In this article, you will learn how to set up remote access to your network using OpenVPN on pfSense.
Go to "System" > "General Setup" > "Timezone". You need to update the correct timezone for pfSense router.
Since pfSense is open source and available for free, this project won't cost you anything to complete.
Create a Certificate Authority
OpenVPN uses certificates to secure the VPN service for authentication and encryption purposes. The first thing we need to do on pfSense is create a Certificate Authority. The next step in the process is to navigate to the built-in PFSense Certificate Manager.
Go to "System" > "Cert. Manager" > "CAs". Fill in the information as follows:
Description Name: CA
Common Name: CA
Once done, click on "Save" and your Internal Certificate Authority will be created.
The next step is to create the certificate for the OpenVPN server which clients will use to verify the identity of the server when connecting to it.
Fill in the information as follows:
Description Name: Server
Common Name: Server
Certificate Type: Server Certificate
The certificate infrastructure needed for OpenVPN is now complete so we can move onto the next phase, creating the VPN user.
Creating a VPN user
Go to "System" > "User Manager" > "Users". Fill in the username and password. Ensure you tick "Click to create user certificate" and then give the certificate a name and select your Certificate Authority.
Once all is done, click on the "Save" button.
Installing the OpenVPN Client Export Package
Install the package using the pfSense package manager found under the system menu. Go to "System" > "Package Manager" > "Available Packages". Enter openvpn-client-export in the search term box of the package manager and click on install.
After the package has been installed there will be a new tab called client export in the OpenVPN menu.
Configuring openvpn on pfSense
We will be using the openvpn configuration wizard for this step. Go to "VPN" > "OpenVPN" > "Wizards".
Type of Server: Local User Access
Certificate Authority: CA
Next you will need to complete the server setup form.
Under Tunnel Settings, enter the IP address range in the Tunnel network. This will be the IP address range OpenVPN will use to assign IP's to VPN clients.
Next enter the local network IP address range and then set your maximum number of concurrent connections. This is usually your LAN.
Next the wizard will want to create the firewall rule configuration. Select the "Firewall rule" and the "OpenVPN rule" as per the example above and click 'Next'.
Finally the configuration is complete, Click finish. You have now completed the openvpn setup.
To download the client configuration navigate to client export under the openvpn menu item.
If all is configured correctly you should now be presented different download options, which give you the OpenVPN config settings you need to configure your client so that they are able to connect to your PFSense OpenVPN server.