OpenVPN (pfSense 2.0)

安裝 OpenVPN Client Export Utility

pfSense > System > Packages > Available Packages

• OpenVPN Client Export Utility

建立 CA 憑證

pfSense > System > Cert Manager > CAs > "add" button

• Descriptive Name: osslab CA
• Method: Create a internal Certificate Authority
• Distinguished name:
  • Country Code: TW
  • State: <自訂>
  • City: <自訂>
  • Organization: <自訂>
  • Email: <隨便>
  • Common Name: osslab-ca

建立 VPN 用戶帳號

pfSense > System > User Manager > Users > Add user

• Username: <自訂>
• Password: <自訂>
• Full name: <自訂>
• Expiration date: 空白
• Click to create a user certificate: 勾選
  
  • Descriptive name: <自訂，建議與 username 相同>
  • Certificate Authority: <選擇剛剛建立的 CA，osslab CA>
  • Key length: 2048 bits
  • Lifetime: 3650 days
  • Authorized keys: 不選
  • IPsec Pre-Shared Key: 空白

設定 VPN Server

pfSense > VPN > OpenVPN -> Wizards

• Type of Server: Local User Access
• Certificate Authority: osslab CA
• Next
• Choose a Server Certificate >
• Add new certificate
  • Descriptive name: osslab Server Cert
  • Key length: 2048 bits
  • Lifetime: 3650 days
  • Country code: TW
  • State: <自訂>
  • City: <自訂>
  • Organization: <自訂>
  • Email: <自訂>
  • Create new certificate
    • Descriptive name: osslab remote access
    • TLS Authentication: 勾選
    • Generate TLS Key: 勾選
    • DH Parameters Length: 1024 bit
    • Encryption Algorithm: BF-CBC(128-bit)
    • Tunnel Network: 10.0.6.0/24
    • Local Network: <pfSense 所處的 LAN 網段>
    • Concurrent Connections: 2
    • Compression: 勾選
  • Firewall Rule Configuration
    • Traffic from clients to server: 勾選
    • Traffic from clients through VPN: 勾選

下載用戶端設定檔及憑證

用戶端連線軟體：http://openvpn.net/index.php/downloa...downloads.html

用戶端設定檔及憑證
pfSense > VPN > OpenVPN > Client Export > 選擇 User, 下載 Archive (內含憑證檔與 ovpn 設定檔)

VPN 用戶端上網透過 OpenVPN 做路由(選用)

pfSense > VPN > OpenVPN > Edit OpenVPN Server

• Redirect Gateway: 勾選
• Provide a DNS server list to clients: 勾選，輸入 DNS 主機位址