The bridge operation mode is useful to intercommunicate remote users easily, but if the source private network matches the destination one, we will have a routing problem and the communication will not work.
In addition to incorporating authentication based on SSL / TLS certificates, we could also incorporate additional authentication with username / password, to have a more robust system. pfSense allows different types of authentication, but the most recommended is based on SSL / TLS certificates to ensure authenticity, confidentiality and integrity, and it is not recommended to use pre-shared keys. OpenVPN supports dozens of different configurations, both to improve performance and security. For example, with this type of VPN we can communicate offices, company headquarters, etc. Site-to-Site VPN : this architecture allows us to intercommunicate one site with another, to intercommunicate different sites through the Internet and that all traffic is protected point-to-point.This type of VPN is aimed at telecommuters, network and systems technicians, etc. They will also be able to access the subnets that we indicate. Remote Access VPN – Remote clients will connect to the pfSense VPN server, and go out to the Internet through us.
The OpenVPN software that we have integrated into pfSense will allow us to create and configure two types of architectures: One of the strengths of OpenVPN in pfSense is that the vast majority of available options are available through a very intuitive graphical user interface, this will allow us to configure it without the need to manually incorporate any directive in the “options” field. OpenVPN is a software that allows us to build virtual private networks, we will have a control channel where the lifting of the tunnel and the negotiation of the encryption protocols will be managed, and we will have a data channel where all the tunnel traffic will be encrypted point to point. Check the status of the service and connected clients What is and what is the OpenVPN built into pfSense for?.
Export the OpenVPN configuration file for clients.Configure the rules on the firewall to allow access.Configure OpenVPN server with all options explained.Create the CA (Certification Authority).Create digital certificates in pfSense itself.