Testing post.

Pete, question about PFSense+, did you upgrade your old PFSense software and box or did you start new?

Any issues if upgraded?

did you upgrade your old PFSense software and box or did you start new?

Did two boxes. Upgraded PFSense production box with no issues. Built a second box with PFSense CE for testing and upgraded that box to PFSense + to use the Client OpenVPN wizard for the Oracle connection.

Any issues if upgraded?

none.

Here are the steps for installing and using an OpenVPN server in the Oracle cloud. Watch the video first.



To install Access Server in your OCI tenancy, follow the steps below:

1. Find the BYOL listing of OpenVPN Access Server in the Oracle Marketplace

2. Click on the Get App button

3. Select an OCI Region from the drop-down list and click on the Sign In button

4. Provide your Cloud Tenant identifier and Click on Continue button

5. Sign In to your OCI account

6. Choose a Compartment from the drop-down list

7. Accept the terms and click on the Launch Stack button

8. Click on the Next button on Step-1 of the Stack Creation workflow

9. Review, fill or change the values of the variables that appear in the sections below. Variables in bold deserve special attention

9 A. Compute Configuration
A1. OpenVPN Access Server Name: Change the name of the Instance if desired
A2. Compute Shape: Select one of the compatible compute shapes from the drop- down

9 B. Application Configuration
B1. Administrator Username: type in a username for the Administrator to log into the administration portal. It needs to start with a letter and can only contain alphanumeric values. Do NOT use openvpn as the administrator's username.
B2. Administrator Password: type in a password for the Administrator to log in.It should have a minimum length of 8 and no special characters
B3.Activation Key: Activation key is needed to handle more than two VPN connections. Purchase from https://openvpn.net

9 C. Network Configuration
C1. Network Strategy: Choice of Create New VCN or Use Existing VCN
- If Create New VCN is chosen, you can change the value of these variables:
- Virtual Cloud Network (VCN): The name of the new Virtual Cloud Network (VCN)
- VCN CIDR BLOCK: The CIDR of the new Virtual Cloud Network (VCN). If you plan to peer this VCN with another VCN, the VCNs must not have o verlapping CIDRs.
- VCN DNS Label: Only letters and numbers, starting with a letter. 15 characters max.
- Subnet Span: Choose between regional and AD specific subnets
- Subnet: The name of the new Subnet
- Subnet CIDR: The CIDR of the new Subnet. The new subnet's CIDR should not overlap with any other subnet CIDRs.
- Subnet DNS Label: Subnet DNS Label. Only letters and numbers, starting with a letter. 15 characters max.
C2. If Use Existing VCN is chosen:
- Existing Network: Choose an existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. If not specified, a new VCN is created.
- Existing Subnet: Choose an existing subnet to use for compute instances. This subnet must already be present in the chosen VCN.

9 D. Additional Configuration
- Compartment: Change or choose the compartment in which to create all resources
- Public SSH Key: paste your public SSH Key to access VM via SSH

10. Click on the Next button to proceed to Step-3

11. Review and click on the Create button

12. The job will start to run and you will see the job is In Progress

13. Once the job has succeeded, click on the Application Information tab

14. Wait for a few minutes for the configuration to take and then click on the Login to Administer button

15. Refresh the browser as needed till you see the Security warning

16. The security warning is generated due to the use of self-signed web certificate, please take steps to bypass this warning and proceed

17. Login using the username and password you had provided during the Stack configuration. This information is also shown on the Application Information tab

18. Review and click Agree on the terms web page

27th of May, 2002 Status

Here have no openports configured on PFsense firewall and only utilize OpenVPN / IPSec VPN to access home network. (years now).

The Oracle VPS / OpenVPN server is functioning fine still after 30 days with the Oracle free tier.

Did configure modem bridge mode. Only got a SLAAC IPv6 address in bridge mode. So just putting a LAN port / IP in DMZ with a IPV4 and IPV6 address.

Only have tested using two VPN clients from two locations to make sure that they see each other and they do using Windows, Android and Linux VPN clients.

Reconfigured my "lab" and made it portable using:

1 - Wallmount touchscreen with Jetway NF3A SBC (Atom E3827) mounted on a tablet tabletop holder
2 - Installed 8Gb of RAM, 32Gb SSD, miniPCIE dual BT and WLAN (with antennas) recommended by PFSense folks for use as an Wireless Access Point.
3 - Updated PFSense CE to PFSense +
4 - Tested the T-Mobile CPE with bridge mode. Only appears to work in IPv6 mode. Gave up and just using Ethernet interface in DMZ mode. The CPE has batteries which keep it going for a couple of hours without a charge. Only works at 100 Mbs.
5 - 5-port TP-Link unmanaged Gb switch.

Here is an unfinished drawing and picture of the lab setup.