PFSense

OpenVPN Server Profiles

Download Here

  1. Download our OpenVPN Server Profiles and extract the .ZIP
  2. Open up one of the server profile files in a text editor and leave it opened (notepad, gedit etc)
  3. Login to your pfSense Web-UI and navigate to main menu, then System > Certificate Manager > CAs Tab > Click on the +
  4. Give it a Descriptive name. A name that you can identify from the rest of other Certificate Authority inside your pfSense box. For example CELO-DE1-CA.
  5. Under Method select Import from Existing Cert Auth. Under Certificate date text field, Go to your .OVPN file and copy everything that sits between <ca> and </ca> tag and paste it to the text field (like below) then click on Save
    pfsense-openvpn-ca-cert
  6. Click on VPN menu > OpenVPN > Clients > +
  7. Copy the below settings. Enter in the server name you are setting up, and give it a description
    pfsense-openvpn-client-gernal-info
  8. Enter in your VPN username (not your email) and password
    pfsense openvpn client user
  9. Under TLS authentication, Untick Automatically generate a shared TLS Authentication Key. This should give you a new text box. Go back to your .OVPN file and copy the text between <tls-crypt> and </tls-crpyt>

    Peer Certificate Authority = Select the CA you create above
    Client Certificate = None (username and/or password required)

    Copy rest of the settings from below

    pfsense-openvn-crypto-settings

  10. IPv4 Tunnel Network and IPv4 Remote Network(s) can be set to whatever you choose too. If you are unsure, copy the below

    Compression = Enabled or Enabled with Adaptive Compression
    pfsense-openvpn-client-tunnel-settings

  11. Go to Status > OpenVPN. You should see that the openvpn service is up and running with a virtual address assigned etc.
  12. Go to Interfaces > Assign. You should see a new available network port. Click Add
    pfsense-openvpn-interface
  13. Click on the new Interface name (OPT1) > Copy the below settings.
  14. Click Save > Apply Settings
    pfsense-openvpn-OPT1.
  15. Click on Firewall > NAT > Outbound > Select Manual Outbound NAT > Save > Apply Settings
  16. On the Firewall / NAT / Outbound page > Click on Add
  17. Copy the below settings > Save > Apply Settings
    pfsense-openvpn-NAT-Entry
  18. Reboot PFSense via Diagnostics > Reboot.
    Once rebooted, log back into PFSense and check the status of OpenVPN. If connected, check the connection on a device that is connected to the same network as PFSense.
Updated on April 1, 2019

Was this article helpful?

Related Articles