OPNSense

OpenVPN Server Profiles

Download Here

  1. Download our OpenVPN Server Profiles and uncompress/extract the .ZIP (above)
  2. Pick a server/location you would like to setup.  Open up one of the server profile files in a text editor and leave it opened (notepad, gedit etc)
  3. Login to your OPNSense Web-UI and navigate to  System> Trust > Authorities > Click Add
  4. Give it a Descriptive name. A name that you can identify from the rest of other Certificate Authority inside your Firewall. For example CELO-Germany etc.
  5. Under Method select Import from Existing Cert Auth.- Under Certificate data text field, Go to your .OVPN file and copy everything that sits between <ca> and </ca> tag and paste it to the text field (like below) then click on Save

    opnsense openvpn Cert Auth Setup

  6. Click on VPN menu > OpenVPN > Clients > +Add
  7. Copy the below settings. Enter in the server name/address you want to set up, the port number and a description for the connection
    opnsense openvpn client setup
  8.  Enter in your VPN username (not your email) and password
    opnsense openvpn setup user auth
  9. Under Cryptographic Settings, Untick “Enable Authentication of TLS Packets”
    – Peer Certificate Authority = Select the CA Cert you created/imported in step 5
    – Client Certificate = None (username and/or password required)
    – Copy rest of the settings from below

    opnsense openvpn setup crypto settings

  10.  Go back to your .OVPN file and copy the text from setenv CLIENT_CERT 0 to  </tls-crpyt> (like in screenshot)
    opnsense openvpn setup advanced

     

  11. Go to Interfaces > Assignments. You should see a new available network interface (OPT1). Click Add
  12. Click on the new Interface name (OPT1/2/3) > Copy the below settings.

    opnsense openvpn setup interface

  13. Click on Firewall > NAT > Outbound > Select Manual Outbound NAT > Save > Apply Settings
  14. On the Firewall / NAT / Outbound page > Click on Add
  15. Select interface OPT1/2/3 and the rest leave as default

    opnsense openvpn setup outbound

     

  16. Firewall > Rules > OpenVPN > Add
  17. Copy the below

    opnsense openvpn firewall rule

     

  18. Reboot OPNSense
Connection Status

You can check to see if you are connected or not by going to VPN > OpenVPN > Connection Status 

Updated on August 4, 2020

Was this article helpful?

Related Articles