tab.
•
Click on the + button.
Use the following screenshot as a guide:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 7 of 23
Configuring pfsense to work with TUVPN.com
OpenVPN Client
•
In the Server host or address enter the specific IP address of the TUVPN server you want to
connect to.
•
By disabling the Automatically generate a shared TLS authentication key a new box appears.
•
Open the file called ta.key with notepad and copy and paste the entire contents into this box.
•
Copy the following commands into the Advanced box:
auth-user-pass /conf/TUVPN.pas;reneg-sec 172800;resolv-retry
infinite;persist-key;persist-tun;route-method exe;route-delay 2;ns-certtype server;explicit-exit-notify 2;verb 3;inactive 86400
•
Hit Save.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 8 of 23
Configuring pfsense to work with TUVPN.com
OpenVPN Client
You’ll now see your OpenVPN in pfsense as follows:
•
Go to Status → System Log and choose the OpenVPN tab.
•
Check the OpenVPN log for the line openvpn[21178]: Initialization Sequence Completed.
Once you see such message, your tunnel to TUVPN is up. If you do not see this, it means your settings
are incorrect. Go back and start again.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 9 of 23
Configuring pfsense to work with TUVPN.com
Interfaces
6. Interfaces
•
Go to Interface –> (assign) and hit the + button and you will add a new interface OPT1 with a
pull down box next to it.
•
Select the TUVPN connection.
•
Hit Save.
•
Go to Interfaces select the OPT1 connection.
•
Tick Enable Interface and change the Description to TUVPN.
•
Tick Block private networks and Block bogon networks.
•
Hit Save
You’ll now see a list of interfaces as follows:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 10 of 23
Configuring pfsense to work with TUVPN.com
Firewall
7. Firewall
•
Go to Firewall –> NAT and choose the Outbound tab.
•
Tick Manual Outbound NAT rule generation (AON - Advanced Outbound NAT).
You will now see a list of outbound rules as follows:
•
Hit Save and Apply changes.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 11 of 23
Configuring pfsense to work with TUVPN.com
Firewall
•
Go to Firewall –> Rules and hit the + button under the LAN Tab.
•
Create the following rule.
•
Hit Save and Apply changes.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 12 of 23
Configuring pfsense to work with TUVPN.com
Firewall
You should see the following:
•
Go to the TUVPN tab and create the following rule by hitting the + button.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 13 of 23
Configuring pfsense to work with TUVPN.com
Firewall
Use the following screenshot as a guide:
•
Hit Save and Apply changes.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 14 of 23
Configuring pfsense to work with TUVPN.com
Firewall
You should see the following:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 15 of 23
Configuring pfsense to work with TUVPN.com
Gateway
8. Gateway
•
Go to System –> Routing and choose the Gateways tab.
•
Hit the e button of the TUVPN gateway.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 16 of 23
Configuring pfsense to work with TUVPN.com
Gateway
Use the following screenshot as a guide:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 17 of 23
Configuring pfsense to work with TUVPN.com
General Setup
9. General Setup
•
Go to the General Setup
•
Choose WAN for gateway of all DNS Servers.
•
Hit Save.
Use the following screenshot as a guide:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 18 of 23
Configuring pfsense to work with TUVPN.com
General Setup
You’re done at this point. You should go to http://whatismyip.com to see the TUVPN IP address.
If not, just reboot the machine and all should work fine at this point.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 19 of 23
Configuring pfsense to work with TUVPN.com
Cron (optional)
10. Cron (optional)
The “reneg-sec 172800” parameter you entered into the “Advanced” box of the “OpenVPN Client” takes
care for the TLS re-negotation which happens every 172800 secs (= 2 days). Sometimes I had problems
that my internet connection got lost during this re-negotation so I decided to re-start OpenVPN every
night at 5:30 by a cron job automatically.
•
Go to System → Packages and choose the Available Packages tab.
•
Install the Cron Package.
•
Go to System → Packages and choose the Installed Packages tab.
You should see the following:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 20 of 23
Configuring pfsense to work with TUVPN.com
Cron (optional)
•
Go to Services → Cron.
•
Hit the + button and use the following screenshot as a guide:
•
Copy the following commands into the command box:
/usr/local/bin/php -f /usr/local/www/restart_openvpn.php
•
Hit Save.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 21 of 23
Configuring pfsense to work with TUVPN.com
Cron (optional)
You should see your nex cron job in the last line as follows:
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 22 of 23
Configuring pfsense to work with TUVPN.com
Cron (optional)
•
Navigate to Diagnostics → Edit file.
•
Copy the following commands in the Save/Load from path box
/usr/local/www/restart_openvpn.php
•
Add the following line in the box below:
echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php –q
•
Hit Save.
You’re done at this point.
•
Go to Status → System Log and choose the OpenVPN tab.
•
Check the OpenVPN log for restarting at your specificed time schedule.
How to create an OpenVPN client to TUVPN.com 27.12.2012.doc
Page 23 of 23