PFSense

OpenVPN Server Profiles

Download Here

  1. Download our OpenVPN Server Profiles and extract the .ZIP
  2. Open up one of the server profile files in a text editor and leave it opened (notepad, gedit etc)
  3. Login to your pfSense Web-UI and navigate to main menu, then System > Certificate Manager > CAs Tab > Click on the +
  4. Give it a Descriptive name. A name that you can identify from the rest of other Certificate Authority inside your pfSense box. For example CELO-DE1-CA.
  5. Under Method select Import from Existing Cert Auth. Under Certificate date text field, Go to your .OVPN file and copy everything that sits between <ca> and </ca> tag and paste it to the text field (like below) then click on Save
    pfsense-openvpn-ca-cert
  6. Click on VPN menu > OpenVPN > Clients > +
  7. Copy the below settings. Enter in the server name/address you are setting up, port number and give it a description
    pfsense openvpn setup general info
  8. Enter in your VPN username (not your email) and password
    pfsense openvpn client user
  9. Under TLS authentication, Untick Automatically generate a shared TLS Authentication Key. This should give you a new text box. Go back to your .OVPN file and copy the text between <tls-crypt> and </tls-crpyt>Peer Certificate Authority = Select the CA you create above
    Client Certificate = None (username and/or password required)

    Copy rest of the settings from below

    pfsense openvpn setup crypto settings

    pfsense openvpn crypto settings2

  10. IPv4 Tunnel Network and IPv4 Remote Network(s) can be set to whatever you choose too. If you are unsure, copy the belowCompression = Enabled or Enabled with Adaptive Compression
    pfsense-openvpn-client-tunnel-settings
  11. Go to Status > OpenVPN. You should see that the openvpn service is up and running with a virtual address assigned etc.
  12. Go to Interfaces > Assign. You should see a new available network port. Click Add
    pfsense-openvpn-interface
  13. Click on the new Interface name (OPT1) > Copy the below settings.
  14. Click Save > Apply Settings
    pfsense-openvpn-OPT1.
  15. Click on Firewall > NAT > Outbound > Select Manual Outbound NAT > Save > Apply Settings
  16. On the Firewall / NAT / Outbound page > Click on Add
  17. Copy the below settings > Save > Apply Settings
    pfsense-openvpn-NAT-Entry
  18. Reboot PFSense via Diagnostics > Reboot.
    Once rebooted, log back into PFSense and check the status of OpenVPN. If connected, check the connection on a device that is connected to the same network as PFSense.
Updated on September 29, 2019

Was this article helpful?

Related Articles