Difference between revisions of "Astrill Setup Manual:Setup OpenVPN on pfSense"

From Astrill Wiki
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 35: Line 35:
 
----
 
----
  
== '''STEP 2:''' Setup OpenVPN on Your pfSense ==
+
== '''STEP 2:''' Setup Certificates For OpenVPN ==
  
 
=== Login into pfSense through your browser ===
 
=== Login into pfSense through your browser ===
Line 46: Line 46:
  
 
[[File:PfSense-openvpn8.png]]
 
[[File:PfSense-openvpn8.png]]
 +
----
 +
----
 +
 +
Select '''CAs''' tab and click on '''Add''' button.
 +
 +
[[File:PfSense-openvpn9.png]]
 +
----
 +
----
 +
 +
Open that OpenVPN .conf file in '''notepad''' which you downloaded on step 1.
 +
 +
[[File:PfSense-openvpn10.png]]
 +
----
 +
----
 +
 +
Copy the highlighted '''CA''' part from the notepad.
 +
 +
[[File:PfSense-openvpn11.png]]
 +
----
 +
----
 +
 +
Write a '''descriptive name''' and select '''Import an existing certificate authority''' from method option and paste the '''CA''' in '''Certificate Data''' field and click on '''Save''' button.
 +
 +
[[File:PfSense-openvpn12.png]]
 +
----
 +
----
 +
 +
Now go to '''Certificates''' tab and click on '''Add''' button.
 +
 +
[[File:PfSense-openvpn13.png]]
 +
----
 +
----
 +
 +
Go to notepad again and copy '''CERT''' part like highlighted in screenshot below.
 +
 +
[[File:PfSense-openvpn14.png]]
 +
----
 +
----
 +
 +
Select '''Import an existing Certificate''' from method option and type same '''descriptive name''' like you did in previous step and paste the CERT in '''Certificate Data''' field.
 +
 +
[[File:PfSense-openvpn15.png]]
 +
----
 +
----
 +
 +
Go to notepad and copy the '''KEY''' part as highlighted in screenshot below.
 +
 +
[[File:PfSense-openvpn16.png]]
 +
----
 +
----
 +
 +
Paste the KEY in '''Private Key Data''' field and click on '''Save''' button.
 +
 +
[[File:PfSense-openvpn17.png]]<br><br>
 +
----
 +
----
 +
 +
== '''STEP 3:''' Setup OpenVPN Client on pfSense ==
 +
 +
Now go to '''VPN''' tab and click on '''OpenVPN'''
 +
 +
[[File:PfSense-openvpn18.png]]
 +
----
 +
----
 +
 +
Select '''Clients''' tab and then click on '''Add''' button.
 +
 +
[[File:PfSense-openvpn19.png]]
 +
----
 +
----
 +
 +
Make these changes which are marked in screenshot below.
 +
 +
[[File:PfSense-openvpn20.png]]
 +
----
 +
----
 +
 +
Copy '''Remote''' address and '''Port''' which are marked in screenshot below. '''Note: You can use any random port between 1024-65535.'''
 +
 +
[[File:PfSense-openvpn21.png]]
 +
----
 +
----
 +
 +
Paste that '''Remote''' address and '''Port''' in marked fields.
 +
 +
[[File:PfSense-openvpn22.png]]
 +
----
 +
----
 +
 +
Go to notepad and copy '''TLS-AUTH''' key.
 +
 +
[[File:PfSense-openvpn23.png]]
 +
----
 +
----
 +
 +
Paste that key in '''TLS Key''' field and make those changes which are marked in screenshot below.
 +
 +
[[File:PfSense-openvpn24.png]]
 +
----
 +
----
 +
 +
Select '''Client Certificate''' and for '''Encryption Algorithm''' select '''AES-256-CBC (256 bit key, 128 bit block)'''.
 +
 +
[[File:PfSense-openvpn2525.png]]
 +
----
 +
----
 +
 +
Select '''SHA1 (160-bit)''' for '''Auth Digest Algorithm''' and '''Intel RDRAND engine - RAND''' for '''Hardware Crypto.'''
 +
 +
[[File:PfSense-openvpn26.png]]
 +
----
 +
----
 +
 +
For '''Compression''' and '''Topology''' select those options which are marked in screenshot below.
 +
 +
[[File:PfSense-openvpn27.png]]
 +
----
 +
----
 +
 +
 +
Go to notepad and copy all the strings which are highlighted in the screenshot below.
 +
 +
[[File:PfSense-openvpn28.png]]
 +
----
 +
----
 +
 +
Paste these strings in '''Custom Options''' and make sure to separate every string using semicolon. Also make these changes which are marked in the screenshot below and click on '''Save''' button.
 +
 +
[[File:PfSense-openvpn29.png]]
 +
----
 +
----
 +
 +
== '''STEP 4:''' How To Connect/Disconnect OpenVPN ==
 +
Go to '''Status''' tab and select '''OpenVPN'''.
 +
 +
[[File:PfSense-openvpn30.png]]
 +
----
 +
----
 +
 +
On this page, you can connect and disconnect OpenVPN.
 +
 +
[[File:PfSense-openvpn31.png]]
 
----
 
----
 
----
 
----

Latest revision as of 16:51, 13 July 2020

STEP 1: Download OpenVPN Configuration File

Login into your Astrill account.

PfSense-openvpn1.png


Then go to "VPN Services" tab.

PfSense-openvpn2.png


Go to "OpenVPN Certificates" option.

PfSense-openvpn3.png


Click on "Create new certificate".

PfSense-openvpn4.png



PfSense-openvpn5.png



PfSense-openvpn6.png



Select your desired mode UDP-Fast OR TCP-Reliable and click on download icon in front of your any desired server.

PfSense-openvpn7.png



STEP 2: Setup Certificates For OpenVPN

Login into pfSense through your browser

PfSense-wireguard4.png



Go to System tab and click on Cert. Manager.

PfSense-openvpn8.png



Select CAs tab and click on Add button.

PfSense-openvpn9.png



Open that OpenVPN .conf file in notepad which you downloaded on step 1.

PfSense-openvpn10.png



Copy the highlighted CA part from the notepad.

PfSense-openvpn11.png



Write a descriptive name and select Import an existing certificate authority from method option and paste the CA in Certificate Data field and click on Save button.

PfSense-openvpn12.png



Now go to Certificates tab and click on Add button.

PfSense-openvpn13.png



Go to notepad again and copy CERT part like highlighted in screenshot below.

PfSense-openvpn14.png



Select Import an existing Certificate from method option and type same descriptive name like you did in previous step and paste the CERT in Certificate Data field.

PfSense-openvpn15.png



Go to notepad and copy the KEY part as highlighted in screenshot below.

PfSense-openvpn16.png



Paste the KEY in Private Key Data field and click on Save button.

PfSense-openvpn17.png



STEP 3: Setup OpenVPN Client on pfSense

Now go to VPN tab and click on OpenVPN

PfSense-openvpn18.png



Select Clients tab and then click on Add button.

PfSense-openvpn19.png



Make these changes which are marked in screenshot below.

PfSense-openvpn20.png



Copy Remote address and Port which are marked in screenshot below. Note: You can use any random port between 1024-65535.

PfSense-openvpn21.png



Paste that Remote address and Port in marked fields.

PfSense-openvpn22.png



Go to notepad and copy TLS-AUTH key.

PfSense-openvpn23.png



Paste that key in TLS Key field and make those changes which are marked in screenshot below.

PfSense-openvpn24.png



Select Client Certificate and for Encryption Algorithm select AES-256-CBC (256 bit key, 128 bit block).

PfSense-openvpn2525.png



Select SHA1 (160-bit) for Auth Digest Algorithm and Intel RDRAND engine - RAND for Hardware Crypto.

PfSense-openvpn26.png



For Compression and Topology select those options which are marked in screenshot below.

PfSense-openvpn27.png




Go to notepad and copy all the strings which are highlighted in the screenshot below.

PfSense-openvpn28.png



Paste these strings in Custom Options and make sure to separate every string using semicolon. Also make these changes which are marked in the screenshot below and click on Save button.

PfSense-openvpn29.png



STEP 4: How To Connect/Disconnect OpenVPN

Go to Status tab and select OpenVPN.

PfSense-openvpn30.png



On this page, you can connect and disconnect OpenVPN.

PfSense-openvpn31.png