2024年4月2日发(作者:)

在Pfsense 2.0 RC3 上安装和配置OpenVPN 原文出处:/?p=433

整 理 题 记

这篇文章写的非常好,是技术人写文章的典范。好在操作步骤非常详细,而且通俗

易懂。本人据此文成功配置OpenVPN服务器和客户端。

本有意翻译出来与大家共享,无奈内容很多,时间紧张,先整理至此。如果有人需

要,翻译出来帮助更多国内的同学。

本文版权归原作者及原网站所有。

Setup & Configuration Of

OpenVPN On Pfsense 2.0 RC3

Outline

With the recent release of Pfsense 2.0 there has been a significant number of improvements to the

OpenVPN component. In previous versions of Pfsense, the client, CA and server certificates had to be

created on a client machine and then copied across to the relevant configuration panes in OpenVPN. The

client configuration was not bundled as a package for download directly from the Pfsense web GUI, and

instead resided on the workstation where the certificates were originally created. For subsequent

OpenVPN clients to be created the process would have to be re-run each time on the same client machine.

This process is now covered by the Pfsense 2.0 web GUI. The full list of OpenVPN changes are as follows:-

OpenVPN wizard guides through making a CA/Cert and OpenVPN server, sets up firewall rules, and so

on. Greatly simplifies the process of creating a remote access OpenVPN server.

OpenVPN filtering – an OpenVPN rules tab is available, so OpenVPN interfaces don’t have to be

assigned to perform filtering.

OpenVPN client export package – provides a bundled Windows installer with certificates, Viscosity

export, and export of a zip file containing the user’s certificate and configuration files.

OpenVPN status page with connected client list — can also kill client connections

User authentication and certificate management

RADIUS and LDAP authentication support

整理:Tomora76@ 1 / 13

在Pfsense 2.0 RC3 上安装和配置OpenVPN 原文出处:/?p=433

In this guide I will outline creating a new OpenVPN server with local user authentication under Pfsense 2.0

RC3. If you have upgraded from Pfsense 1.2.3 (as is the case for myself) and already have OpenVPN

configured, I would suggest removing the existing server and starting from scratch to avoid configuration

issues. I will also cover the installation of the OpenVPN client on Windows 7, Snow Leopard 10.6.8 and

Ubuntu 11.04

Download & Install The OpenVPN Client Export Package

The first step is to obtain the client export package, so that we can quickly export all of the required

configuration files for our OpenVPN clients.

Login to your Pfsense 2.0 GUI and navigate to System > Packages. Scroll down and select ‘OpenVPN

Client Export Utility’ and run through the installation.

Remove Legacy OpenVPN Server And Certificates

I would highly recommend removing your existing OpenVPN configuration prior to running through the

setup of in this guide.

Firstly navigate to System > Cert Manager. On the ‘CAs’ pane remove any existing certificates. Once

completed navigate to the’Certificates’ pane and remove any existing certificates. (Do not remove the

‘Webconfigurator default’ certificate)

Finally navigate to VPN > OpenVPN and remove your existing server configuration.

Create New OpenVPN Certificates

We’re now ready to create the required certificates for OpenVPN to function with local user

authentication. Navigate to System > Cert Manager. On the ‘CAs’ pane choose to create a new

certificate and ensure you choose ‘Create an internal Certificate Authority’ in the drop-down box, like so.

整理:Tomora76@ 2 / 13