This is how to use multiple Torguard OpenVPN servers in an OPNsense server. Adapted from pfSense instructions here.
DNS
System > General > DNS ServersAdd the following:
104.223.91.194
104.223.91.210
Create trust certificate
System > Trust > Certificates > AddSelect "Import an existing Certificate Authority"
Descriptive name: TG-CA
Certificate data: (get the latest key from here, copy the entire file)
Private key data: <leave blank>
Certificate authority
System > Trust > Authorities > AddDescriptive Name: TG-internal-CA
Method: Create an internal Certificate Authority
Key length: 2048
Digest Algorithm: SHA1
Lifetime: 3650
Country Code: <put anything>
State or Province: <put anything>
City: <put anything>
Organization: <put anything>
Email Address: <put anything>
Common Name: internal-ca
Certificate manager
System > Trust > Certificates > AddDescriptive Name: TG-Certificate
Method: Create an internal Certificate Authority
Key length: 2048
Digest Algorithm: SHA1
Lifetime: 3650
Country Code: <put anything>
State or Province: <put anything>
City: <put anything>
Organization: <put anything>
Email Address: <put anything>
Common Name: TG-Certificate
OpenVPN Client settings
VPN > OpenVPN > Clients > AddDescription: TG OpenVPN
Server Mode: Peer To Peer (SSL/TLS)
Protocol: UDP
Device Mode: tun
Interface: WAN
Local Port: <leave blank>
Remote server(s):
atl.east.usa.torguardvpnaccess.com
chi.central.usa.torguardvpnaccess.com
dal.central.usa.torguardvpnaccess.com
fl.east.usa.torguardvpnaccess.com
la.west.usa.torguardvpnaccess.com
lv.west.usa.torguardvpnaccess.com
nj.east.usa.torguardvpnaccess.com
ny.east.usa.torguardvpnaccess.com
sa.west.usa.torguardvpnaccess.com
sf.west.usa.torguardvpnaccess.com
Server Port(s): 443
Select server at random: Checked
Infinitely resolve server: Checked
Username: YOURTGUSERNAME
Password: YOURTGPASSWORD
Peer Certificate Authority: TG-CA
Client Certificate: Web GUI SSL certificate
Encryption algorithm: BF-CBC (128-bit, 64 bit block)
Auth Digest Algorithm: SHA1 (160-bit)
Hardware Crypto: No Hardware Crypto Acceleration
Compression: Enabled with Adaptive Compression
Disable IPv6: Check
Verbosity level: 1 default
Create OpenVPN interface
Interfaces > Assignments > Click add to the right of TG OpenVPNYou should now see OPT1 on the left. Click OPT1.
Enable interface
Description: TGInterface
(leave everything else blank)
You should have a new interface called TGInterface
Firewall / NAT settings
Firewall > NAT > OutboundSelect: Manual outbound NAT rule generation (no automatic rules are being generated)
Click Save
Change every rule (if you have more than one) to the interface TGInterface. No other settings should change in each rule.
Check VPN status
VPN > OpenVPN > Connection StatusThe status should say up
Visit https://ipleak.net/
No comments:
Post a Comment