Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
other:networking:opnsense:site-to-site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
other:networking:opnsense:site-to-site [2021/07/07 15:45] rodolicoother:networking:opnsense:site-to-site [2023/09/27 08:19] (current) rodolico
Line 50: Line 50:
       - Descriptive Name: You can enter anything here, with spaces. This will be what you will select/identify this certificate with in the future       - Descriptive Name: You can enter anything here, with spaces. This will be what you will select/identify this certificate with in the future
       - **Method:** Create an internal Certificate Authority       - **Method:** Create an internal Certificate Authority
-      - Fill in the rest of the form.+      - Fill in the rest of the form down to Common Name. I generally change the Lifetime depending on the application.
       - **Common Name:** No spaces, but use something you can recognize like "VPN-N2N-office"       - **Common Name:** No spaces, but use something you can recognize like "VPN-N2N-office"
       - Save       - Save
Line 60: Line 60:
       - **Certificate Authority:** CA created in previous step       - **Certificate Authority:** CA created in previous step
       - **Type:** Server Certificate       - **Type:** Server Certificate
-      - Fill in the rest of the form+      - Fill in the rest of the form down to Common Name. I generally change the Lifetime depending on the application.
       - **Common Name:** again, use something descriptive with no spaces       - **Common Name:** again, use something descriptive with no spaces
       - Save       - Save
       - **Do not export this certificate**       - **Do not export this certificate**
-    - one User Certificate for each remote (client) site+    - one Client Certificate for each remote (client) site
       - System | Trust | Certificates | Add or import certificate       - System | Trust | Certificates | Add or import certificate
       - Descriptive Name: You can enter anything here, with spaces. This will be what you will select/identify this certificate with in the future       - Descriptive Name: You can enter anything here, with spaces. This will be what you will select/identify this certificate with in the future
Line 70: Line 70:
       - **Certificate Authority:** CA created in previous step       - **Certificate Authority:** CA created in previous step
       - **Type:** Client Certificate       - **Type:** Client Certificate
-      - Fill in the rest of the form+      - Fill in the rest of the form down to Common Name. I generally change the Lifetime depending on the application.
       - **Common Name:** again, use something descriptive with no spaces. You should really use the target (client) name or something in this.       - **Common Name:** again, use something descriptive with no spaces. You should really use the target (client) name or something in this.
       - Save       - Save
Line 76: Line 76:
       - Export the client key created       - Export the client key created
   - Create OpenVPN Server   - Create OpenVPN Server
 +    - VPN | OpenVPN | Servers | Add (or Use a Wizard)
     - **Server Mode:** Peer to Peer (SSL/TLS)     - **Server Mode:** Peer to Peer (SSL/TLS)
     - **Protocol:** I find it best to set specifically to UDP4 or UDP6     - **Protocol:** I find it best to set specifically to UDP4 or UDP6
other/networking/opnsense/site-to-site.txt · Last modified: 2023/09/27 08:19 by rodolico