- Download our OpenVPN Server Profiles and uncompress/extract the .ZIP (above)
- Pick a server/location you would like to setup. Open up one of the server profile files in a text editor and leave it opened (notepad, gedit etc)
- Login to your OPNSense Web-UI and navigate to System> Trust > Authorities > Click Add
- Give it a Descriptive name. A name that you can identify from the rest of other Certificate Authority inside your Firewall. For example CELO-Germany etc.
- Under Method select Import from Existing Cert Auth.- Under Certificate data text field, Go to your .OVPN file and copy everything that sits between <ca> and </ca> tag and paste it to the text field (like below) then click on Save
- Click on VPN menu > OpenVPN > Clients > +Add
- Copy the below settings. Enter in the server name/address you want to set up, the port number and a description for the connection
- Enter in your VPN username (not your email) and password
- Under Cryptographic Settings, Untick “Enable Authentication of TLS Packets”
– Peer Certificate Authority = Select the CA Cert you created/imported in step 5
– Client Certificate = None (username and/or password required)
– Copy rest of the settings from below
- Go back to your .OVPN file and copy the text from setenv CLIENT_CERT 0 to </tls-crpyt> (like in screenshot)
- Go to Interfaces > Assignments. You should see a new available network interface (OPT1). Click Add
- Click on the new Interface name (OPT1/2/3) > Copy the below settings.
- Click on Firewall > NAT > Outbound > Select Manual Outbound NAT > Save > Apply Settings
- On the Firewall / NAT / Outbound page > Click on Add
- Select interface OPT1/2/3 and the rest leave as default
- Firewall > Rules > OpenVPN > Add
- Copy the below
- Reboot OPNSense
Updated on August 4, 2020
Was this article helpful?
Can't find the answer you're looking for?Contact Support