Differences

This shows you the differences between two versions of the page.

--- pfsense:vpn:openvpn:configure_an_openvpn_server:manually [2021/02/15 19:23] – peter
+++ pfsense:vpn:openvpn:configure_an_openvpn_server:manually [2022/09/20 18:00] (current) – [Create the Interface and Bridge] peter
@@ Line 1: / Line 1: @@
 ====== PFSense - VPN - OpenVPN - Configure an OpenVPN Server:Manually ======
+<WRAP todo>
+TODO:  UPDATE - AS INTRUCTIONS ARE A LITTLE OLD.
+</WRAP>
 ===== Install the OpenVPN Client Export Utility Package =====
@@ Line 14: / Line 19: @@
 Navigate to **System -> Cert Manager**.
-  * Crease a CA.
+  * Create a CA.
   * Select the **CA** tab and create a CA by pressing the **“+”** button.
   * Populate the fields with the appropriate information, making sure to change method to **Create Internal Certificate Authority**.
@@ Line 36: / Line 41: @@
 ===== Setup the OpenVPN Server =====
-Navigate to **VPN -> OpenVPN**.
+Navigate to **VPN -> OpenVPN -> Server**.
-  * On the Server tab press the **"+"** button to create an OpenVPN server.
+Press the **+Add** button to create an OpenVPN server.
-  * Populate the following settings:
-    * Disabled:  **Not Checked**.
-    * Server Mode:  **Remote Access (SSL/TLS)**.
-    * Protocol:  **UDP**.
-    * Device Mode:  **tap**.
-    * Interface:  **WAN**.
-    * Port:  **1194**.
-    * Description:  **A suitable description of your server**.
-    * TLS Authentication:  **Checked**.  Check both boxes; which creates your authentication key.
-    * Peer Certificate Authority:  **Select the CA created earlier**.
-    * Peer Certificate Revocation List:  **Optional.  If you created a Revocation Certificate earlier, then select it.**
-    * Server Certificate:  **Choose the server certificate created earlier**.
-    * DH Parameters:  **1024**.
-    * Encryption algorithm:  **AES-128-CBC (128-bit)**.
-    * Hardware Crypto:  **Choose a hardware crypto engine if you have one**.
-    * Certificate Depth:  **One (Client+Server)**.
-----
+In **General Information**:
+  * Disabled:  **Not Checked**.
+  * Server Mode:  **Remote Access (SSL/TLS)**.
+  * Protocol:  **UDP**.
+  * Device Mode:  **tap**.
+  * Interface:  **WAN**.
+  * Port:  **1194**.
+  * Description:  **A suitable description of your server**.
+In **Cryptographic Settings**:
+  * TLS Configuration:
+    * Use a TLS Key:  **Checked**.
+    * Automatically generate a TLS Key:  **Checked**.
+  * TLS keydir direction:  **Use default direction**.  Default.
+  * Peer Certificate Authority:  **Select the CA created earlier**.
+  * Peer Certificate Revocation List:  **Optional.  If you created a Revocation Certificate earlier, then select it.**
+  * Server Certificate:  **Choose the server certificate created earlier**.
+  * DH Parameters:  **2048**.
+  * ECDH Curve:  **Use Default**.
+  * Encryption algorithm:  **AES-128-CBC (128-bit)**.
+  * Enable NCP:  **Checked**.
+  * NCP Algorithms:  **AES-128-GCM**.  Default.
+  * Auth digest algorithm:  **SHA256 (256-bit)**.  Default.
+  * Hardware Crypto:  **Choose a hardware crypto engine if you have one**.
+  * Certificate Depth:  **One (Client+Server)**.
-===== IP Settings =====
+In **Tunnel Settings**:
   * IPv4 Tunnel Network:  **<BLANK>**.  Leave blank as not used in tap/bridge mode.
@@ Line 84: / Line 100: @@
   * Click **save**
-Te OpenVPN server should be created.
+The OpenVPN server should be created.
 ----
@@ Line 96: / Line 112: @@
   * Navigate to **Interfaces -> OPT1**.
   * Enable the interface and give it a Description
-  * Navigate to **Interfaces —> Assignments**.
+  * Navigate to **Interfaces -> Assignments**.
   * Select the **Bridges** tab and then click the **“+”** button to add a bridge.
   * Hold the **CTRL** button and highlight both the LAN interface and the renamed OPT1 interface just created.