OPNSense – OpenVPN Remote Access (SSL/TLS + User Auth)

Author:

The main advantages of using OpenVPN for remote access instead of IPsec are:

  • Easy setup on almost all mobile clients using OPNsense’s Client Configuration Export.
  • Fine grained access control by using multiple servers or Client Specific Overrides.
  • No issues with NAT without NAT-T

If you don’t like reading posts like I do, you can follow along on my YouTube Channel. Below is the video:

** Before you get started, this tutorial assumes that you already had a user account created.

➡️ Step 1: Adding a Local Certificate Authority

The VPN server needs a certificate authority to sign client or server certificates.

To setup a new certificate authority go to System ‣ Trust ‣ Authorities and click Add in the top right corner of the form.

Click Save to add new certificate authority.

➡️ Step 2: Adding a Server Certificate

After creating the Authority we will also need a certificate. To create a new certificate, go to System ‣ Trust ‣ Certificates and click Add in the upper right corner of the form.

➡️ Step 3: Adding User Certificates

3.1 To setup a new certificate authority go to System ‣ Access ‣ Users and click Edit on the user you want to add the certificate.

3.2 Under User Certificates, click Add

➡️ Step 4: Adding a VPN Server

Go to VPN ‣ OpenVPN ‣ Servers and click Wizard Icon in the top right corner of the form. The benefit of using the Wizard is that it will automatically generate the Firewall Rules for your Server.

‣ Select Local User Access or other Authentication Backend that you use.

‣ Select the Certificate Authority you created in step 1 and click Next.

‣ Select the Server Certificate and click Next.

‣ The setting should be similar to the screenshot below. Everything else not mentioned should be blank or default value.

Adding DNS Default Domain and Local DNS Server IP (10.13.2.1 is my OPNsense LAN IP) will let you access local host using FQDN.

Click Next to continue.

Click Next to Continue

➡️ Step 5: Exporting a client

You can Export clients using the Client Export.

File Only – for use with Mobile phone.

Viscosity – OpenVPN Client for Mac and Windows.

➡️ Step 6: Test your newly created VPN server using OpenVPN mobile app or Apple computer

If you are on Apple computer. You can export and download the certificate and then Airdrop the certificate to your iPhone.

Let run a Speed test:

Google Fi 5G is fast (well, it faster than my current internet plan at home).

If you would like to switch to Google Fi, please use the below referral code:

DV6MHF

We will both get $20 Fi credit.

With the Unlimited Plus plan. I have free text and up to 50GB of fast internet including hotspot while traveling abroad.

➡️ If you think this tutorial is helpful, please support my channel by subscribing to my YouTube channel or by using the Amazon/eBay/ClouDNS Affiliated links below (Full Disclaimer). I will get a small commission from your purchase to grow my channel:

🚀 Things I used for my server: https://amzn.to/3hudohP

🚀 Tools I used: https://amzn.to/3uXaSUr

🚀 Devices I used: https://amzn.to/3FYlfxk

🚀 Networking/Cybersecurity/Programming Books: https://amzn.to/3HEYwb0

🚀 TrueNAS HBA SAS controller IT Mode from the Art of Server: https://ebay.us/cBWEvJ

Categories: Firewall, OPNsense

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Translate »