OpenVPN Server Profiles

Download Here

  1. Download our OpenVPN Server Profiles and extract the .ZIP
  2. Open up one of the server profile files in a text editor and leave it opened (notepad, gedit etc)
  3. Login to your pfSense Web-UI and navigate to main menu, then System > Certificate Manager > CAs Tab > Click on the +
  4. Give it a Descriptive name. A name that you can identify from the rest of other Certificate Authority inside your pfSense box. For example CELO-Germany etc.
  5. Under Method select Import from Existing Cert Auth.Under Certificate date text field, Go to your .OVPN file and copy everything that sits between <ca> and </ca> tag and paste it to the text field (like below) then click on Save
  6. Click on VPN menu > OpenVPN > Clients > +Add
  7. Copy the below settings. Enter in the server name/address you would like to set up, the port number and a description for the connectionpfsense openvpn client general
  8. Enter in your VPN username (not your email) and password
    pfsense openvpn client user
  9. Under TLS authentication, Untick “Automatically generate a TLS Authentication Key”
    Go back to your .OVPN file and copy the text between <tls-crypt> and </tls-crpyt>Peer Certificate Authority = Select the CA you created in step 5

    Client Certificate = None (username and/or password required)
    Copy rest of the settings from below

    pfsense openvpn setup crypto settings 1

    pfsense openvpn setup crypto settings 2

  10. Leave all fields blank/default.  Change Compression setting to Omit Preference
    pfsense openvpn client tunnel
  11. Advanced settings should look like belowpfsense openvpn client advanced
  12. Go to Status > OpenVPN. You should see that the openvpn service is up and running with a virtual address assigned etc.
  13. Go to Interfaces > Assign. You should see a new available network interface. Click Add
  14. Click on the new Interface name (OPT1) > Copy the below settings.
  15. Click Save > Apply Settings
  16. Click on Firewall > NAT > Outbound > Select Manual Outbound NAT > Save > Apply Settings
  17. On the Firewall / NAT / Outbound page > Click on Add
  18. Copy the below settings > Save > Apply Settings

    pfsense openvpn setup crypto outbound NAT

  19. Reboot PFSense via Diagnostics > Reboot.  Once rebooted, log back into PFSense and check the status of OpenVPN. If connected, check the connection on a device that is connected to the same network as PFSense.
Updated on August 4, 2022
Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support