This guide will explain how to prepare a VPN server for OpenVPN and IPsec.
Creating the VPN server
Launch a new server with the following specification:
|Server name:||vpn01 (can be whatever you want)|
|Source:||pfSense 2.3.4 (create new volume, ~5GB).|
|Flavour:||1 CPU 0.5 GB (enough for most use cases)|
|Security Groups:||default, https|
Associate a floating IP to the server and browse to the web UI (https://xxx.xxx.xxx.xxx).
If you can't reach the web UI, make sure the https security group is added to the server.
Configuring the VPN
The default login for the web UI is:
You will be greeted by a wizard, click on the logo in the top left corner of the page to skip the wizard.
We recommend you change the admin password to something more secure.
You can do this in System - User Manager.
We also recommend to update pfSense to the latest version.
This can be done from the dashboard (Status - Dashboard) under the Version heading.
Allowed address pairs
Take note of your VPN servers local IP and follow our how-to on Configure allowed-address-pairs then come back to this guide.
We are now ready to configure the VPN. You can either configure OpenVPN Remote access for clients, or IPsec for site-to-site VPN.