How to create site to site VPN for SMB with low IT budget. part1 How to setup OpenVPN server on debian? part2 How to create site to site vpn from pfsense to openvpn server.part3 OK, we already have Openvpn server at central office. Now our task is to configure branch office pfsenses (why pfsense) to connect central office Openvpn server: create Hyperv VM for pfsense at branch office 01: mount pfsense iso to the pfsense VM create fixed size virtual disk, 5gb is enough. if Continue reading →{"id":839,"date":"2017-07-22T18:17:27","date_gmt":"2017-07-22T10:17:27","guid":{"rendered":"https:\/\/www.itforce.mn\/?p=839"},"modified":"2018-07-08T01:00:15","modified_gmt":"2018-07-07T17:00:15","slug":"how-to-create-site-to-site-vpn-from-pfsense-to-openvpn-server","status":"publish","type":"post","link":"https:\/\/www.itforce.mn\/index.php\/2017\/07\/22\/how-to-create-site-to-site-vpn-from-pfsense-to-openvpn-server\/","title":{"rendered":"How to create site to site vpn from pfsense to openvpn server.part3"},"content":{"rendered":"

How to create site to site vpn from pfsense to openvpn server.part3<\/a><\/li>\n<\/ol>\n

OK, we already have Openvpn server at central office. Now our task is to configure branch office pfsenses (why pfsense<\/a>) to connect central office Openvpn server:<\/p>\n

create Hyperv VM for pfsense at branch office 01:\n

mount pfsense iso to the pfsense VM<\/li>\n
create fixed size virtual disk, 5gb is enough. if you use dynamic disk – pfsense freebsd installer can fail<\/li>\n
before pfsense installation add second vNIC<\/li>\n
connect both vNICs to the same vswitch (based on one physical NIC) !<\/li>\n<\/ul>\n<\/li>\n
install pfsense on the VM<\/li>\n
during first booting choose en1 for WAN and en2 for LAN.<\/li>\n
Let’s consider that branch01 has 192.168.0.1 on tplink\/dlink\/Univsion-smartbox and so on router. Therefore assign 192.168.0.2 to WAN of pfsense and 172.16.101.1 to LAN interface.<\/li>\n
access to 172.16.101.1 from browser (before assign your workstation for example 172.16.101.100 ). Default credentials for pfsense is admin\/pfsense.<\/li>\n
copy content of ca.crt and ca.key from Debian openvpn server to pfsense (i recommend – instead of ftp\/winscp and so on, just from putty\/ssh “cat ca.key” and by mouse select\/copy content from screen – now just paste it into browser)
\n $\"\"$ <\/li>\n
add into pfsense client01.key and client01.crt
\n $\"\"$ <\/li>\n
configure openvpn client:
\n $\"\"$ <\/li>\n
enable optional interface:
\n $\"\"$ <\/li>\n
allow any traffic thru new OPT1 interface:
\n $\"\"$
\n $\"\"$ <\/li>\n
create routing to central office : $\"\"$ $\"\"$ <\/li>\n
to check state of vpn see from:
\n $\"\"$ <\/li>\n

above pfsense configuration more or less equals to openvpn client conf file:\n

client\r\nremote central.office.mn\r\ndev tun01\r\n\r\nifconfig 10.0.51.2 10.0.51.1\r\nroute 192.168.0.0 255.255.255.0\r\n\r\ntls-client\r\nca \/etc\/openvpn\/easy-rsa\/keys\/ca.crt\r\ncert \/etc\/openvpn\/easy-rsa\/keys\/client01.crt\r\nkey \/etc\/openvpn\/easy-rsa\/keys\/client01.key\r\nreneg-sec 60\r\nverb 5\r\nstatus \/var\/log\/openvpn.log\r\n#log-append \/var\/log\/openvpn01\r\n\r\nport 51191\r\nproto udp\r\nkeepalive 10 120\r\ncomp-lzo\r\ncipher AES-256-CBC\r\npersist-key\r\npersist-tun\r\n\r\n<\/pre>\n<\/li>\nResult: each branch office device with configured dgw (for example 172.16.101.1) will ping central office subnet and vice versa<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":null,"protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,6,7],"tags":[],"class_list":["post-839","post","type-post","status-publish","format-standard","hentry","category-it-governance","category-smb","category-sysadmin-thoughts"],"_links":{"self":[{"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/posts\/839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":34,"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"predecessor-version":[{"id":1161,"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/posts\/839\/revisions\/1161"}],"wp:attachment":[{"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itforce.mn\/index.php\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}