27 April 2022

April 26 - RoadWarrior VPN setup in the pfsense

Play0:00-0:007 min

During the weekend i setup whats called a RoadWarrior VPN. The name comes from the early 2000 when remote workers, usually travelling, on the road, sales people needed a way to safely connect back to the office and place orders and handle administration. It is essentially a client to server connection. One specific computer gets access to the network behind the firewall compared to a site-to-site VPN where two networks can be connected through a VPN-tunnel.

I created this so that I can connect home and use my NAS even if I'm not at home. This is a quite interesting setup. I connect to my home through the VPN tunnel and then I'm routed through another VPN-tunnel to the office where my NAS is. The reason for this is that my office doesn't have a fixed IP that I control the firewall for.

It was not straightforward to setup. But after a bit of tinkering it started to work just fine. The pfsense VPN-setup-wizard didn't work for me so I had to do it manually. But it is just a handful of steps.

Step one is to setup a new Certification Authority, a CA, if there already is one, you do not have to do this of course.

Step two is to create a server certificate - this is probably where my problem arose with the wizard. The CN (common name) of the cert should correspond to the adress your clients should connect too.

Step three is to create a client certificate - this you can put what ever you want as the CN.

Step four is to create the OpenVPN server. This is pretty straight forward. I choose to route all traffic through the tunnel - this compared to only send through the traffic that should go to the network behind the VPN. The main reason I choose this approach is that it makes my routing a slight easier. And since I am the only user that is using the setup I am not really concerned about the extra traffic usage.

The fifth and last step is to configure te clients. The clients for me is my two laptops (Mac and Surface), and my iPad and my iPhone. I installed the client export plugin into my pfsense that could create ovnp-files for me simplifying the configuration.

On my iPad, iPhone and Surface i used the OpenVPN client. It was a super simple setup. Install the client and import the ovpn file and it just worked. For my Mac I decided to use tunnelblick an OpenSource VPN client that I have used in the past. This was as easy to get working. I got a few complaints that a few of the features I used in my setup will be obsoleted in an upcomming releas (due to changes in OpenSSL).

Today I was working out side of the office and my home and needed to get hold of a few files on the nas. And this setup up worked really well. I uploaded and downloaded roughly 2GB of data (video/screen recordings) - and it worked so well.