- Create the Certificate Infrastructure
- Configure OpenVPN on PFSense
- Configure Client Access
Let’s get started.
Creating the Certificate Infrastructure needed for PFSense and OpenVPN
OpenVPN uses certificates to secure the VPN service for authentication and encryption purposes. The first thing we need to do on PFSense is create a Certificate Authority. If you already have one configured you can skip this step.Creating a Certificate Authority on PFSense
The first step in the process is to navigate to the built-in PFSense Certificate Manager
You will then be presented with a dashboard detailing the list of CA’s installed on the server. In the example below there isn’t one so click on ‘+Add‘ to create a new one.
Next we need to fill out the form which PFSense will use to create the Certificate Authority. Since we are building an Internal Certificate Authority, select this option from the drop-down list as highlighted in the image below and then fill out the necessary details about your organization in the fields provided. Remember to give you CA a useful common name which you can use to identify it. In my example I used PFSense_RootCA. Once done, click on ‘Save‘ and your Internal Certificate Authority will be created.
Creating the OpenVPN Server Certificate on PFSense
The next step is to create the certificate for the OpenVPN server which clients will use to verify the identity of the server when connecting to it. Under System – Certificate Manager navigate to the Certificates tab and click on ‘+ Add/Sign‘.
Next complete the form to create the certificate. Note you need to select the ‘Create an internal Certificate’ method and ensure you select ‘Server Certificate’ as the certificate type. Fill in the rest of the relevant information and once complete, click on ‘Save‘.
Nenhum comentário:
Postar um comentário