How to Setup ExtremeVPN on pfSense (2.5.2) Router
pfSense is a free and open-source firewall and router software that monitors and controls all incoming and outgoing network traffic. This firewall offers threat management and acts as a great protector against malicious sites and hackers online.
Although pfSense can solve most of your security issues online, setting up ExtremeVPN on this platform can further enhance its functions. By using pfSense and ExtremeVPN simultaneously, you can be assured of an additional built-in security function such as malware blocker and leak protection. Also, you will be able to gain access to restricted content from any location.
pfSense released the 2.6.0 version in 2022, but if you are still using the 2.5.2 version, this guide is for you. This article will guide you on setting up ExtremeVPN on the pfSense (2.5.2) router.
Things to consider
- Here are a few things to note before you start your setup. Ensure that you have a;
reliable internet connection.
- VPN-supported router.
- Premium ExtremeVPN account. (If you don’t have one yet, you can click here to buy).
Here are the steps to follow to get the credentials which you will need for setting up ExtremeVPN on pfSense;
- Visit the ExtremeVPN member area. You can click here to visit our member area.
- Enter your ExtremeVPN registered email address and password in the space provided and click on Login.
- Once logged in, click on the Subscription tab, which you will see on the left panel.
- On the subscription page, scroll down to see your VPN credentials.
- You can see and copy your ExtremeVPN credentials, which consist of your username and password. Click on the Eye icon beside your password to make it visible and more accessible to copy.
Follow the steps stated below to set up ExtremeVPN on the pfSense 2.5.2 router effectively;
- First, download the required ExtremeVPN files from here and extract them.
- Login to your pfSense status dashboard and click on System.
- From the drop-down menu that appears, select Cert. Manager and click on + Add to add a new CA certificate.
- On the create/edit CA page, type in the following information;
- Descriptive name: ExtremeVPN_CA
- Method: Import an existing Certificate Authority
- Certificate Data: Open and copy the ca.2crt file and paste its content in the space provided.
- Click the Save button.
- Next, on the pfSense dashboard, go to the VPN tab.
- From the drop-down menu, select ExtremeVPN and go to the Clients tab.
- Click on the +Add to create your VPN profile.
- On the next page, type the following information:
- Server Mode: Choose Peer-to-Peer (SSL/TLS)
- Protocol: TCP on IPv4 only or UDP on IPv4 only
- Device Mode: tun- Layer 3 Tunnel Mode
- Interface: WAN
- Server host or address: de-obf-evpn.pointtoserver.com (You can select your prefered server address from this list here)
- Server Port: Enter 80 for TCP or 53 for UDP
- Proxy Authentication: None
- Avoid configuring or changing any other options.
- Username and Password: Enter your ExtremeVPN credentials.
- Go to Cryptographic Settings.
- TLS Configuration: Use a TLS Key. Uncheck the Automatically generate a TLS Key.
- Open and copy the Wdc.key and paste its content in the space provided beside the TLS key.
- TLS Key Usage Mode: Select TLS Authentication
- TLS Keydir Direction: Choose default direction
- Peer Certificate Authority: ExtremeVPN_CA (choose the CA you created earlier)
Client Certificate: None
- Data Encryption Negotiation: Check the box
- Data Encryption Algorithm: Add AES-128-GCM and AES-256-CBC on the Allowed
- Data Encryption Algorithm box.
- Fallback Data Encryption Algorithm: AES-256-GCM
- Authentication digest Algorithm: SHA1 (160 bit)
- Hardware Crypto: No Hardware Crypto Acceleration
- Under Advanced Settings, just set the Gateway as IPv4 only.
- After filling in all this information, click on Save.
- Next, go back to your pfSense dashboard and select the Firewall tab.
- From the drop-down menu, select NAT.
- Go to the Outbound tab.
- Select Manual Outbound NAT rule generation (AON – Advanced Outbound NAT).
- Click on Save and Apply Changes.
- You will be directed to a Mappings window. You will need to change each of the WAN perimeters to ExtremeVPN. You can do this by clicking the Edit button, which you will see as a pencil icon.
- Once you click on the pencil icon, you can make the following changes and leave the rest as it is:
- Interface: ExtremeVPN
- Address family: IPV4
- Protocol: any
- Address: Interface Address
- Under Translation, go to Static Port and check the box beside it.
- Click on Save.
- You will need to perform the above steps three more times to change all the WAN perimeters to ExtremeVPN.
- Finally, you can return to the pfSense dashboard and click on the Status tab.
- Select ExtremeVPN to check your connection status.
- You will see that ExtremeVPN has successfully connected to your pfSense 2.5.2 router.
Got help from this guide? Drop your valuable comments below. Your experience matters to us and everyone else in the entire cyber security community.