Has anyone use Pfsense as VPN server?
I cant make PR1 connect to the VPN server.
Ith throws TLS Handshake Error.
But my laptop can connect to the VPN, this tell me that ports are configure correct.
To start with, whats the best cipher to use?
selecting one over the other throws different error.
I assume, I do not need to open firewall port on PR1.
Also gateway order is 255 for open vpn…
Thank you.
Regards,
Bien
I have read a lot about PFSense, but I have not used it.
Since its outbound from the EPIC / PC to the VPN server, you are correct, you should not need to open a firewall port on the EPIC.
It sounds like a certificate error… Do you have some example errors that we can look into?
EDIT: Can you ping the VPN server from the EPIC from the network tools in groov Manage?
I use pfSense. Do you have the OpenVPN Client Exporter plugin installed? That is the easiest way to get a config file to upload to the PR1. You may need to change a couple things (udp4 to just udp I think is the only show stopper one I have to change).
Yes. I got the exporter - where you able download the bundle…
“client export” if this is what you mean.
I use inline, most clients.
I remove or comment out:
dev tun
persist-tun
persist-key
That prevents the PR1 from complaining on import.
I also have to remove the 4 on udp4 to make it udp on the remote parameter.
Those are the only changes. This is an older server though, may be different on newer installs.
That looks like it is for exporting the certificate. If you do the inline config using the client exporter, that is all handled for you.
The only things I set in the certificate creation is the common name and alternative name (same as the common name).
oh shoot… it worked now…
I edited the inline export, from udp4 to udp…
Network status now show Connected…
is this right??
But what is the IP of this so I can remote to it?
It should show you an IP in the status, just below what you pasted. I assign the IP to the clients using the Client Specific Overrides so I can setup specific firewall rules for different clients.
What my bench unit looks like:
Here is a client override setup on pfSense:
The vpn server is in my home network, my pc is also at home.
The IP address on the remote PR1 has different network than my PC.
Does that mean my PC needs to connect to home vpn to have same network as the remote PR1?
Typically, you will have three networks - your home network, your vpn network, and the PR1 local network. pfSense should allow you to route between your home network and vpn network. The PR1 will be a host on the vpn network to your hosts on your home network.
On pfSense OpenVPN server setup, you enter the subnet you want the vpn clients to be able to access:
10.90.0.0/24 is the OpenVPN network
192.168.10.0/24 … are all other networks that are routeable by pfSense and the vpn clients can access (with appropriate firewall rules) and vice versa.
I have the same settings as yours above.
But why can’t I access Remote Pr1 at 172.16.254.2?
Any per-requisit I need to enable?
Do you have a firewall LAN rule allowing LAN clients to access the VPN network?
My friend setup the VPN for me. I think we missed this… this makes sense…
I was thinking of this… My PC doesn’t know that the VPN exist.
I am using ubiquiti edge router…
Any idea which service on router I need to tinker?
So are you connecting to the VPN server as well?
Or are the Edge Router and pfSense on the same network?
My PC and VPN Host Server are connected to router via 10.10.10.0 network.
The PR1 is at tunnel network 172.16.254.0, with IP 172.16.254.2
As an option:
What I did, I install OpenVpn Client. Now my PC has 172.16.254.3 IP.
But still cannot reach 172.16.254.3
That is ok… Thank you for the help. we have conquer the big cake.
The next one should be piece of cake. 
I will ask my IT friend to fix this…
Okay, having your PC as a vpn client will probably be the easiest, otherwise you will need to setup a manual route on your PC or get the Edge Router DHCP to feed you a route.
On pfSense, I assume you have this unchecked on the VPN setup:
That is good, this allows you to fine tune client to client connections through the firewall rules on pfSense.
On the Firewall rules, add a rule for your PC vpn ip to allow access to the PR1 vpn IP and I think you will connect. (You will need to setup client specific overrides so you always get assigned the same IP by the OpenVPN server).
