Astrill Setup Manual:Setup OpenVPN on pfSense

From Astrill Wiki
Jump to navigation Jump to search

STEP 1: Download OpenVPN Configuration File

Login into your Astrill account.

PfSense-openvpn1.png


Then go to "VPN Services" tab.

PfSense-openvpn2.png


Go to "OpenVPN Certificates" option.

PfSense-openvpn3.png


Click on "Create new certificate".

PfSense-openvpn4.png



PfSense-openvpn5.png



PfSense-openvpn6.png



Select your desired mode UDP-Fast OR TCP-Reliable and click on download icon in front of your any desired server.

PfSense-openvpn7.png



STEP 2: Setup Certificates For OpenVPN

Login into pfSense through your browser

PfSense-wireguard4.png



Go to System tab and click on Cert. Manager.

PfSense-openvpn8.png



Select CAs tab and click on Add button.

PfSense-openvpn9.png



Open that OpenVPN .conf file in notepad which you downloaded on step 1.

PfSense-openvpn10.png



Copy the highlighted CA part from the notepad.

PfSense-openvpn11.png



Write a descriptive name and select Import an existing certificate authority from method option and paste the CA in Certificate Data field and click on Save button.

PfSense-openvpn12.png



Now go to Certificates tab and click on Add button.

PfSense-openvpn13.png



Go to notepad again and copy CERT part like highlighted in screenshot below.

PfSense-openvpn14.png



Select Import an existing Certificate from method option and type same descriptive name like you did in previous step and paste the CERT in Certificate Data field.

PfSense-openvpn15.png



Go to notepad and copy the KEY part as highlighted in screenshot below.

PfSense-openvpn16.png



Paste the KEY in Private Key Data field and click on Save button.

PfSense-openvpn17.png



STEP 3: Setup OpenVPN Client on pfSense

Now go to VPN tab and click on OpenVPN

PfSense-openvpn18.png



Select Clients tab and then click on Add button.

PfSense-openvpn19.png



Make these changes which are marked in screenshot below.

PfSense-openvpn20.png



Copy Remote address and Port which are marked in screenshot below. Note: You can use any random port between 1024-65535.

PfSense-openvpn21.png



Paste that Remote address and Port in marked fields.

PfSense-openvpn22.png



Go to notepad and copy TLS-AUTH key.

PfSense-openvpn23.png



Paste that key in TLS Key field and make those changes which are marked in screenshot below.

PfSense-openvpn24.png



Select Client Certificate and for Encryption Algorithm select AES-256-CBC (256 bit key, 128 bit block).

PfSense-openvpn2525.png



Select SHA1 (160-bit) for Auth Digest Algorithm and Intel RDRAND engine - RAND for Hardware Crypto.

PfSense-openvpn26.png



For Compression and Topology select those options which are marked in screenshot below.

PfSense-openvpn27.png




Go to notepad and copy all the strings which are highlighted in the screenshot below.

PfSense-openvpn28.png



Paste these strings in Custom Options and make sure to separate every string using semicolon. Also make these changes which are marked in the screenshot below and click on Save button.

PfSense-openvpn29.png



STEP 4: How To Connect/Disconnect OpenVPN

Go to Status tab and select OpenVPN.

PfSense-openvpn30.png



On this page, you can connect and disconnect OpenVPN.

PfSense-openvpn31.png