![]() TLS Auth is why I wasn't nearly as concerned by Heartbleed as I could have been.I like picking a port in the ephemeral range (49152 to 65535) rather than using the default.you can leave it empty, but you might as well have one set in the VPN in case you do need to revoke a cert later.Create a CRL, Certificate Revocation List for the CA.Create a "Client" certificate for your laptop, and your phone, and whatever else you want.ideally, name it something like "VPN1Home_Server_2014Dec".Create a "Server" certificate for your VPN. ![]() You'll want this later when the next Heartbleed exploit pushes you to regenerate certs, and/or you want another VPN for another purpose, like a baby monitor.ideally, name it something like "VPN1Home_CA_2014Dec".Even on an ALIX (500Mhz single core, 256MB of RAM) I've found 4096 bit keys are fine.use SHA256 or SHA512 for the signature, and 2048 or 4096 bit RSA keys.Now, some recommendations for a high security setup, because that's what I believe in Remember, all the GUI in pfSense does is write large parts of the config files for you, and generate a key or three. You can skip the wizard and go right to the normal settings tabs that he goes to after the wizard. You want the Remote Access Server section I haven't used IPsec VPN's, and they should work fine when correctly configured, but I have done exactly what you're suggesting with OpenVPN servers on pfSense and OpenVPN clients on Windows, Linux, and Android for years, so I'll give you some guidance on the OpenVPN side of things. Your requirement appears more or less similar to any corporation's VPN you want your laptop to appear to be on your home network for the purposes of Internet access (and quite possibly other access). Sorry if my question isn't perfect, first time here. My question is: what's the best way to accomplish my goal with pfSense? If the guide outlines the best method then I'll spend more time trying to make it work but I want to make sure there isn't a better way before I spend the time. At any rate, I followed this guide because it seemed like what I want to do, but it didn't work: I'm still a bit of a rookie when it comes to this stuff so I don't know what the difference is between the various methods. I Googled it but every guide seems to say something different. Basically, I want to simulate my machine being directly behind pfSense, getting a DHCP address from pfSense. What I want to do is setup some sort of road warrior scheme that allows to me access behind the pfSense firewall. It's on another network and I only access it via remote login. Currently I have a server running pfSense.
0 Comments
Leave a Reply. |