On Tue, Dec 3, 2013 at 5:06 AM, Nenhum_de_Nos <[email protected]>wrote:
> I know how to do it on older versions, but can't figure it out on 2.x. Is > there any guide ? > Basically these settings: Create a new OpenVPN "server". I call mine "Roaming Clients" Server Mode: Remote Access SSL/TLS Protocol: UDP Device Mode: tun Interface (pick your public WAN most likely; I use a CARPed interface address) Local Port: 1194 (or any other port you want to use) For the encryption, I use BF-CBC 128-bit with 1024 DH length, but the only part that matters here is that it corresponds with the settings in the client. For the IPv4 Tunnel network, choose an unused range in your environment. I use 192.168.62.0/24. Your clients will get IPs from this range for use when communicating with the local network. For the IPv4 Local network, again choose your local LAN network. Enable compression if you want. Enable "Redirect Gateway" if you want. In client settings, turn on Dynamic IP and Address Pool options. I like to provide my private local DNS servers too, so my clients can resolve local host names. > I need to make a CA and then a certificate for every connection ? How is > that gonna be ? > You create one CA, then issue a certificate per person/connection. I use EasyRSA on my desktop and imported that CA Certificate into pfSense. I then told the OpenVPN roaming clients server to use that CA certificate. If I were to start fresh today, I'd use the built-in certificate manager in pfSense directly. If you don't want to use certs, then instead of using SSL/TLS remote access server mode, pick the one that uses simple user authentication, and create the necessary users on the pfSense system.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
