Differences

This shows you the differences between two versions of the page.

--- pfsense:vpn:openvpn:configure_an_openvpn_server:using_a_wizard [2021/02/17 11:38] – [Success] peter
+++ pfsense:vpn:openvpn:configure_an_openvpn_server:using_a_wizard [2021/02/17 13:41] (current) – [Install the Client Certificate] peter
@@ Line 147: / Line 147: @@
 {{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_firewall_-_rules_-_wan_-_openvpn.png?800|}}
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_firewall_-_rules_-_wan_-_openvpn_-_edit.png?800|}}
+----
+==== Firewall Rules - OpenVPN ====
+Navigate to **Firewall -> Rules -> OpenVPN**.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_firewall_-_rules_-_openvpn.png?800|}}
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_firewall_-_rules_-_openvpn_-_edit.png?800|}}
+----
+==== Cert Manager - CAs ====
+Navigate to **System - Cert Manager - CAs**.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_system_-_cert_manager_-_cas.png?600|}}
+----
+==== Cert Manager - Certificates ====
+Navigate to **System - Cert Manager - Certificates**.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_system_-_cert_manager_-_certificates.png?800|}}
 ----
@@ Line 164: / Line 192: @@
   * Lifetime:  **3650**.
-In this way we will have created both the user and the associated certificate in a single operation
+<WRAP info>
+**NOTE:**  This creates both the user and the associated certificate in a single operation
+</WRAP>
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_system_-_user_manager_-_users_-_peter_roux.png?800|}}
+----
 <WRAP info>
@@ Line 180: / Line 213: @@
 Search for **openvpn-client-export**.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_system_-_package_manager_-_available_packages_-_openvpn_client_export.png?800|}}
 Install the Package.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_system_-_package_manager_-_available_packages_-_openvpn_client_export_-_installed.png?800|}}
 <WRAP info>
@@ Line 187: / Line 224: @@
 </WRAP>
+----
+===== Configure the Client Certificate =====
+Navigate to **VPN -> OpenVPN -> Client Export**
+In **OpenVPN Server**:
-Under **Remote Access Server** we select our created VPN server.
+  * Remote Access Server:  **Select the VPN server created earlier**.
-In the **Client Connection Behavior** section we will enter the parameters with which the .ovpn configuration file will be generated for the user, in particular we recommend configuring as follows:
+In **Client Connection Behavior**:
   * Host Name Resolution:  **Other**.
   * Host Name:  **Enter the Public IP address of the network**.
-  * Verify Server CN:  **Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible**.  If there are problems set it to **Do not verify the CN server**.
+  * Verify Server CN:  **Automatic - Use verify-x509-name where possible**.  If there are problems set it to **Do not verify the CN server**.
+<WRAP info>
+**NOTE:**  These parameters will be written to the .ovpn configuration file which will be generated for the user.
+There is no need to click on the **Save as default** button, but if you do it is easy to update and save as a new default.
+</WRAP>
-Once the parameters are configured, we can export our users configuration file to be installed on the clients.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_vpn_-_openvpn_-_client_export_-_configuration.png?800|}}
-To do this we have various choices, the most recommended below:
+----
+===== Export the Client Certificate =====
+Export the user configuration file which is to be installed on the clients.
+There are many choices.To do this we have various choices, the most recommended below:
   * **Most Clients**: Generates an .ovpn file containing both the configuration and the certificates and the easily imported keys, compatible with clients: OpenVPN for Windows, Tunnelblick for OS X.
   * **OpenVPN Connect**:  Generates an .ovpn file compatible with OpenVPN Connect Apps for Android and iOS.
-  * **Archive**:  Compatible with Windows, generates an archive containing, in 3 separate files, the configuration (.ovpn), certificates (.p12) and the key (.key).
+  * **Archive**:  Compatible with Windows, generates an archive containing, 3 separate files, the configuration (.ovpn), certificates (.p12) and the key (.key).
-  * Under the **Current Windows Installer** section we can generate self-installing and pre-configured files for Windows clients.
+  * **Current Windows Installer**:  Generate self-installing and pre-configured files for Windows clients.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_vpn_-_openvpn_-_client_export_-_export_options.png?800|}}
+----
+===== Install the Client Certificate on an actual Client =====
+Copy the Client Certificate (the .ovpn file) to the specific client.
+Connect to the OpenVPN Server using this Client Certificate.
+For example on an Android phone, the OpenVPN app is used and shows successful connection.
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:openvpn_-_android_-_connected.jpg?400|}}
+----
+===== Show OpenVPN Widget on the pfSense Dashboard =====
+Navigate to the pfSense Dashboard.
+Click on the **+** at the top of the dashboard and select **OpenVPN**.
+When a client connects via the VPN this will show:
+{{:pfsense:vpn:openvpn:configure_an_openvpn_server:pfsense_-_openvpn_-_connected_client.png?800|}}
 ----