Assignment: configuring a VPN server with pfsense
Prepare the network as per the design below:
You will need to import all virtual machines from the file pfSenseVPN_lab.ova. The password for
the user herzing, root and admin (in the firewall) is Herzing2021.
Please note all interfaces in the firewall are set as internal, so there is no Internet connection.
Therefore, all packages are already installed (FreeRadius on atenea and OpenVPN on Remote).
After the initial set up for pfSense, which is already done, you can continue the configuration
from the client. Open the URL http:
XXXXXXXXXXin the
owser.
Please note most changes in the firewall require clicking on “Save” and/or on “Apply changes”.
This will not be specified on the tasks but it must be done anyway.
http:
XXXXXXXXXX
Make the necessary configurations so that Remote could establish a VPN connection to the
Intranet by authenticating as a Radius user named omega and a password at the student
discretion (use the shell command “/us
sbin/openvpn exported_client_file.ovpn” as root to
establish the connection). The remote workstation should get an IP address in the network
XXXXXXXXXX/26 (VPN clients network).
Then, respond to the questions below:
1. What content did you include in the file /etc/freeradius/3.0/users to add the Radius
user?
2. What modifications did you make in the file clients.conf?
3. Considering these two files have passwords for the users and the clients, respectively,
how are they secured against unauthorized access?
4. After restarting the FreeRadius service, you can use the command radtest to try the
configuration from localhost (the Radius server itself). What command did you exactly
use?
5. Test the authentication from the firewall’s dashboard (Diagnostics → Authentication).
What message did you get?
6. Why the CA certificate should be issued by a CA entity created exclusively for the VPN
ather than a public authority?
7. Can Remote ping PC100 after the VPN is established? Why?
8. After establishing the VPN, what network segments are encrypted?
9. Would the command “telnet XXXXXXXXXX” be secure if there was an attacker
eavesdropping all network traffic in Remote’s local network? Why?
10. Would it be secure if the attacker was connected to the Intranet? Why?
11. What information is provided in Status → OpenVPN after the connection is established?
12. The log entries can be found in Status → System Logs → OpenVPN. What is the TUN/TAP
device used? What is the value of IV_VER in the set of peer info messages?