im Cert Manager eine neue CA erstellen:

 

import an existing Certificate Authority

 

Certificate data: ca.crt hineinkopieren

 

Rest empty lassen

 

 

 

im PfSense unter VPN/OpenVPN einen neuen Client anlegen

 

ServerMode: Peer to Peer (SSL/TLS)

 

Protocol: UDP

 

Device mode: tun

 

Interface: WAN

 

Local Port: empty

 

Server host or address: vpn.speeddrive.de

 

Server port: 1194

 

Proxy host or address: empty

 

Proxy port: empty

 

Proxy authentication: none

 

 

 

TLS Authentication: enable authentication of TLS packets

 

ta.key hineinkopieren

 

 

 

Peer Certificate: speeddrive.de

 

Client Certificate: default (wird nicht verwendet)

 

Encryption: none

 

Hardware Crypto: no

 

 

 

Advanced:

 

auth-user-pass /var/etc/openvpn/clientx.pw

 

ns-cert-type server