PFSENSE & OPENVPN CONFIGURATION (PROXMOX)

When you first install Pfsense you end up at on the console with the following options.

Select: 1) assign interfaces

The first question is are you going to set the VLAN's inside the Virtual machine or within the hypervisor.. In this case we tagged the virtual machines interface on the correct VLAN (this case 500 the link using the assigned IP address.)
The default configuration will only show two interfaces the WAN and LAN adapters any additional interfaces or subnets you require must be added now or when you configure them it will wipe the existing configuration and you may lose connectivity if doing this remotely.

In Proxmox confirm the virtual MAC and the VLAN tag has been assigned. (Note any changes to Proxmox networking [outside of VM's the actual OS] You must apply the configuration or the settings do not apply. 

VLAN-aware needs to be enabled on the virtual interface and applying configuration will be necessary.

Comparing the net0 above last MAC address HEX you can confirm that vtnet0 is the correct adapter for the WAN interface.

You can also surmise that the vtnet1 is the LAN address but this can also be confirmed against net1.

(opvpns1 adapter is only present as the lab is not a vanilla install, so ignore for the sake of this document)

Console configuration is now complete when you type Y this configuration will be written and the Pfsense box will be restarted.

The screen can hang on this screen for a while.. Interact with it by pressing Enter and it will waken the system back up

Select option 2 for assigning the Static IP addresses. The Menu's are very straight forward.. Select the WAN connection first and assign a the IP and then the Gateway IP the LAN IP if not DHCP is required to configure the device. There is no gateway required as it should egress through the WAN.

In Chrome open the LAN IP address that you either set or DHCP picked up the following warning will appear just click advanced and Proceed to IP Address

Default username: admin/pfsense

You know the internet access to the device is working when the contract type shows up as Community support /Only without this you can not proceed with the configuration

The first requirement is to install a package to export OpenVPN server credentials, you can not do this without internet access.

In the package manager click on Available packages and search for openvpn and install the openvpn-client-export and the latest version available you will need this later.

Completion screen you can move away from here at anytime.

Next create a Certificate Authority (CA) by clicking System and selecting Cert. Manager

The Create a new CA under your company or lab name later you will require a server cert and a user cert but let the OpenVPN wizard create these for you as there are specific requirements you can't do manually.

 Next configure OpenVPN by clicking VPN and OpenVPN.

For the simplest configuration select the Wizard

Select the Local user access (Client access VPN)

We pre-created the CA so it will be selected and click next

Create a new Certificate this will be the Server Certificate you may call it "server certificate" if you wish.

Note that the Protocol is UDP and on port 1194 and then set the name for the client access VPN, Scroll down the page to set the Tunnel IP and the access LAN IP's

Tunnel settings and access LAN IP's are set here

Allow for the Wizard to create the allow rule for ingress for OpenVPN.

Create a user and a user certificate click System and select User Manager

In here you can change the default password, this is highly recommended. You can also create a new remote user click on Add

Adding the user name, password and full name description

Move to the admins group  and tick the Certificate box this is a requirement for remote access.

One the user is created click back to VPN - OpenVPN

      Scroll down to the end of the page and download both of the follow zip files.