This recipe demonstrates how to set up an OpenVPN connection from the server side.
As with IPsec, OpenVPN can be used in both site-to-site mode (creating an OpenVPN tunnel between two firewalls) and client-server mode (one side accepts a connection from the other side). The implementation of OpenVPN in pfSense allows us to set up peer-to-peer and client-server connections, but in a slightly different way than IPsec. With IPsec, if we wanted to connect two firewalls, we had to use peer-to-peer mode. With OpenVPN, to connect two firewalls we must connect them in client-server mode. Thus, the client can be either (a) another firewall, or (b) a mobile client who needs to connect to our network (and we can have multiple clients connecting to the same server).
In this recipe, we will describe how to set up pfSense to act as an OpenVPN server. This requires seven separate steps:
- Creating the CA and certificates
- Configuring the OpenVPN server
- Creating firewall rules to allow OpenVPN traffic to pass
- Importing the CA and user certificate to the client
- Configuring the OpenVPN client
- Creating a firewall rule to allow OpenVPN traffic to pass on the client
- Verifying the functionality of the OpenVPN tunnel