Jump to content
Not connected, Your IP: 52.90.50.252
SodaStream

request for a tutorial on setting up SSL tunnel on pfsense

Recommended Posts

Ive been looking for an ssl tunneling tutorial for pfsense 2.x, but I havent found one that covers every step so Im sharing how I did it.

 

 

The contents of this tutorial is to be considered as work in progress, I wrote this on the fly and because of this it might be rough around the edges.

 

 

 

Before you begin, I strongly recommend that you make a backup/restore of your current psense config to an external harddrive before making any attempt to any manual editing of the pfsense configuration.

 

 

 

 

 

There are some basic requirements for this is guide:

 

1. You need to have completed the pfsense fresh install tutorial or have an older pfsense rig with working internet access.

2. You also need program that can open and read the airvpn config files, this program will be required later on in this guide, Im using a program called notepad++, its lightweight and free, you can download it from their website, https://notepad-plus-plus.org

 

 

 

 

Now lets begin downloading the ssl/ssh files from airvpn website.

 

1.0 Login to airvpn website and go to client area and click on "config generator" in the leftside menu.

Please understand that the ssl/ssh files are only available for downloading if you have selected any of these 3 operative systems: windows, linux or os x.

 

 

1.1 Now scroll down to "connection modes" and check the box for advanced mode.

Select your preferred direct connection protocol(s) and port(s), then select the ssh/ssl tunnel configs that you want to use, select separate keys/certs from .ovpn file and save them to a folder on your pc.

 

 

 

 

Creating and modifying files in pfsense using the GUI for "diagnostics" and "edit file".

 

In the previous step we have already downloaded the ssl/ssh tunneling config files from airvpn.org, and now we are going to create 3 empty files in the pfsense root folder.
While being logged in as admin on pfsense go to the GUI for "diagnostics" and click on "edit file", this will open the page where we can create and modify the required folders and files.

 

 

As an tutorial example this is how it could look like.

 

/root/AIRVPN_UDP-443.ovpn

/root/AIRVPN_SSL-443.ssl

/root/stunnel.crt

 

 

For more advanced and experienced users that know what they are doing:

/root/AirVPN *insert the name of your config file here*.ovpn
/root/AirVPN *insert the name of your config file here*.ssl
/root/stunnel.crt
 

 

 

 

Now its time to copy the data from the airvpn config files on the PC and paste them directly into the newly created empty files on pfsense

 

After the empty files has been created in the root folder of pfsense we need to go back to the PC and open folder where we saved the airvpn config files that we saved to the hardrive earlyer.

 

 

 

Copying the *.ovpn file.

Right click with the mouse on the airvpn config file on your PC that ends with *.ovpn, select to "open with", then select notepad++ in the dropdown menu.

 

Locate the PC folder that you saved the airvpn.org *.ovpn configuration files to, use the notepad++ program to open and copy the information inside configuration file that ends with *.ovpn, then go back to pfsense and go to the GUI for "diagnostics" and "edit file", click on "browse" and select the file that ends with *.ovpn, click on "load", and paste the content from the airvpn ssl file directly into the corresponding file on pfsense, when you are done editing click on the button called "save".

 

 

Copying the *.ssl file(s) ( this step also applies for *.ssh files ).

In pfsense GUI for "diagnostics" and "edit file", click on the button called "browse" and navigate back to the /root folder where we created 3 empty files earlyer.

 

Locate the PC folder that you saved the airvpn.org ssl/ssh configuration file(s) to, use the notepad++ program to open and copy the information inside configuration file that ends with *.ssl, then go back to pfsense and go to the GUI for "diagnostics" and "edit file", click on "browse" and select the empty file that ends with *.ssl, click on "load", and paste the content from the airvpn ssl file directly into the corresponding file on pfsense, when you are done editing click on the button called "save".

 

 

 

Copying the stunnel.crt file.

The last file that needs to be copied and pasted is stunnel.crt:

On your pc, click on the stunnel.crt file and select "edit with notepad++"

 

Locate the PC folder that you saved the airvpn.org *.stunnel.crt configuration file to, use the notepad++ program to open and copy the information inside configuration file, then go back to pfsense and go to the GUI for "diagnostics" and "edit file", click on "browse" and select the corresponding file, click on "load", and paste the content from the airvpn stunnel.crt file directly into corresponding file on pfsense, when you are done editing click on the button called "save".

 

 

 

 

 

 

Now we are going to download and install the pfsense package called "Stunnel".

 

Login to pfsense as admin and go to system/packages, click on the tab called security and install the package called "stunnel" from there.
 

 

 

Time to use the execute shell command.

 

While being logged in to pfsense GUI as admin go to the "diagnostics" page and open the "command prompt page".


In the command prompt page look for a field called "Execute shell command".

 

The command syntax:

stunnel /root/*insert the name of your config file here*.ssl  ( then click on the button called "EXECUTE" ) ( each time pfsense is rebooted you need to re-enter this command )
openvpn /root/*insert the name of your config file here*.ovpn  ( then click on the button called "EXECUTE" ).

 

 

 

 

 

Creating a new OPENVPN client profile.

 

Go to the pfsense GUI for vpn/openvpn/client and select add new openvpn client, then use the notepad++ to open the config file on your PC and copy and paste the data into your new openvpn client configuration.

 

 

!! Makesure that the vpn service doesnt automaticly start in the background before you proceed with the next steps as described below this line. !!

 

 

 

Assigning interfaces.

Go to pfsense and to the GUI for interface assignments, and assign a network port for your airvpn ssl tunnel.
 

 

Optional steps before starting the ssl/ssh tunnel.

Reload filters & reset states

 

 

Now its time to start the vpn ssl/ssh tunnel.

 

While being logged in to pfsense GUI as admin go to the "diagnostics" page and open the "command prompt page".
 

 

In the command prompt page look for a field called "Execute shell command".

 

The command syntax:

stunnel /root/*insert the name of your config file here*.ssl  ( then click on the button called "EXECUTE" ) ( you might need to re-enter this command each time pfsense restarts )
openvpn /root/*insert the name of your config file here*.ovpn  ( then click on the button called "EXECUTE" ).

 

 

Issues and post install problem solving.

If the GUI for status/dashboard at this point shows a green 0.0.0.0 you need to stop and restart the vpn service.

Share this post


Link to post

Hi Soda,

 

Any chance you could do screen shots for this guide.  Do you first setup the connection using the how to set up pSense 2.1 guide and then do your tutorial?

 

 

Share this post


Link to post

Hi Soda,

 

Any chance you could do screen shots for this guide.  Do you first setup the connection using the how to set up pSense 2.1 guide and then do your tutorial?

Yes you need to setup pfsense for basic internet access, and Im working on the screnshots. They will be added later when I have time.

Share this post


Link to post

It looks like the Stunnel package was removed. Any chance of getting an updated version of the instructions?

Share this post


Link to post

I have given this tutorial an major overhaul today, I hope this will make it easier to understand and follow.

 

please take a look at your instructions for installing stunnel.  Since the update to 2.3.x pfsense has changed the GUI for the package manager and they no longer have stunnel in their repo.  But, it can be installed from the freebsd repo.  I linked to a post about it above.

Share this post


Link to post

Hi Soda,

 

Thank you for your instruction, but I'm a little bit confused, you mentioned that we will execute openvpn /root/*insert the name of your config file here*.ovpn  ( then click on the button called "EXECUTE" ).

and then we will create another openvpn client from within the GUI, with the same configuration files. now we will have to clients working at the same time,

 

It will be highly appreciated if you cloud elaborate more.

 

Regards,

Share this post


Link to post
Hello everyone, 

 

I have been trying to make openvpn (Airvpn) to work with Stunnel,  on pfsense version 2.4.1, I managed to install Stunnel from the GUI, and then when I try to create the tunnel from the GUI I could not load the certificate (stunnel.crt) provided by AirVpn. So, the tunnel does not start.  Any help will be appreciated.

 

Also I managed to create the stunnel manually from the configuration file provided by AirVpn (stunnel.ssl), and the tunnel is working fine, when I try to use the openvpn client created by the pfsense  GUI through the manually crated stunnel, it connects to Airvpn but the connection is not stable at all, it stays up for 1 min. and then reconnect again.

 

when I tried to use the manually created stunnel with a manually created openvpn client with the configuration provided by Airvpn (airvpn.ovpn) it works fine and it does not disconnect for more than 2 hours, but I can not route my traffic through this manually created client.

 

I'm sorry it sounds complicated, but I'm relay stuck.

 

Any help will be highly appreciated

Share this post


Link to post

 

Hello everyone, 
 
I have been trying to make openvpn (Airvpn) to work with Stunnel,  on pfsense version 2.4.1, I managed to install Stunnel from the GUI, and then when I try to create the tunnel from the GUI I could not load the certificate (stunnel.crt) provided by AirVpn. So, the tunnel does not start.  Any help will be appreciated.
 
Also I managed to create the stunnel manually from the configuration file provided by AirVpn (stunnel.ssl), and the tunnel is working fine, when I try to use the openvpn client created by the pfsense  GUI through the manually crated stunnel, it connects to Airvpn but the connection is not stable at all, it stays up for 1 min. and then reconnect again.
 
when I tried to use the manually created stunnel with a manually created openvpn client with the configuration provided by Airvpn (airvpn.ovpn) it works fine and it does not disconnect for more than 2 hours, but I can not route my traffic through this manually created client.
 
I'm sorry it sounds complicated, but I'm relay stuck.
 
Any help will be highly appreciated

 

I posted instructions on this here https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?view=findpost&p=56602

 

You might look over that and see if anything helps you.

Share this post


Link to post

 

 

Hello everyone, 
 
I have been trying to make openvpn (Airvpn) to work with Stunnel,  on pfsense version 2.4.1, I managed to install Stunnel from the GUI, and then when I try to create the tunnel from the GUI I could not load the certificate (stunnel.crt) provided by AirVpn. So, the tunnel does not start.  Any help will be appreciated.
 
Also I managed to create the stunnel manually from the configuration file provided by AirVpn (stunnel.ssl), and the tunnel is working fine, when I try to use the openvpn client created by the pfsense  GUI through the manually crated stunnel, it connects to Airvpn but the connection is not stable at all, it stays up for 1 min. and then reconnect again.
 
when I tried to use the manually created stunnel with a manually created openvpn client with the configuration provided by Airvpn (airvpn.ovpn) it works fine and it does not disconnect for more than 2 hours, but I can not route my traffic through this manually created client.
 
I'm sorry it sounds complicated, but I'm relay stuck.
 
Any help will be highly appreciated

I posted instructions on this here https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?view=findpost&p=56602

 

You might look over that and see if anything helps you.

ed 

I can not express to you how grateful I am to you, you really saved my life, the trick was in the interface  option of the VPN client as you mentioned it has to be localhost not wan 

 

Again thank you very much

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...