pete_c
Guru
Document using PFSense +, Oracle VPS and installing an OpenVPN client on PFSense for use with T-Mobile LTE / 5G modem and Starlink Satellite.
Note will be replicating this DIY on the PFSense forum here ==> PFSense + Teardop (VPS) and OpenVPN
Created a testing environment here using:
1 - PFSense + running on hardware / motherboard with two NICs
2 - LTE combo modem (Firewall, switch, WAP with RJ11 telephone jacks)
3 - Oracle VPS account.
Here is a quickie simple drawing of the transport.
[sharedmedia=gallery:images:1520]
Converting your PFSense CE to PFSense +
1 - register on the Netgate sales website here ==> Netgate Sales
2 - purchase PFSense + (free)
3 - enable registration code to update your PFSense CE to PFSense +
Using an Oracle VPS (free)
Register and configure your Oracle account here ==> Oracle Cloud Free Tier
29th of April, 2022
Created an OpenVPN server on Oracle - will document step by step.
Testing it for access to the internet via Oracle with Linux and Windows clients. Initially from XFinity ISP then from T-Mobile ISP and finally from the PFSense OpenVPN client configured with PFSense + wizard.
4th of May, 2022
Steps to create an OpenVPN server on Oracle Cloud.
1 - Create your free account on Oracle here ==> Oracle Cloud Free Tier
Note: you will need to provide a CC#. You will not be charged for anything unless you decide to purchase services.
Login to your new account.
Read this tutorial and watch the video.
How to Launch OpenVPN Access Server on Oracle Cloud
[youtube]http://youtu.be/6FMMuJS13WM[/youtube]
To install Access Server in your OCI tenancy, follow the steps below:
1. Find the BYOL listing of OpenVPN Access Server in the Oracle Marketplace
2. Click on the Get App button
3. Select an OCI Region from the drop-down list and click on the Sign In button
4. Provide your Cloud Tenant identifier and Click on Continue button
5. Sign In to your OCI account
6. Choose a Compartment from the drop-down list
7. Accept the terms and click on the Launch Stack button
8. Click on the Next button on Step-1 of the Stack Creation workflow
9. Review, fill or change the values of the variables that appear in the sections below. Variables in bold deserve special attention
9 A. Compute Configuration
A1. OpenVPN Access Server Name: Change the name of the Instance if desired
A2. Compute Shape: Select one of the compatible compute shapes from the drop- down
9 B. Application Configuration
B1. Administrator Username: type in a username for the Administrator to log into the administration portal. It needs to start with a letter and can only contain alphanumeric values. Do NOT use openvpn as the administrator's username.
B2. Administrator Password: type in a password for the Administrator to log in.It should have a minimum length of 8 and no special characters
B3.Activation Key: Activation key is needed to handle more than two VPN connections. Purchase from https://openvpn.net
9 C. Network Configuration
C1. Network Strategy: Choice of Create New VCN or Use Existing VCN
- If Create New VCN is chosen, you can change the value of these variables:
- Virtual Cloud Network (VCN): The name of the new Virtual Cloud Network (VCN)
- VCN CIDR BLOCK: The CIDR of the new Virtual Cloud Network (VCN). If you plan to peer this VCN with another VCN, the VCNs must not have o verlapping CIDRs.
- VCN DNS Label: Only letters and numbers, starting with a letter. 15 characters max.
- Subnet Span: Choose between regional and AD specific subnets
- Subnet: The name of the new Subnet
- Subnet CIDR: The CIDR of the new Subnet. The new subnet's CIDR should not overlap with any other subnet CIDRs.
- Subnet DNS Label: Subnet DNS Label. Only letters and numbers, starting with a letter. 15 characters max.
C2. If Use Existing VCN is chosen:
- Existing Network: Choose an existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. If not specified, a new VCN is created.
- Existing Subnet: Choose an existing subnet to use for compute instances. This subnet must already be present in the chosen VCN.
9 D. Additional Configuration
- Compartment: Change or choose the compartment in which to create all resources
- Public SSH Key: paste your public SSH Key to access VM via SSH
10. Click on the Next button to proceed to Step-3
11. Review and click on the Create button
12. The job will start to run and you will see the job is In Progress
13. Once the job has succeeded, click on the Application Information tab
14. Wait for a few minutes for the configuration to take and then click on the Login to Administer button
15. Refresh the browser as needed till you see the Security warning
16. The security warning is generated due to the use of self-signed web certificate, please take steps to bypass this warning and proceed
17. Login using the username and password you had provided during the Stack configuration. This information is also shown on the Application Information tab
18. Review and click Agree on the terms web page
2 - Go to Oracle cloud Marketplace and pick
OpenVPN Access Server
VPN solution for Virtual Cloud Network (VCN). Two connections for FREE. Buy license for more
Software Price: BYOL
On the right side of the screen you will see "get app" - click on this.
3 - Download client configurations for testing. Here testing with laptops, Android phone, Windows tablet on Internet, et al.
Today tested a variety of clients accessing the VPN server (and Internet). Worked fine.
Next steps will be to configure PFSense as a VPN client to the Oracle OpenVPN server. Easy peasy way is to update your PFSense CE box to PFSense +. There is a client import utility on the PFSense + add ons which is not available on the PFSense community edition.
Note will be replicating this DIY on the PFSense forum here ==> PFSense + Teardop (VPS) and OpenVPN
Created a testing environment here using:
1 - PFSense + running on hardware / motherboard with two NICs
2 - LTE combo modem (Firewall, switch, WAP with RJ11 telephone jacks)
3 - Oracle VPS account.
Here is a quickie simple drawing of the transport.
[sharedmedia=gallery:images:1520]
Converting your PFSense CE to PFSense +
1 - register on the Netgate sales website here ==> Netgate Sales
2 - purchase PFSense + (free)
3 - enable registration code to update your PFSense CE to PFSense +
Using an Oracle VPS (free)
Register and configure your Oracle account here ==> Oracle Cloud Free Tier
29th of April, 2022
Created an OpenVPN server on Oracle - will document step by step.
Testing it for access to the internet via Oracle with Linux and Windows clients. Initially from XFinity ISP then from T-Mobile ISP and finally from the PFSense OpenVPN client configured with PFSense + wizard.
4th of May, 2022
Steps to create an OpenVPN server on Oracle Cloud.
1 - Create your free account on Oracle here ==> Oracle Cloud Free Tier
Note: you will need to provide a CC#. You will not be charged for anything unless you decide to purchase services.
Login to your new account.
Read this tutorial and watch the video.
How to Launch OpenVPN Access Server on Oracle Cloud
[youtube]http://youtu.be/6FMMuJS13WM[/youtube]
To install Access Server in your OCI tenancy, follow the steps below:
1. Find the BYOL listing of OpenVPN Access Server in the Oracle Marketplace
2. Click on the Get App button
3. Select an OCI Region from the drop-down list and click on the Sign In button
4. Provide your Cloud Tenant identifier and Click on Continue button
5. Sign In to your OCI account
6. Choose a Compartment from the drop-down list
7. Accept the terms and click on the Launch Stack button
8. Click on the Next button on Step-1 of the Stack Creation workflow
9. Review, fill or change the values of the variables that appear in the sections below. Variables in bold deserve special attention
9 A. Compute Configuration
A1. OpenVPN Access Server Name: Change the name of the Instance if desired
A2. Compute Shape: Select one of the compatible compute shapes from the drop- down
9 B. Application Configuration
B1. Administrator Username: type in a username for the Administrator to log into the administration portal. It needs to start with a letter and can only contain alphanumeric values. Do NOT use openvpn as the administrator's username.
B2. Administrator Password: type in a password for the Administrator to log in.It should have a minimum length of 8 and no special characters
B3.Activation Key: Activation key is needed to handle more than two VPN connections. Purchase from https://openvpn.net
9 C. Network Configuration
C1. Network Strategy: Choice of Create New VCN or Use Existing VCN
- If Create New VCN is chosen, you can change the value of these variables:
- Virtual Cloud Network (VCN): The name of the new Virtual Cloud Network (VCN)
- VCN CIDR BLOCK: The CIDR of the new Virtual Cloud Network (VCN). If you plan to peer this VCN with another VCN, the VCNs must not have o verlapping CIDRs.
- VCN DNS Label: Only letters and numbers, starting with a letter. 15 characters max.
- Subnet Span: Choose between regional and AD specific subnets
- Subnet: The name of the new Subnet
- Subnet CIDR: The CIDR of the new Subnet. The new subnet's CIDR should not overlap with any other subnet CIDRs.
- Subnet DNS Label: Subnet DNS Label. Only letters and numbers, starting with a letter. 15 characters max.
C2. If Use Existing VCN is chosen:
- Existing Network: Choose an existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. If not specified, a new VCN is created.
- Existing Subnet: Choose an existing subnet to use for compute instances. This subnet must already be present in the chosen VCN.
9 D. Additional Configuration
- Compartment: Change or choose the compartment in which to create all resources
- Public SSH Key: paste your public SSH Key to access VM via SSH
10. Click on the Next button to proceed to Step-3
11. Review and click on the Create button
12. The job will start to run and you will see the job is In Progress
13. Once the job has succeeded, click on the Application Information tab
14. Wait for a few minutes for the configuration to take and then click on the Login to Administer button
15. Refresh the browser as needed till you see the Security warning
16. The security warning is generated due to the use of self-signed web certificate, please take steps to bypass this warning and proceed
17. Login using the username and password you had provided during the Stack configuration. This information is also shown on the Application Information tab
18. Review and click Agree on the terms web page
2 - Go to Oracle cloud Marketplace and pick
OpenVPN Access Server
VPN solution for Virtual Cloud Network (VCN). Two connections for FREE. Buy license for more
Software Price: BYOL
On the right side of the screen you will see "get app" - click on this.
3 - Download client configurations for testing. Here testing with laptops, Android phone, Windows tablet on Internet, et al.
Today tested a variety of clients accessing the VPN server (and Internet). Worked fine.
Next steps will be to configure PFSense as a VPN client to the Oracle OpenVPN server. Easy peasy way is to update your PFSense CE box to PFSense +. There is a client import utility on the PFSense + add ons which is not available on the PFSense community edition.