Sign in to follow this  
Followers 0

Configure OpenVPN client to HideMyAss (HMA) in PFSense

1 post in this topic

Instructions on how to route all traffic through HideMyAss via OpenVPN

 

Preparation

CA Manager

  • Log into your pfSense installation and choose System - Cert Manager
  • Click on the CAs Tab and hit the + button to insert a new CA
  • Type a description (e.g. HMA CA), and paste the contents of the ca.crt file into the Certificate Data field. Then click Save.

1Certificate_Authority_Manager.png

 

  • Now click on the Certificates tab, click +, type a description (e.g. HMA OVPN), and paste the contents of hmauser.crt into the Certificate Data field, then the contents of hmauser.key into the Private Key Data field. Click Save.

 2Certificate_Manager.png

 

Login File

  • Click Diagnostics - Edit File
  • Type your HMA username and password into the input box, one on it's own individual line. Type /conf/hmauser.conf into the Save/Loadfrom path box, then click Save.

3Edit_file.png

 

OpenVPN Client

  • Click VPN - OpenVPN
  • Select the Client tab
  • Click the + icon and change the following settings, the rest can remain at the default:
    • Protocol: TCP
    • Server Host or Address: (The IP of the HMA VPN server you utilize, you can find them listed at bottom of each of the following .ovpn config files, http://hidemyass.com/vpn-config/vpn-configs.zip )
    • Server Port: 443
    • Check the Infinitely Resolve Server box.
    • Enter a Description (e.g. HMA Pro VPN)
    • UNcheck Enable Authentication of TLS Packets
    • Peer Certificate Authority: HMA CA
    • Client Certificate: HMA OVPN
    • Encryption Algorithm: AES 256
    • Advanced: verb 3;ns-cert-type server;auth-user-pass /conf/hmauser.conf;persist-key;persist-tun;
  • Click Save

4OpenVPN_-_Client.png

5OpenVPN.png

  • Click Status - OpenVPN. The status should be "up" with your IP information listed. It may take 15-30 seconds to establish the connection. Click Status - System Logs - OpenVPN to troubleshoot if the connection does not come up.
  • Check the OpenVPN log for the line: Initialization Sequence Completed. If you do not see this, it means your settings are incorrect. Go back and start again. 

 

Interfaces

  • Click Interfaces - Assign, click the + icon. A new interface should automatically populate with a network port of opvnc1, most likely with a name of OPT1.
  • Click Interfaces - OPT1
  • Enable the interface by placing a check in the box.
  • Enter a more apt description (e.g. change OPT1 to HMA)
  • Click Save

 

Firewall

  • Click Firewall - Rules and select the LAN tab
  • Click the e icon to edit your Default Allow LAN to Any rule.

 

Gateway 
 

  • Click the Gateway - Advanced button and choose the interface you just created (e.g. HMA)
  • Click Save

 6Gateways.png


If you would like to route only certain LAN IP addresses through HideMyAss via OpenVPN:
 

  • Follow the instructions above, but instead of editing the Default Allow LAN to Any Rule, click the + icon to create a new rule.
    • Protocol: Any
    • Source, Type: LAN Address
    • Address: IP of machine you want to route across your HMA VPN connection
    • Description: HMA VPN Rule
    • Gateway: Advanced, choose HMA
  • Click Save
  • Verify the rule you just created is listed ABOVE the Default Allow LAN to Any rule. Rules are processed from top to bottom. If necessary, move the rule to the top. 

 

General Setup

  • Go to the General Setup 
  • Choose WAN for gateway of all DNS Servers.
  • We suggest openDNS (208.67.222.222 + 208.67.220.220) or Google DNS (8.8.8.8 + 8.8.4.4).
  •  Hit Save.

 7DNS.png

  • Wait about 5-10 seconds and then check your public IP at http://geoip.hidemyass.com - All your traffic should now be routed through HMA and your public IP should report as your HMA VPN IP, not your ISP's IP.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0