Establish a local VPN dial-up to access servers which are only available via VPN.
A NetGate unit/pfSense installed
A machine that is connected under the firewall
Step 1: Create a Certificate Authority
Login to pfSense. Then, navigate to System > Cert. Manager > CAs.
Next, click on Add to add a new certificate authority. Make sure to select the method Create an Internal Certificate Authority. You can name the certificate and fill in the details to your preference.
Once you are done, click Save.
Step 2: Create the OpenVPN Server Certificate
Navigate to System > Cert. Manager > Certificates. Click on Add/Sign to add a new OpenVPN Server Certificate.
Make sure to select the Method Create an Internal Certificate Authority, set Key Length as at least 2048 and Digest Algorithm as SHA256. Like before, you can name the certificate and fill in the details to your preference.
Under Certificate Attributes, set the Certificate Type as Server Certificate.
Click Save when you are done.
Step 3: Setup OpenVPN Remote Access Server
Navigate to VPN > OpenVPN > Wizards to start the OpenVPN Remote Access Server Setup. Make sure to set the type of server as Local Access.
After that, select the Certificate Authority that you have created in Step 1 and click on Next.
Then, select the Server Certificate that you have created in Step 2 and click on Next.
You will now be prompted to the Server Setup. Under General OpenVPN Information, select WAN as the VPN interface and leave everything as default. You can also add a description in the Description box.
Under Cryptographic Settings, leave everything as default, but make sure that the Auth Digest Algorithm is set to SHA256.
Under Tunnel Settings, set up your Tunnel Network by entering any valid private IP range using CIDR notation (normally 10.xx.xx.0/24).
Next, tick on the Redirect Gateway checkbox to redirect all of the client traffic through your VPN tunnel.
Then, set your Local Network by entering any valid private IP address using CIDR notation (normally 172.16.xx.0/24 or 192.168.xx.0/24).
Afterwards, specify how many clients can connect to your server at once under the Concurrent Connections setting.
Leave everything else as default, and click Save when you are done.
Note: Redirect Gateway forces all traffic generated to go through your tunnel regardless of the destination address.
Under normal circumstances, we would not want this checked as it could potentially cause negative impact on your network performance.
Next, check the boxes Firewall Rule and OpenVPN Rule. Click Save.
Step 4: Configure OpenVPN Client Access
Navigate to VPN > OpenVPN > Clients and click on Add to add a new OpenVPN server.
Under General Information, enter your VPN IP address that you have configured in Step 3 into the Server Host or Address field.
Under User Authentication Settings, enter the username and password.
Leave Cryptographic Settings, Tunnel Settings, and Ping Settings as default.
Then, under Advanced Settings, set Gateway Creation as IPv4 Only.
When you are done, click Save. You should have a client configured and shown on the list.
Step 5: Install OpenVPN Client Export Package
Navigate to System > Package Manager > Available Packages, then search for openvpn-client-export. Then, click Install to install the package.
Once the installation has finished, you can verify the installation by navigating to Installed Packages. If the package is installed, it will be listed there.
Step 6: Create VPN User
Navigate to System > User Manager > Users and click Add to create a new user.
Under User Properties, provide a username and password, as well as the full name of the user. You can also specify the user to be admin.
Next, tick on the Certificate checkbox, and specify the certificate that you will use.
Once you are done, click Save.
Step 7: Connect to VPN from Client
You have finished setting up OpenVPN on pfSense. In order to connect to the VPN, you need the OpenVPN GUI Client, which is downloadable from the pfSense OpenVPN interface.
Navigate to VPN > OpenVPN > Client Export. Scroll all the way down to OpenVPN Clients, and download the most suitable client export for your machine.
Open the downloaded file. It will prompt you to an installation wizard. Click Install to install OpenVPN GUI.
On your Desktop, run OpenVPN GUI. Login with the user credentials that you have created in Step 6.
Click Connect to connect to your VPN. It will take a few seconds to connect to the VPN.