You may use Strato HiDrive as an external storage for team collaboration, internal file-sharing or remote backups. In such cases it can be very useful to establish the secure connection via your corporate UTM Gateway instead on each client. This only requires an additional HiDrive Account which has the ability to connect via VPN (Login allowed via OpenVPN).
This solution requires the HiDrive business plans with advanved protocol featureset!
Step 1 – Download the OpenVPN Config Package#
First of all, you have to download the official openvpn config package directly from the Strato Website. It contains the CA, TLS-Auth Key as well as a poor OpenVPN Config.
Step 2 – Upload the CA#
Go into the pfSense Webinterface and add a new CA – paste the content of the ca.drive.strato.com.crt file into the textarea and save it. The CA is now available within the OpenVPN Client config.
Step 3 – Create a new VPN Client Instance#
Finally goto VPN -> OpenVPN -> Clients and create a new instance.
You should use a dedicated HiDrive User-Account which has the ability to connect via VPN. Use this account credentials for the OpenVPN User Authentication.
By default, OpenVPN uses BF-CBC as cipher with SHA1 auth – not AES as set in pfSense GUI.
This is the most tricky/weak part..Strato is using the TLS-Auth Key in bidirectional mode, which is not recommended. Normally the key-direction 0 will be used for servers, 1 for clients and pfSense is not offering an option to change this via the GUI.
But its possible to add the TLS-Auth Key as inline statement under “Advanced Configuration -> Custom Options” without a key-direction (bidirectional by default). Just paste the following code. It contains the TLS-Auth key as of Mai 2017.
Manual TLS-Auth Config
tls-auth [inline]<tls-auth>-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----</tls-auth>