PFSense

OpenVPN Server Profiles

Download Here

  1. Download our OpenVPN Server Profiles and extract the .ZIP
  2. Open up one of the server profile files in a text editor and leave it opened (notepad, gedit etc)
  3. Login to your pfSense Web-UI and navigate to main menu, then System > Certificate Manager > CAs Tab > Click on the +
  4. Give it a Descriptive name. A name that you can identify from the rest of other Certificate Authority inside your pfSense box. For example CELO-DE1-CA.
  5. Under Method select Import from Existing Cert Auth. Under Certificate date text field, Go to your .OVPN file and copy everything that sits between <ca> and </ca> tag and paste it to the text field (like below) then click on Save
    pfsense-openvpn-ca-cert 
  6. Click on VPN menu > OpenVPN > Clients > +
  7. Copy the below settings. Enter in the server name you are setting up, and give it a description
    pfsense-openvpn-client-gernal-info 
  8. Under TLS authentication, Untick Automatically generate a shared TLS Authentication Key. This should give you a new text box. Go back to your .OVPN file and copy the text between <tls-crypt> and </tls-crpyt>
     
    Peer Certificate Authority = Select the CA you create above
    Client Certificate = None (username and/or password required)
     
    Copy rest of the settings from below

    pfsense-openvn-crypto-settings 

  9. IPv4 Tunnel Network and IPv4 Remote Network(s) can be set to whatever you choose too. If you are unsure, copy the below
     
    Compression = Enabled or Enabled with Adaptive Compression
    pfsense-openvpn-client-tunnel-settings 
  10. Go to Status > OpenVPN. You should see that the openvpn service is up and running with a virtual address assigned etc.
  11. Go to Interfaces > Assign. You should see a new available network port. Click Add
    pfsense-openvpn-interface 
  12. Click on the new Interface name (OPT1) > Copy the below settings.
  13. Click Save > Apply Settings
    pfsense-openvpn-OPT1. 
  14. Click on Firewall > NAT > Outbound > Select Manual Outbound NAT > Save > Apply Settings
  15. One the Firewall / NAT / Outbound page > Click on Add
  16. Copy the below settings > Save > Apply Settings
    pfsense-openvpn-NAT-Entry 
  17. Reboot PFSense via Diagnostics > RebootOnce rebooted, log back into PFSense and check the status of OpenVPN. If connected, check the connection on a device that is connected to the same network as PFSense.
Updated on November 7, 2018

Was this article helpful?

Related Articles