系統環境:pfSense 2.0.1
安裝 OpenVPN Client Export Utility
pfSense > System > Packages > Available Packages
- OpenVPN Client Export Utility
建立 CA 憑證
pfSense > System > Cert Manager > CAs > "add" button
- Descriptive Name: osslab CA
- Method: Create a internal Certificate Authority
- Distinguished name:
- Country Code: TW
- State: <自訂>
- City: <自訂>
- Organization: <自訂>
- Email: <隨便>
- Common Name: osslab-ca
建立 VPN 用戶帳號
pfSense > System > User Manager > Users > Add user
- Username: <自訂>
- Password: <自訂>
- Full name: <自訂>
- Expiration date: 空白
- Click to create a user certificate: 勾選
- Descriptive name: <自訂,建議與 username 相同>
- Certificate Authority: <選擇剛剛建立的 CA,osslab CA>
- Key length: 2048 bits
- Lifetime: 3650 days
- Authorized keys: 不選
- IPsec Pre-Shared Key: 空白
設定 VPN Server
pfSense > VPN > OpenVPN -> Wizards
- Type of Server: Local User Access
- Certificate Authority: osslab CA
- Next
- Choose a Server Certificate >
- Add new certificate
- Descriptive name: osslab Server Cert
- Key length: 2048 bits
- Lifetime: 3650 days
- Country code: TW
- State: <自訂>
- City: <自訂>
- Organization: <自訂>
- Email: <自訂>
- Create new certificate
- Descriptive name: osslab remote access
- TLS Authentication: 勾選
- Generate TLS Key: 勾選
- DH Parameters Length: 1024 bit
- Encryption Algorithm: BF-CBC(128-bit)