Setup Pfsense Openvpn

Setting up an OpenVPN connection on a pfSense router/firewall

The following instructions will guide you through a configuration of an OpenVPN connection through a pfSense interface. This is the recommened connection for pfSense when connecting to the VPNUK service.

Prerequisites:
Please ensure you have the pfsense certificate file. You can download the: pfSense Certificate File or you can also fetch it from the members area and downloads section of our website.

1. Login

Login to pfSense’s admin web UI.

2. Cert Manager

From the pfSense interface, go to the menu and select ‘System > Cert. Manager’.

3. Add

Click onto the ‘Add’ button.

4. Name, Method and Certificate data

In the ‘Descriptive name’ type ‘VPNUK’ and ensure ‘Method’ is set to ‘Import an existing certificate authority’ is selected. Now open the vpnuk-ca.crt file in notepad or any text editor (right click, Open with..) and copy/paste the text content from and including —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– into the ‘Certificate data’ field.
IMPORTANT: Do not enter any other data or spaces into the Certificate data field.

5. Save

Click onto the ‘Save’ button.

5. Configuration

From the pfSense interface, go to ‘VPN’ > ‘OpenVPN’.

6. Edit Client VPN

Choose ‘Client’ from the options in the tabs. click onto the ‘+’ button to add a new OpenVPN configuration.

7. Setup Instructions

NOTE: Leave any additional boxes or options empty or on the current default setting.
7.1. Server Mode: ‘Peer to Peer (SSL/TLS)’.
7.2 Protocol: ‘UDP’ (You can also use TCP).
7.3. Device mode: ‘tun’.
7.4. Interface: ‘WAN’.
7.5. Server host or address: Clients on our shared IP platform can enter any Shared IP server details. Dedicated IP users should enter their unqique connecting server IP.
7.6. Server port: ‘1194’ (If you use TCP you can enter 443).

8. Setup Instructions:

NOTE: Leave any additional boxes or options empty or on the current default setting.
8.1. Description: You can enter anything here, ‘VPNUK’ is a good option.
8.2. Username: Your VPNUK login username.
8.3. Password: Your VPNUK login password.

9. Setup Instructions

NOTE: Leave any additional boxes or options empty or on the current default setting.
9.1. ‘Enable authentication of TLS packets’: checked
9.2. Open the contents of the ta.key file from the zip file and paste it into the ‘Key’ field.
9.3. Peer Certificate Authority: select ‘VPNUK’ from the list
9.4. Encryption algorithm: ‘BF-CBC (128-bit)’.
9.5. Auth digest algorithm: ‘RSA-SHA1 (160-bit)’.

10. Setup Instructions

NOTE: Leave any additional boxes or options empty or on the current default setting.
10.1. Compression: select ‘Enabled with Adaptive compression’.
10.2. Topology: select ‘net 30 — Isolated /30 network per client’.
10.3. Verbosity: select ‘3 (recommended)’.

11. Save Setup

Click onto the ‘Save’ button.

12. Status

From the pfSense interface, go to ‘Status’ and select the ‘OpenVPN’ tab,
then click on the ‘Run’ sign just below ‘Service’. You should see the OpenVPN
client connecting to the server.

13. Thats It!

You can check if everything is working as expected by performing a traceroute from ‘Diagnostics’ > ‘Traceroute’.

Troubleshooting pfSense Issues

If the connection doesn’t seem to be workng, please go to ‘Status’ > ‘System logs’ > ‘Openvpn’ and have a look at the logs. If you notice a particular error please let us know and we can troubleshoot the problem with you.