{"id":523,"date":"2021-01-26T15:01:56","date_gmt":"2021-01-26T14:01:56","guid":{"rendered":"https:\/\/www.delixirpro.com\/blog\/?p=523"},"modified":"2021-02-20T17:26:10","modified_gmt":"2021-02-20T16:26:10","slug":"installation-pfsenseopenvpn-sur-hyper-v","status":"publish","type":"post","link":"https:\/\/www.delixirpro.com\/blog\/2021\/01\/26\/installation-pfsenseopenvpn-sur-hyper-v\/","title":{"rendered":"Installation pfSense+OpenVPN sur Hyper-V"},"content":{"rendered":"\n<p>Installation d&rsquo;un pfSense pour en tant que routeur, ainsi qu&rsquo;un OPENVPN Serveur pour connexion VPN client. L&rsquo;installation se fait ici sur un serveur Hyper-V.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration de la machine virtuelle :<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Processeur : 2 c\u0153urs<\/li><li>M\u00e9moire RAM : 2 GO<\/li><li>Espace disque : 50 Go<\/li><li>Carte r\u00e9seau : 1 sur WAN et 1 sur LAN<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-6.png\" alt=\"L\u2019attribut alt de cette image est vide, son nom de fichier est image-6.png.\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Installation ISO pfSense :<\/h2>\n\n\n\n<p>Booter sur l&rsquo;iso PFSENSE<\/p>\n\n\n\n<p>Accepter les conditions<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"556\" height=\"371\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image.png\" alt=\"\" class=\"wp-image-524\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image.png 556w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-300x200.png 300w\" sizes=\"auto, (max-width: 556px) 100vw, 556px\" \/><\/figure>\n\n\n\n<p>Appuyer sur \u00ab\u00a0I\u00a0\u00bb pour s\u00e9lectionner \u00ab\u00a0Install pffSense<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"363\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-1.png\" alt=\"\" class=\"wp-image-525\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-1.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-1-300x180.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>S\u00e9lectionner la langue du clavier : Attention clavier QWERTY par d\u00e9fault<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"606\" height=\"403\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-2.png\" alt=\"\" class=\"wp-image-526\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-2.png 606w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-2-300x200.png 300w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/figure>\n\n\n\n<p>S\u00e9lectionner \u00ab\u00a0AUTO (UFS)\u00a0\u00bb<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"607\" height=\"262\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-3.png\" alt=\"\" class=\"wp-image-527\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-3.png 607w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-3-300x129.png 300w\" sizes=\"auto, (max-width: 607px) 100vw, 607px\" \/><\/figure>\n\n\n\n<p>Patienter pendant l&rsquo;installation<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"293\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-4.png\" alt=\"\" class=\"wp-image-528\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-4.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-4-300x145.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>Cliquer sur \u00ab\u00a0NO\u00a0\u00bb et \u00ab\u00a0Reboot\u00a0\u00bb<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"432\" height=\"152\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-5.png\" alt=\"\" class=\"wp-image-529\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-5.png 432w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-5-300x106.png 300w\" sizes=\"auto, (max-width: 432px) 100vw, 432px\" \/><\/figure>\n\n\n\n<p>D\u00e9monter l&rsquo;ISO de PFsense<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Premier d\u00e9marrage de pfSense<\/h2>\n\n\n\n<p>Au red\u00e9marrage de la machine virtuelle, vous arrivez sur la premi\u00e8re configuration<\/p>\n\n\n\n<p>A la demande de Vlan r\u00e9pondez Non sauf si vous avez des Vlan d\u00e9fini sur votre r\u00e9seau<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"434\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-7.png\" alt=\"\" class=\"wp-image-531\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-7.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-7-300x215.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>Configurer les interfaces WAN sur hn0 et LAN sur hn1, puis valider le process pour lancer la configuration<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"417\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-8.png\" alt=\"\" class=\"wp-image-532\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-8.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-8-300x207.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>LAN aura pour config IP soit celle d&rsquo;un r\u00e9seau d\u00e9j\u00e0 existant ou de votre r\u00e9seau interne ou voir aucune<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"473\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-9.png\" alt=\"\" class=\"wp-image-533\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-9.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-9-300x235.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>Entrer dans l&rsquo;option (2) afin de d\u00e9finir l&rsquo;adresse IP de votre r\u00e9seau local en indiquant le masque de sous r\u00e9seau et si vous utiliser le pfSense en tant que serveur DHCPla plage de votre .<\/p>\n\n\n\n<p>Pour cela je d\u00e9fini mon adresse IP cot\u00e9 LAN de mon PFSENSE (ici sur sur 10.0.2.1, mon AD -et DNS- est accessible sur 10.0.2.2). Le masque sera de \/24 (255.255.255.0)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"406\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-10.png\" alt=\"\" class=\"wp-image-534\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-10.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-10-300x201.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>Lors de la configuration valider \u00ab\u00a0Yes\u00a0\u00bb sur le webconfigurator afin qu&rsquo;il g\u00e9n\u00e8re l&rsquo;acc\u00e8s en mode Web.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"605\" height=\"384\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-11.png\" alt=\"\" class=\"wp-image-535\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-11.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-11-300x190.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/figure>\n\n\n\n<p>Vous pouvez d\u00e8s \u00e0 pr\u00e9sent vous connecter sur la page web de pfsense via l&rsquo;adresse LAN.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration via le portail WEB<\/h2>\n\n\n\n<p>Se connecter au portail web \\\\MON_IP_LAN_PFSENSE dans mon exemple <a href=\"\/\/10.0.2.1\">\\\\10.0.2.1<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-12.png\" alt=\"\" class=\"wp-image-536\" width=\"837\" height=\"136\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-12.png 474w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-12-300x49.png 300w\" sizes=\"auto, (max-width: 837px) 100vw, 837px\" \/><\/figure>\n\n\n\n<p>Se connecter avec les identifiants par d\u00e9faut :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Login : admin<\/li><li>Mot de passe : pfsense<\/li><\/ul>\n\n\n\n<p>Finir la page de configuration et sauvegarder.<\/p>\n\n\n\n<p>Dans un premier temps il faut changer le mot de passe admin. Pour cela, aller dans System\/User Manager\/user et cliquer sur le crayon pour d\u00e9finir le nouveau mot de passe.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-13.png\" alt=\"\" class=\"wp-image-537\" width=\"921\" height=\"266\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-13.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-13-300x87.png 300w\" sizes=\"auto, (max-width: 921px) 100vw, 921px\" \/><\/figure>\n\n\n\n<p>Ensuite aller dans l&rsquo;onglet \u00ab\u00a0Authentification Servers\u00a0\u00bb pour ajouter votre serveur AD\/DNS<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-14.png\" alt=\"\" class=\"wp-image-538\" width=\"927\" height=\"273\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-14.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-14-300x88.png 300w\" sizes=\"auto, (max-width: 927px) 100vw, 927px\" \/><\/figure>\n\n\n\n<p>Cliquer sur le bouton <strong>+ADD<\/strong><\/p>\n\n\n\n<p>Renseignez les informations concernant votre serveur dans l&rsquo;exemple mon AD est 10.0.2.2 et pour nom de machine SRVAD<\/p>\n\n\n\n<p>Dans description renseign\u00e9 le nom netbios de votre serveur ou le serveur correspondant, je choisi de mettre le nom de mon AD \u00ab\u00a0SRVAD\u00a0\u00bb<\/p>\n\n\n\n<p>D\u00e9finissez la ligne type sur \u00ab\u00a0<strong>LDAP<\/strong>\u00a0\u00bb et renseignez l&rsquo;IP du serveur \u00ab\u00a010.0.2.2\u00a0\u00bb (l&rsquo;adresse de votre Active Directory)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-15.png\" alt=\"\" class=\"wp-image-539\" width=\"940\" height=\"216\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-15.png 605w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-15-300x69.png 300w\" sizes=\"auto, (max-width: 940px) 100vw, 940px\" \/><\/figure>\n\n\n\n<p>Ajouter les informations du domaine :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Base DN<\/strong> : DC=\u00a0\u00bbmon_domaine\u00a0\u00bb,DC=local<\/li><li><strong>Authentification containers<\/strong> : OU=\u00a0\u00bbdossier_users\u00a0\u00bb,DC=\u00a0\u00bbmon_domaine\u00a0\u00bb,DC=local<\/li><li><strong>Extended query<\/strong> : cocher la case<\/li><li><strong>Query : <\/strong>memberOf=CN=GRP_VPN,OU=\u00a0\u00bbdossiers_users\u00a0\u00bb,DC=\u00a0\u00bbdomaine\u00a0\u00bb,DC=local<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"697\" height=\"242\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-16.png\" alt=\"\" class=\"wp-image-540\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-16.png 697w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-16-300x104.png 300w\" sizes=\"auto, (max-width: 697px) 100vw, 697px\" \/><figcaption>On permet l&rsquo;usage du VPN uniquement \u00e0 nos utilisateurs faisant partis du groupe \u00ab\u00a0grp_vpn\u00a0\u00bb<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bind anonymous : <\/strong>d\u00e9cocher la case \u00ab\u00a0use anonymous binds to resolve distinguished names\u00a0\u00bb<\/li><li><strong>Bind credentials :<\/strong> Domaine\\administrateur + Mot de passe du compte administrateur<\/li><li><strong>Initial Template : <\/strong>OpenLDAP<\/li><li><strong>User naming attribute :<\/strong> samAccountname (si vous mettez \u00ab\u00a0cn\u00a0\u00bb ici, le login correspondra au nom complet de l&rsquo;utilisateur, ex : Antoine Durand)<\/li><li><strong>Group naming attribute : <\/strong>cn<\/li><li><strong>Group member attribute : <\/strong>memberOf<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"209\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-2-1024x209.png\" alt=\"\" class=\"wp-image-602\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-2-1024x209.png 1024w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-2-300x61.png 300w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-2-768x157.png 768w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-2.png 1161w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Cliquer sur SAVE pour enregistrer les donn\u00e9es.<\/p>\n\n\n\n<p><strong>Note <\/strong>: si l&rsquo;adresse WAN est une adresse publique, ce qui suit n&rsquo;est pas n\u00e9cessaire. Mais si votre VPN est un bypass LAN\/LAN, il est n\u00e9cessaire de r\u00e9aliser le point suivant : Aller dans interfaces, et sur chaque interface WAN et LAN, d\u00e9cocher les cases dans le paragraphe \u00a0\u00bb Reserved Networks\u00a0\u00bb<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-18.png\" alt=\"\" class=\"wp-image-542\" width=\"953\" height=\"210\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-18.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-18-300x66.png 300w\" sizes=\"auto, (max-width: 953px) 100vw, 953px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Param\u00e9trage du serveur OpenVPN<\/h2>\n\n\n\n<p>Allez dans le menu System\/Package Manager\/ Available Packages et rechercher le package nomm\u00e9 : \u00ab\u00a0openvpn-client-export\u00a0\u00bb et installer le.<\/p>\n\n\n\n<p>Puis dans le menu VPN \/OpenVPN lancer le \u00ab\u00a0<strong>Wizard<\/strong>\u00ab\u00a0<\/p>\n\n\n\n<p>S\u00e9lectionner le <strong>Type Of Server<\/strong> : LDAP<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"698\" height=\"207\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-19.png\" alt=\"\" class=\"wp-image-543\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-19.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-19-300x89.png 300w\" sizes=\"auto, (max-width: 698px) 100vw, 698px\" \/><\/figure>\n\n\n\n<p>S\u00e9lectionner le votre serveur AD que vous avez pr\u00e9c\u00e9demment enregistr\u00e9.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-20.png\" alt=\"\" class=\"wp-image-544\" width=\"727\" height=\"199\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-20.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-20-300x82.png 300w\" sizes=\"auto, (max-width: 727px) 100vw, 727px\" \/><\/figure>\n\n\n\n<p>Cr\u00e9er le certificat Authority en cliquant sur <strong>ADD new CA<\/strong><\/p>\n\n\n\n<p>Renseigner les informations  :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Description name<\/strong> : au choix soit renseign\u00e9 l&rsquo;adresse Ip publique ou nomm\u00e9 le SERVEUR<\/li><li><strong>Ley lengh :<\/strong> 2048<\/li><li><strong>Lifetime<\/strong> : 3650 ou laissez blanc par d\u00e9faut<\/li><li><strong>Country Code<\/strong> : FR<\/li><li><strong>State or Province<\/strong> : FR<\/li><li><strong>City<\/strong> : FR<\/li><li><strong>Organization<\/strong> : Domaine ou Nom de la soci\u00e9t\u00e9<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"698\" height=\"353\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-21.png\" alt=\"\" class=\"wp-image-545\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-21.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-21-300x152.png 300w\" sizes=\"auto, (max-width: 698px) 100vw, 698px\" \/><\/figure>\n\n\n\n<p>S\u00e9lectionner \u00e0 la page suivante le certificat pr\u00e9c\u00e9demment cr\u00e9er.<\/p>\n\n\n\n<p>Arriver sur \u00e9tape 9\/11 il faut renseigner les informations ci-dessous :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Interface<\/strong> : WAN<\/li><li><strong>Protocol<\/strong> : UDP on IPV4 only<\/li><li><strong>Local<\/strong> <strong>Port<\/strong> : 1194 , vous pouvez choisir un autre port mais pensez a faire les ouvertures sur votre box<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"698\" height=\"224\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-22.png\" alt=\"\" class=\"wp-image-546\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-22.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-22-300x96.png 300w\" sizes=\"auto, (max-width: 698px) 100vw, 698px\" \/><\/figure>\n\n\n\n<p>Laisser les cases coch\u00e9es et modifier <strong>DH Parameters Length <\/strong>sur <strong>2048 bit<\/strong> et <strong>Encryption Algorithm : AES-256-GCM<\/strong> , ainsi que <strong>Auth Digest Algorithm sur SHA1<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"698\" height=\"463\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-23.png\" alt=\"\" class=\"wp-image-547\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-23.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-23-300x199.png 300w\" sizes=\"auto, (max-width: 698px) 100vw, 698px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Param\u00e9trage du tunnel VPN<\/h2>\n\n\n\n<p><strong>Tunnel Network : <\/strong>d\u00e9finissez l&rsquo;adresse de r\u00e9seau que les client en VPN auront sur leur poste, exemple ici : les clients auront pour adresse IP 10.0.10.x\/24<\/p>\n\n\n\n<p><strong>Local Network : <\/strong>renseigner l&rsquo;adresse IP du r\u00e9seau cot\u00e9 LAN dans mon exemple: je reprend mon adresse 10.0.2.0\/24 =&gt;<strong> Cela permet \u00e0 nos client VPN de communiquer avec ce r\u00e9seau !<\/strong> Ajoutez-en plusieurs si n\u00e9c\u00e9ssaire.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"698\" height=\"423\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-24.png\" alt=\"\" class=\"wp-image-548\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-24.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-24-300x182.png 300w\" sizes=\"auto, (max-width: 698px) 100vw, 698px\" \/><\/figure>\n\n\n\n<p>Dernier paragraphe, j&rsquo;ajoute les informations pour les client:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Dynamic IP : case coch\u00e9e<\/strong><\/li><li><strong>DNS Default Domain : <\/strong>zone DNS de mon r\u00e9seau (domaine.local)<\/li><li><strong>DNS Server 1 : <\/strong>10.0.2.2 ici dans mon exemple mon DNS est g\u00e9r\u00e9 par mon AD<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-25.png\" alt=\"\" class=\"wp-image-549\" width=\"931\" height=\"284\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-25.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-25-300x92.png 300w\" sizes=\"auto, (max-width: 931px) 100vw, 931px\" \/><\/figure>\n\n\n\n<p>Cocher les options d&rsquo;ajout des \u00ab\u00a0<strong>Firewall Rule<\/strong>\u00a0\u00bb ainsi que les \u00ab\u00a0<strong>OpenVPN rule<\/strong>\u00ab\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-26.png\" alt=\"\" class=\"wp-image-550\" width=\"941\" height=\"382\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-26.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-26-300x122.png 300w\" sizes=\"auto, (max-width: 941px) 100vw, 941px\" \/><\/figure>\n\n\n\n<p>Retourner dans le serveur pr\u00e9c\u00e9demment cr\u00e9er et \u00e9diter les param\u00e8tres.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-27.png\" alt=\"\" class=\"wp-image-551\" width=\"942\" height=\"139\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-27.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-27-300x44.png 300w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p>Changer le <strong>Server mode<\/strong> en \u00ab\u00a0Remote Access (SSL\/TLS + User Auth)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-28.png\" alt=\"\" class=\"wp-image-552\" width=\"942\" height=\"153\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-28.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-28-300x49.png 300w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p>Section \u00ab\u00a0<strong>Advance client Setting<\/strong>\u00a0\u00bb : cocher les cases \u00ab\u00a0<strong>DNS Default Domain<\/strong>\u00a0\u00bb et <strong>DNS Serveur enable<\/strong>\u00a0\u00bb et renseignez les valeurs correspondantes.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-29.png\" alt=\"\" class=\"wp-image-553\" width=\"944\" height=\"180\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-29.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-29-300x57.png 300w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure>\n\n\n\n<p>Sauvegarder les modifications.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cr\u00e9ation du certificat utilisateur<\/h2>\n\n\n\n<p>Aller dans System > Certificate Manager puis dans l&rsquo;onglet Certificates.<\/p>\n\n\n\n<p>Cr\u00e9er un nouveau certificat avec les param\u00e8tres suivants :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Descriptive Name : <strong>USER<\/strong><\/li><li>Certificate Autorithy : <strong>votre certificat serveur (cr\u00e9e pr\u00e9c\u00e9demment)<\/strong><\/li><li>Key type : <strong>RSA \/ 2048<\/strong><\/li><li>Digest Algorithm : <strong>sha256<\/strong><\/li><li>Lifetime : <strong>3650 <\/strong>(10 ans)<\/li><li>Common name : <strong>USER<\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"697\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-3-1024x697.png\" alt=\"\" class=\"wp-image-604\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-3-1024x697.png 1024w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-3-300x204.png 300w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-3-768x523.png 768w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-3.png 1155w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Note : Si vous ne cr\u00e9ez pas de certificate user, vous ne pourrez pas exporter la configuration comme indiqu\u00e9e dans la section suivante !<\/strong><\/p>\n\n\n\n<p>Vous devriez voir cela :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>un certificat pour le webConfigurator<\/li><li>un certificat \u00ab\u00a0Server Certificate\u00a0\u00bb<\/li><li>un certificat \u00ab\u00a0User Certificate\u00a0\u00bb<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"336\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-4-1024x336.png\" alt=\"\" class=\"wp-image-605\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-4-1024x336.png 1024w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-4-300x98.png 300w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-4-768x252.png 768w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/02\/image-4.png 1149w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Param\u00e9trage du client VPN<\/h2>\n\n\n\n<p>Aller dans le menu <strong>Client Export<\/strong><\/p>\n\n\n\n<p>Modifier les options suivantes :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Remote Access Server<\/strong> : Serveur UDP4:1194 ou en fonction du port choisis<\/li><li><strong>Host Name Resolution<\/strong> : Other<\/li><li><strong>Host Name<\/strong> : indiquer votre adresse publique<\/li><li><strong>Verify Server CN<\/strong> : Do not verify the server CN<\/li><\/ul>\n\n\n\n<p><strong>IMPORTANT<\/strong> : dans Host Name, indiquer explicitement votre IP PUBLIQUE sinon la configuration VPN pointera vers l&rsquo;adresse IP WAN, ce qui fonctionnera si votre adresse IP est publique mais ne fonctionnera pas si cette derni\u00e8re est derri\u00e8re un routeur de t\u00eate.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-30.png\" alt=\"\" class=\"wp-image-554\" width=\"940\" height=\"254\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-30.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-30-300x81.png 300w\" sizes=\"auto, (max-width: 940px) 100vw, 940px\" \/><\/figure>\n\n\n\n<p>Cliquer sur \u00ab\u00a0Save as default\u00a0\u00bb pour enregistrer les modifications<\/p>\n\n\n\n<p>Puis g\u00e9n\u00e9rer votre fichier configuration. Attention, v\u00e9rifier que vous avez bien votre certificat utilisateur (user certificate) pour g\u00e9n\u00e9rer le fichier.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-31.png\" alt=\"\" class=\"wp-image-555\" width=\"932\" height=\"272\" srcset=\"https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-31.png 698w, https:\/\/www.delixirpro.com\/blog\/wp-content\/uploads\/2021\/01\/image-31-300x88.png 300w\" sizes=\"auto, (max-width: 932px) 100vw, 932px\" \/><\/figure>\n\n\n\n<p>Installer le dernier client OpenVPN disponible sur le site, importer votre fichier configuration et tester votre connexion.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Installation d&rsquo;un pfSense pour en tant que routeur, ainsi qu&rsquo;un OPENVPN Serveur pour connexion VPN client. L&rsquo;installation se fait ici sur un serveur Hyper-V. Configuration de la machine virtuelle : Processeur : 2 c\u0153urs&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":584,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40],"tags":[39,49],"class_list":["post-523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutoriel","tag-openvpn","tag-pfsens"],"_links":{"self":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts\/523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/comments?post=523"}],"version-history":[{"count":5,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts\/523\/revisions"}],"predecessor-version":[{"id":606,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/posts\/523\/revisions\/606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/media\/584"}],"wp:attachment":[{"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/media?parent=523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/categories?post=523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.delixirpro.com\/blog\/wp-json\/wp\/v2\/tags?post=523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}