Skip to content

gabrielpc1190/EdgeOS-OpenVPN-Site2Site

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
restart-openvpn.sh
restart-openvpn.sh
 
 

Repository files navigation

This is a way of connecting an EdgeRouter with a pfSense on a Peer-to-Peer OpenVPN connection.

Generate a secret-key on your EdgeRouter Router:

generate vpn openvpn-key /config/auth/secret

Now show and save this key to use it on the pfSense server:

sudo cat /config/auth/secret
  • Enter EdgeOS configuration mode to add the firewall rules needed using the network-group countries_allowed generated by the script:
configure

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description Tunnel EdgeRouter-pfSense
set firewall name WAN_LOCAL rule 30 destination port 1197
set firewall name WAN_LOCAL rule 30 protocol udp

set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret

set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1197
set interfaces openvpn vtun0 remote-port 1197

set interfaces openvpn vtun0 remote-host pfsense-server.remote
set interfaces openvpn vtun0 local-host edgerouter.local


set interfaces openvpn vtun0 local-address 10.1.0.2
set interfaces openvpn vtun0 remote-address 10.1.0.1

set protocols static interface-route 10.0.0.0/8 next-hop-interface vtun0
set protocols static interface-route 10.1.0.142/32 next-hop-interface vtun0

set interfaces openvpn vtun0 openvpn-option "--auth SHA256"
set interfaces openvpn vtun0 openvpn-option "--cipher AES-128-CBC"
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"

commit; save

This tunnel will run when the Edgerouter boots. It will:

Start the connection to the remote pfSense and start routing the networks defined, in this case are 10.0.0.0/8 and 10.1.0.142/32

Testing

You can do a ping to a remote device on the remote network or to the remote pfSense box in the tunnel interface

ping 10.1.0.1
ping 10.1.0.142

Check the logs with this command on the EdgeRouter

grep openvpn /var/log/messages

Optionally, you can have a cron job that runs every x minutes, sending a ping to the other end of the VPN, if no reply, then disable the vtun0, wait 5 seconds, enable the vtun0:

Download the file:

sudo curl -k -o /config/scripts/post-config.d/restart-openvpn.sh https://raw.githubusercontent.com/gabrielpc1190/EdgeOS-OpenVPN-Site2Site/master/restart-openvpn.sh

Edit the file and change the ip address you can reach on the other end, then make the file executable:

sudo chmod 755 /config/scripts/post-config.d/restart-openvpn.sh

Now configure the task to run every x minutes:

configure
set system task-scheduler task openvpn_restart interval 5m
set system task-scheduler task openvpn_restart executable path /config/scripts/post-config.d/restart-openvpn.sh
commit; save; exit

Happy VPNing!

About

OpenVPN Setup for EdgeOS and pfSense Peer2Peer

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages