5.5.4 Configure a Remote Access VPN

Required Actions

Create a new certificate authority certificateShow Details

Create a new server certificate named CorpNet

Configure the VPN serverShow Details

Configure the firewall rulesHide Details

Add the Firewall Rule

Add the OpenVPN rule

Set the OpenVPN server to Remote Access (User Auth)

Configure the following standard VPN usersHide Details

Create Brian Lindley's account.

Create Jacob Phillips' account.

Complete this lab as follows:

1. Sign in to the pfSense management console.
   1. In the Username field, enter admin.
   2. In the Password field, enter P@ssw0rd (zero).
   3. Select SIGN IN or press Enter.
2. Start the VPN wizard and select the authentication backend type.
   1. From the pfSense menu bar, select VPN > OpenVPN.
   2. From the breadcrumb, select Wizards.
   3. Under Select an Authentication Backend Type, make sure Local User Access is selected.
   4. Select Next.
3. Create a new certificate authority certificate.
   1. For Descriptive Name, enter CorpNet-CA.
   2. For Country Code, enter GB.
   3. For State, enter Cambridgeshire.
   4. For City, enter Woodwalton.
   5. For Organization, enter CorpNet.
   6. Select Add new CA.
4. Create a new server certificate.
   1. For Descriptive Name, enter CorpNet.
   2. 1. Verify that all of the previous changes (Country Code, State/Providence, and City) are the same.
      2. Use all other default settings.
      3. Select Create new Certificate.
   3. Configure the VPN server.
      1. Under General OpenVPN Server Information:
         • Use the Interface drop-down menu to select WAN.
         • Verify that the Protocol is set to UDP on IPv4 only.
         • For Description, enter CorpNet-VPN.
      2. Under Tunnel Settings:
         • For Tunnel Network, enter 198.28.20.0/24.
         • For Local Network, enter 198.28.56.18/24.
         • For Concurrent Connections, enter 4.
      3. Under Client Settings, in DNS Server1, enter 198.28.56.1.
      4. Select Next.
   4. Configure the firewall rules.
      1. Under Traffic from clients to server, select Firewall Rule.
      2. Under Traffic from clients through VPN, select OpenVPN rule.
      3. Select Next.
      4. 1. Select Finish.
      5. Set the OpenVPN server just created to Remote Access (User Auth).
         1. For the WAN interface, select the Edit Server icon (pencil).
         2. For Server mode, use the drop-down and select Remote Access (User Auth).
         3. Scroll to the bottom and select Save.
      6. Configure the following Standard VPN users.
         1. From the pfSense menu bar, select System > User Manager.
         2. Select Add.
         3. Configure the User Properties as follows:
            • Username: Username
            • Password: Password
            • Full name: Fullname
         4. Scroll to the bottom and select Save.
         5. Repeat steps 8b-8d to create the remaining VPN users.