Creating a pfSense Connection to VPNBook
This article is part of a series.
VPNBook is a free VPN provider. It is a little bit of a hassle to use because they are constantly changing the hosts and passwords. It is used here for demonstration purposes because it generally works and is free.
Navigate to https://www.vpnbook.com/freevpn and make a note of the username and password. Also download an OpenVPN configuration file for the proper server to use and save it for reference in the following steps. This text uses the Euro2 OpenVPN Certificate Bundle. When unzipped it presented the following files:
Notice the port protocols and numbers. A determiniation should me made which port and protocol necessary to connect to the provider. For instance, if the client is behind a firewall that proxies http (tcp port 80) but doesn't proxy https (tcp port 443) it might be necessary to use tcp443. If both of those ports are somehow interfered with an option would be to use udp 53 which is the standard port for DNS queries. This example will use udp port 25000.
Open vpnbook-euro2-udp25000.ovpn in a text editor. It contains some configuration settings and cryptographic certificates and keys.
The first task is to create the VPNBook certificate authority (CA). The certificate for the CA is the one between the <ca></ca> tags in the configuration file.
In pfSense, navigate to System > Cert manager, CAs tab and click to create a new CA.
Descriptive Name: VPNBook CA
Method: Import an existing Certificate Authority
Copy everything between the <ca></ca> tags in the configuration file and paste it in the Certificate data field. Nothing is needed in the Certificate Private Key or Serial for next certificate fields. Press Save. A new certificate authority will be listed looking something like this:
Now a user certificate must be installed that will be used to log in to VPNBook. The certificate is enclosed in the <cert></cert> tags and the corresponding private key is enclosed in the <key></key> tags.
In pfSense, navigate to System > Cert Manager, Certificates tab. Add a new certificate
Method: Import an existing Certificate
Descriptive name: VPNBook Euro2 Client
Copy everything between the <cert></cert> tags to the clipboard and paste it into the Certificate data field. Then copy everything between the <key></key> tags and paste it into the Private key data field. Click Save. A new certificate will now be listed:
Note that the Issuer is the Certificate Authority imported in the previous step. This is exactly what is necessary.
Open an OpenVPN client configuration dialog on your pfSense firewall by navigating to VPN > OpenVPN, Client tab.
Add a new client
Server Mode: Peer to Peer ( SSL/TLS )
Device Mode: tun
Server host or address: euro214.vpnbook.com
Server port: 25000
Server host name resolution: Check Infinitely resolve server
Description: VPNBook Euro2 UDP
User Authentication Settings
TLS Authentication: Uncheck Enable authentication of TLS Packets
Peer Certificate Authority: VPNBook CA
Client Certificate: VPNBook Euro2 Client (CA: VPNBook CA)
Encryption Algorithm: AES-128-CBC (128-bit)
Auth Digest Algorithm: SHA1 (160-bit)
Don't pull routes: Checked
Save the configuration and navigate to Status > OpenVPN. The connection status will be displayed: