Announcement

Collapse
No announcement yet.

PFSense + Teardop (VPS) and OpenVPN

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PFSense + Teardop (VPS) and OpenVPN

    Replicating post here from the Netgate (PFSense) forum.

    PFSense + Teardop (VPS) and OpenVPN

    Click image for larger version

Name:	OpenVPN.png
Views:	106
Size:	15.7 KB
ID:	1542550

    This will allow you to VPN to home if you are using Starlink / T-Mobile and PFSense.

    Hardware required:

    1 - PFSense box (updated to PFSense +)
    2 - Starlink ISP or T-Mobile ISP.
    - Pete

    Auto mator
    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
    HSTouch on Intel tabletop tablets - Asus AIO

    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

    #2
    Testing post.
    - Pete

    Auto mator
    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
    HSTouch on Intel tabletop tablets - Asus AIO

    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

    Comment


      #3
      Pete, question about PFSense+, did you upgrade your old PFSense software and box or did you start new?

      Any issues if upgraded?

      Comment


        #4
        did you upgrade your old PFSense software and box or did you start new?

        Did two boxes. Upgraded PFSense production box with no issues. Built a second box with PFSense CE for testing and upgraded that box to PFSense + to use the Client OpenVPN wizard for the Oracle connection.

        Any issues if upgraded?

        none.

        - Pete

        Auto mator
        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
        HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

        HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
        HSTouch on Intel tabletop tablets - Asus AIO

        X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

        Comment


          #5
          Here are the steps for installing and using an OpenVPN server in the Oracle cloud. Watch the video first.



          To install Access Server in your OCI tenancy, follow the steps below:

          1. Find the BYOL listing of OpenVPN Access Server in the Oracle Marketplace

          2. Click on the Get App button

          3. Select an OCI Region from the drop-down list and click on the Sign In button

          4. Provide your Cloud Tenant identifier and Click on Continue button

          5. Sign In to your OCI account

          6. Choose a Compartment from the drop-down list

          7. Accept the terms and click on the Launch Stack button

          8. Click on the Next button on Step-1 of the Stack Creation workflow

          9. Review, fill or change the values of the variables that appear in the sections below. Variables in bold deserve special attention

          9 A. Compute Configuration
          A1. OpenVPN Access Server Name: Change the name of the Instance if desired
          A2. Compute Shape: Select one of the compatible compute shapes from the drop- down

          9 B. Application Configuration
          B1. Administrator Username: type in a username for the Administrator to log into the administration portal. It needs to start with a letter and can only contain alphanumeric values. Do NOT use openvpn as the administrator's username.
          B2. Administrator Password: type in a password for the Administrator to log in.It should have a minimum length of 8 and no special characters
          B3.Activation Key: Activation key is needed to handle more than two VPN connections. Purchase from https://openvpn.net

          9 C. Network Configuration
          C1. Network Strategy: Choice of Create New VCN or Use Existing VCN
          - If Create New VCN is chosen, you can change the value of these variables:
          - Virtual Cloud Network (VCN): The name of the new Virtual Cloud Network (VCN)
          - VCN CIDR BLOCK: The CIDR of the new Virtual Cloud Network (VCN). If you plan to peer this VCN with another VCN, the VCNs must not have o verlapping CIDRs.
          - VCN DNS Label: Only letters and numbers, starting with a letter. 15 characters max.
          - Subnet Span: Choose between regional and AD specific subnets
          - Subnet: The name of the new Subnet
          - Subnet CIDR: The CIDR of the new Subnet. The new subnet's CIDR should not overlap with any other subnet CIDRs.
          - Subnet DNS Label: Subnet DNS Label. Only letters and numbers, starting with a letter. 15 characters max.
          C2. If Use Existing VCN is chosen:
          - Existing Network: Choose an existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. If not specified, a new VCN is created.
          - Existing Subnet: Choose an existing subnet to use for compute instances. This subnet must already be present in the chosen VCN.

          9 D. Additional Configuration
          - Compartment: Change or choose the compartment in which to create all resources
          - Public SSH Key: paste your public SSH Key to access VM via SSH

          10. Click on the Next button to proceed to Step-3

          11. Review and click on the Create button

          12. The job will start to run and you will see the job is In Progress

          13. Once the job has succeeded, click on the Application Information tab

          14. Wait for a few minutes for the configuration to take and then click on the Login to Administer button

          15. Refresh the browser as needed till you see the Security warning

          16. The security warning is generated due to the use of self-signed web certificate, please take steps to bypass this warning and proceed

          17. Login using the username and password you had provided during the Stack configuration. This information is also shown on the Application Information tab

          18. Review and click Agree on the terms web page
          - Pete

          Auto mator
          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
          HSTouch on Intel tabletop tablets - Asus AIO

          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

          Comment


            #6
            27th of May, 2002 Status

            Here have no openports configured on PFsense firewall and only utilize OpenVPN / IPSec VPN to access home network. (years now).

            The Oracle VPS / OpenVPN server is functioning fine still after 30 days with the Oracle free tier.

            Did configure modem bridge mode. Only got a SLAAC IPv6 address in bridge mode. So just putting a LAN port / IP in DMZ with a IPV4 and IPV6 address.

            Only have tested using two VPN clients from two locations to make sure that they see each other and they do using Windows, Android and Linux VPN clients.

            Reconfigured my "lab" and made it portable using:

            1 - Wallmount touchscreen with Jetway NF3A SBC (Atom E3827) mounted on a tablet tabletop holder
            2 - Installed 8Gb of RAM, 32Gb SSD, miniPCIE dual BT and WLAN (with antennas) recommended by PFSense folks for use as an Wireless Access Point.
            3 - Updated PFSense CE to PFSense +
            4 - Tested the T-Mobile CPE with bridge mode. Only appears to work in IPv6 mode. Gave up and just using Ethernet interface in DMZ mode. The CPE has batteries which keep it going for a couple of hours without a charge. Only works at 100 Mbs.
            5 - 5-port TP-Link unmanaged Gb switch.

            Here is an unfinished drawing and picture of the lab setup.

            Click image for larger version  Name:	OracleVPS.jpg Views:	0 Size:	87.2 KB ID:	1548440

            - Pete

            Auto mator
            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
            HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

            HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
            HSTouch on Intel tabletop tablets - Asus AIO

            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

            Comment

            Working...
            X