Firewalla VPN Server supports both OpenVPN and WireGuard VPN. Here is the guide on how to configure OpenVPN.
If you want to learn more about what is Firewalla VPN server, please refer to this article: Firewalla VPN Server.
To configure the Firewalla OpenVPN server:
1. Turn on VPN Server
The very first step is to turn on the VPN server on your Firewalla box. The Firewalla box will start a pre-installed OpenVPN server. When the VPN server starts, it will generate a unique key, which is only for your box.
Once you do that, click on "Setup"; it will guide you through the setup.
If you have an IPv6 address that you'd like to use to set up your VPN server, you can manually specify your server's IP type (and WAN interface if needed). To do this, tap your server's Setup, then tap DDNS. You can then modify its IP Address Type and WAN Interface as needed.
2. Configure Port Forwarding
Firewalla VPN Server requires the port to be accessed from outside your network.
- If you are using Firewalla in Router mode without double NAT or CGNAT, skip this step. Port Forwarding will be shown as complete.
- If you are using Firewalla in Simple or DHCP mode, and your main router has UPnP enabled (as most routers do), Firewalla will do everything for you.
- In all other cases, you will need to make some configurations:
- If you're under double NAT, you can manually set up port forwarding. Tutorial: How to set up port forwarding for VPN Server
- If you have a working IPv6 address or another WAN with a public IP address, you can change your DDNS to “IPv6 only” or use your other WAN. This is especially useful if you're under CGNAT and your ISP doesn't allow port forwarding. See our article on the Firewalla VPN Server for how to change your VPN server's DDNS settings.
3. Connecting to OpenVPN Server
3.1 Using OpenVPN Client App
To use VPN, you will need to install an OpenVPN compatible client on your mobile or desktop device. We have created instruction pages for different types of devices, with links to download VPN clients.
Once you have installed the client, you'll need a profile and a password in order to use the VPN client. The profile and password are generated by Firewalla. They are device-independent and can be shared. Refer to the instruction pages above on how to add the profile to the client.
3.2 Using Firewalla Site to Site or Remote Access VPN
If you are managing multiple Firewalla boxes, Firewalla allows you to connect one Firewalla box to another.
To create a Site to Site VPN or a Remote Access VPN connection using OpenVPN, on the Firewalla app, go to the client side box, find VPN Client -> Create VPN Connection -> Site to Site VPN -> select the server box you'd like to connect -> Select OpenVPN.
Comments
6 comments
Is it possible to edit the openVPN server config file on the firewalla? The way the automatic openVPN is setup by default on the gold doesn't allow the connected clients access to any of the devices on the remote LAN and so things like file and printer sharing are unusable. The server just acts like a privacy vpn for browsing the web.
I'd also like to know this. It's weird - if I connect from my phone to the firewalla, I can connect to all clients attached the the firewalla.
If I connect from my Asus router to the firewalla, I can't connect to ANY clients attached to the firewall - even from an ssh session on the router.
I got problems setting up openvpn server on a gold firewalla in router mode. I enabled upnp, then setup openvpn server and it says that i have to manually open the port, which is weird 'cause i expect upnp on the same very device do its job. But it's ok, i try manually open the port, so i go in the nat section, try to manually open the port but of course i can't select the target device, 'cause it's the firewalla itself... Any advice?
@radagast82, if you are running a gold in router mode, and it is your primary router, you do not need UPnP ... If the Gold is your only router (you don't have double NAT), then check this https://help.firewalla.com/hc/en-us/articles/360055686674-How-to-see-if-you-have-a-public-IP-address-
You're right, my new isp provides public ip on demand, I just asked them for one... I thought it was by default
Is there any way to get a ".UDP" configuration file versus a ".OVPN" configuration file. Trying to use the builtin VPN client on a MIFI Hotspot and found out that they only support configuration files that are formatted as ".UDP". I have yet to see a way to convert a ".OVPN" to a ".UDP" If NordVPN can do it, Firewalla should be able to. (Full discussion on this topic here https://community.verizon.com/t5/Hotspots/Verizon-MiFi-Jetpack-8800L-won-t-connect-or-accept-my-VPN/td-p/1150443/page/3)
Please sign in to leave a comment.