You see the problem that I often encounter while on the go is that there are no WiFi networks that I trust. I barely trust my own home WiFi network and I set it up to be very secure and I monitor it constantly! We are told never to connect to public WiFi but often times there is no other option. Sure you can use your phone as a wireless hotspot, but how long does that last before you’ve blown though all of your data for the month? So I ask you what can you do?
Use a VPN of course! But not only that: Why pay mouthy for a paid VPN service when you can set one up at home for free (assuming that you already have pfSense in your home). And not only that but you’ll be on your internal network so you can access your internal servers directly rather then though the Internet. It’s foolproof!
To get started login to your pfSense firewall and go to VPN>OpenVPN in the “Servers” tab click “Add”. Set the server mode to “Remote Access”, configure the ports and the crypto security as you see fit (typically the default settings are fine). Check the checkbox labeled “Force all client-generated IPv4 traffic through the tunnel.” and “Force all client-generated IPv6 traffic through the tunnel.” This step is very inportant! If you don’t check these options then your VPN server will NOT work properly and your new VPN will be almost entirely worthless! Click “Save” when you are finished.
For the next part I recommend installing the OpenVPN client export package onto pfSense by clicking going to System>Package Manager and searching for the package in the “Available Package” list. Once that is installed go to System>User Manager and create the user you will be using for the OpenVPN connection. Once finished go back to the OpenVPN configuration page by going to VPN>OpenVPN.
You should see a tab named “Client Export” click on that. Change the host name resolution to “other” and enter you public IP address here (or domain name if you have one). The rest of the settings can be changed if you so desire. But for the most part they can just be left alone (unless you want to change them).
Scroll down towards the bottom of the page and look at the export options for the client. This can be a bit intimidating at first but just stay calm, think things though and pick the option that is best for your client PC (you can always download all of the export options and take that along if you so wish).
If you are running Windows on your client then installation should be pretty straight forward. Click the proper *.exe file that you got from your pfSense box and it will install OpenVPN on your system. All you need to do then is type the username and password of the client that you created earlier.
OpenVPN clients are free for all operating systems (at least that I know of, I haven’t tried on Mac and IOS but I assume that they are free). Using an OpenVPN VPN on public WiFi helps protect your information security.
For more detailed information about how to configure an OpeVPN server on pfSense I suggest checking out the OpenVPN section in the pfSense official book.