Wiki

User Tools

Site Tools

Trace:
pfsense:vpn:openvpn:configure_an_openvpn_server:manually

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vpn:openvpn:configure_an_openvpn_server:manually [2021/02/19 11:01] – [Setup the OpenVPN Server] peterpfsense:vpn:openvpn:configure_an_openvpn_server:manually [2022/09/20 18:00] (current) – [Create the Interface and Bridge] peter
Line 1: Line 1:
 ====== PFSense - VPN - OpenVPN - Configure an OpenVPN Server:Manually ====== ====== PFSense - VPN - OpenVPN - Configure an OpenVPN Server:Manually ======
 +
 +<WRAP todo>
 +TODO:  UPDATE - AS INTRUCTIONS ARE A LITTLE OLD.
 +</WRAP>
 +
  
 ===== Install the OpenVPN Client Export Utility Package ===== ===== Install the OpenVPN Client Export Utility Package =====
Line 36: Line 41:
 ===== Setup the OpenVPN Server ===== ===== Setup the OpenVPN Server =====
  
-Navigate to **VPN -> OpenVPN**. +Navigate to **VPN -> OpenVPN -> Server**.
- +
-Select the **Server** tab.+
  
 Press the **+Add** button to create an OpenVPN server. Press the **+Add** button to create an OpenVPN server.
 +
 +In **General Information**:
  
   * Disabled:  **Not Checked**.   * Disabled:  **Not Checked**.
Line 49: Line 54:
   * Port:  **1194**.   * Port:  **1194**.
   * Description:  **A suitable description of your server**.   * Description:  **A suitable description of your server**.
-  * TLS Authentication:  **Checked**.  Check both boxes; which creates your authentication key.+ 
 + 
 +In **Cryptographic Settings**: 
 + 
 +  * TLS Configuration: 
 +    * Use a TLS Key:  **Checked**. 
 +    * Automatically generate a TLS Key:  **Checked**. 
 +  * TLS keydir direction:  **Use default direction**.  Default.
   * Peer Certificate Authority:  **Select the CA created earlier**.   * Peer Certificate Authority:  **Select the CA created earlier**.
   * Peer Certificate Revocation List:  **Optional.  If you created a Revocation Certificate earlier, then select it.**    * Peer Certificate Revocation List:  **Optional.  If you created a Revocation Certificate earlier, then select it.** 
   * Server Certificate:  **Choose the server certificate created earlier**.   * Server Certificate:  **Choose the server certificate created earlier**.
-  * DH Parameters:  **1024**.+  * DH Parameters:  **2048**. 
 +  * ECDH Curve:  **Use Default**.
   * Encryption algorithm:  **AES-128-CBC (128-bit)**.   * Encryption algorithm:  **AES-128-CBC (128-bit)**.
 +  * Enable NCP:  **Checked**.
 +  * NCP Algorithms:  **AES-128-GCM**.  Default.
 +  * Auth digest algorithm:  **SHA256 (256-bit)**.  Default.
   * Hardware Crypto:  **Choose a hardware crypto engine if you have one**.   * Hardware Crypto:  **Choose a hardware crypto engine if you have one**.
   * Certificate Depth:  **One (Client+Server)**.   * Certificate Depth:  **One (Client+Server)**.
  
----- +In **Tunnel Settings**:
- +
-===== IP Settings =====+
  
   * IPv4 Tunnel Network:  **<BLANK>**.  Leave blank as not used in tap/bridge mode.   * IPv4 Tunnel Network:  **<BLANK>**.  Leave blank as not used in tap/bridge mode.
Line 98: Line 112:
   * Navigate to **Interfaces -> OPT1**.   * Navigate to **Interfaces -> OPT1**.
   * Enable the interface and give it a Description   * Enable the interface and give it a Description
-  * Navigate to **Interfaces > Assignments**.+  * Navigate to **Interfaces -> Assignments**.
   * Select the **Bridges** tab and then click the **“+”** button to add a bridge.   * Select the **Bridges** tab and then click the **“+”** button to add a bridge.
   * Hold the **CTRL** button and highlight both the LAN interface and the renamed OPT1 interface just created.   * Hold the **CTRL** button and highlight both the LAN interface and the renamed OPT1 interface just created.
pfsense/vpn/openvpn/configure_an_openvpn_server/manually.1613732493.txt.gz · Last modified: 2021/02/19 11:01 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki