How to set up pfSense with ExpressVPN (OpenVPN)

فروردین ۲۲, ۱۳۹۶Other Setup، خرید اوپن وی پی ان، خرید فیلترشکن، خرید وی پی ان، وی پی ان تبلت، وی پی ان لینوکس، وی پی ان موبایل، وی پی ان ویندوز فونMohsen

This tutorial will show you how to configure ExpressVPN on your pfSense device.
This is for advanced users that have already purchased and installed pfSense software as well as configured it for very basic routing for getting onto the internet.The steps were tested on and assume the following generic home setup: Internet > Modem > pfSense device > Router/APFor the purpose of this tutorial, we will assume you are configuring your network for a generic 192.168.1.0/24 network setup.
NOTE: This guide has been tested on the following version of pfSense: 2.3.3-RELEASE (amd64)
Jump to section
Download the VPN configuration filesConfigure pfSense settingsConfirm connection successAdditional steps to route WAN through tunnel
Download the VPN configuration files
Sign in to your ExpressVPN account.

Click on Set up ExpressVPN.

On the left side of the screen, click Manual Config. On the right side of the screen, click OpenVPN.
You will see your username and password. Keep these on hand as you will need them later.
Under your username and password, download the OpenVPN configuration file for the location you want to connect to. Keep this file handy as you will be extracting information out of it for pfSense setup.

Need help? Contact the ExpressVPN Support Team for immediate assistance.
Back to top
Configure pfSense settings
Log in to your pfSense device and navigate to System > Cert. Manager.

Under “CAs”, click the Add button.
Enter the following:
Descriptive name: ExpressVPN
Method: Import an existing Certificate Authority
Certificate data: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text that is wrapped within the portion of the file. Copying the entire string from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—–.
Certificate Private Key (optional): Leave this blank
Serial for next certificate: Leave this blank
After entering the information, your screen should look like this:

Click Save.
Stay on this page and click Certificates at the top.

At the bottom of the screen, click Add.
Under “Add a New Certificate”, enter the following:
Method: Import an existing Certificate
Descriptive name: ExpressVPN Cert (or something meaningful to you)
Certificate data: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text that is wrapped within the portion of the file. Copy the entire string from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—–
Private key data: Leave this blank
After entering the information, your screen should look like this:

Click Save.
At the top of the screen, navigate to VPN > OpenVPN.

Select Clients.

At the bottom of the screen, click Add.
Enter the following information:
General Information:
Disabled: Leave this box unchecked
Server mode: Peer to Peer (SSL/TLS)
Protocol: UDP
Device mode: tun
Interface: WAN
Local port: Leave blank
Server host or address: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for text that starts with remote, followed by a server name. Copy the server name string into this field (e.g.: server-address-name.expressnetw.com)
Server port: Copy the port number from the OpenVPN configuration file into this field (e.g.: 1195)
Proxy host or address: Leave blank
Proxy port: Leave blank
Proxy Auth. – Extra Options – none
Server hostname resolution: Check this box
Description: Something meaningful to you. E.g. ExpressVPN Dallas

User Authentication Settings
Username: your ExpressVPN username
Password: your ExpressVPN password

Cryptographic Settings
TLS authentication: Check this box
Key: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for text that is wrapped within the <tls-auth> portion of the file. Ignore the “2048 bit OpenVPN static key” entries and start copying from —–BEGIN OpenVPN Static key V1—– to —–END OpenVPN Static key V1—–
Peer Certificate Authority: Select the “ExpressVPN” entry that you created previously in the Cert. Manager steps
Client Certificate: Select the “ExpressVPN Cert” entry that you created previously in the Cert. Manager steps
Encryption Algorithm: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text cipher. In this example, the OpenVPN configuration is listed as “cipher AES-256-CBC”, so we will select “AES-256-CBC (256-bit key, 128-bit block) from the dropdown
Auth digest algorithm: Open the OpenVPN configuration file that you downloaded and open it with your favorite text editor. Look for the text auth followed by the algorithm after. In this example, we saw “auth SHA512”, so we will select “SHA512 (512-bit)” from the dropdown
Hardware Crypto: Unless you know that your device supports hardware cryptography, leave this at No Hardware Crypto Acceleration

Tunnel Settings
IPv4 Tunnel Network: Leave blank
IPv6 Tunnel Network: Leave blank
IPv4 Remote network(s): Leave blank
IPv6 Remote Network(s): Leave blank
Limit outgoing bandwidth: At your discretion, but for this tutorial – leave blank.
Compression: Enabled with Adaptive Compression
Topology: Leave the default “Subnet — One IP address per client in a common subnet”
Type-of-Service: Leave unchecked
Disable IPv6: Check this box
Don’t pull routes: Check this box
Don’t add/remove routes: Leave unchecked

Advanced Configuration
Custom options: These options are derived from the OpenVPN configuration you’ve been referencing. We will be pulling out all custom options that we haven’t used previously. Copy and paste the following:fast-io;persist-key;persist-tun;remote-random;pull;tls-client;verify-x509-name Server name-prefix;ns-cert-type server;key-direction 1;route-method exe;route-delay 2;tun-mtu 1500;fragment 1300;mssfix 1450;verb 3;sndbuf 524288;rcvbuf 524288
Verbosity level: 3 (Recommended)

Click Save.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
Back to top
Confirm connection success
You should now be able to confirm that our OpenVPN connection was successful. Navigate to Status > OpenVPN.

Under “Client Instance Statistics”, in the “Status” column, you should see the word up, indicating the tunnel is online.

Need help? Contact the ExpressVPN Support Team for immediate assistance.
Back to top
Additional steps to route WAN through tunnel
Note: The below steps are for users who may need additional assistance actually routing their WAN traffic through the tunnel.Now that the tunnel is online, you need to tell all of your traffic to be NAT’d properly. At the top of your screen, select Interfaces and click (assign).

Click on the + button. A new interface will be created. Make sure ovpnc1 is selected and click Save.
Navigate to Interfaces > OVPNC1:
Enter the following:
General Configuration
Enable: Check this box
Description: Something meaningful to you. e.g. EXPRESSVPN
IPv4 Configuration Type: DHCP
IPv6 Configuration Type: None
MAC Address: Leave blank
MTU: Leave blank
MSS: Leave blank

DHCP Client Configuration
Options: Leave unchecked
Hostname: Leave blank
Alias IPv4 Address: Leave blank
Reject leases from: Leave blank

Reserved Networks
Block private networks and loopback addresses: Leave unchecked
Block bogon networks: Leave unchecked

Click Save.
Navigate to Firewall > Aliases.

Under “IP”, click Add.
You will be providing your home network with an “Alias” that allows a friendly name to reference your network.
Properties
Name: Something meaningful to you. For this tutorial, we will use “Local_Subnets”
Description: Something meaningful to you
Type: Network(s)
Network(s)
Network or FQDN: 192.168.1.0 / 24

Click Save.
Navigate to Firewall > NAT.

Click on Outbound at the top.

For “Outbound NAT Mode”, select Manual Outbound NAT rule generation.

Click Save and then click Apply Changes.

Under Mappings, you will be telling your traffic where to go when it leaves your network. You will essentially be copying the existing four default WAN connections and modifying them to use your new EXPRESSVPN virtual interface.
Click the Copy button next to the first WAN connection entry. It’s the icon with a square overlapping another square on the left.

In the window that pops up, the only selection you will be changing is the “Interface” section. Click the drop-down and change from WAN to EXPRESSVPN.

Click Save.
Repeat the above steps for the other three WAN rules that exist.
Once all four EXPRESSVPN rules are added, click the Save button and click Apply Changes once again at the top.
Finally, you need to create a rule to re-direct all local traffic through the EXPRESSVPN gateway you previously created. Navigate to Firewall > Rules:

Click on LAN.

Click the Add button with the up arrow (the far left button).

Enter the following:
Edit Firewall Rule
Action: Pass
Disabled: Leave unchecked
Interface: LAN
Address: IPv4
Protocol: Any
Source
Source: Select Single host or alias and type the name of the alias you created for your network earlier. For this tutorial, we used “Local_Subnets”.
Destination
Destination: any
Extra Options
Log: Leave unchecked
Description: Enter something meaningful to you. For this tutorial, we will enter “LAN TRAFFIC –> EXPRESSVPN”
Click the blue Display Advanced button.

Advanced Options
Leave everything new in these windows that appeared blank and look for Gateway. Change this to “EXPRESSVPN_DHCP”

Click Save.
You’re finished! You should now start to see traffic flowing through your new rule you created, confirming that the traffic is moving through the ExpressVPN tunnel you created.

Need help? Contact the ExpressVPN Support Team for immediate assistance.
Back to top
The post How to set up pfSense with ExpressVPN (OpenVPN) appeared first on ExpressVPN Customer Support.

خرید وی پی ان آنتی فیلترآنتی فیلتر