We use cookies to personalize your experience on our websites. By using our website, you agree to the use of cookies as described in our Cookies Policy

Your IP: 54.152.38.154
Your Location: United States, Ashburn
Your Status: Unprotected
Protect Me

pfSense OpenVPN configuration guide for KeepSolid VPN Unlimited users

Want to cover your pfSense with VPN protection and secure all connected devices? Configure pfSense OpenVPN client using our comprehensive tutorial. It will walk you through the steps to set up VPN connection using the OpenVPN protocol on pfSense 2.4.4 router. 

I. Get OpenVPN configurations for pfSense VPN setup

 

Before the pfSense OpenVPN setup you’ll need to get the OpenVPN settings in your KeepSolid User Office and download the configuration file. For this, complete a few simple steps described in our tutorial.

 

II. Set up pfSense OpenVPN client

 

Once you get all the required VPN configurations, carefully follow the steps below.  

1. Open your pfSense router interface and navigate to System > Certificate Manager > CAs and click Add.

Open your pfSense router interface and navigate to System > Certificate Manager > CAs

2. Complete the following fields:

  • Descriptive name: Enter any name of your choice

  • Method: Select Import an existing Certificate Authority

  • Certificate data: Paste the text from the configuration file, which appears between <CA> and </CA>, including BEGIN CERTIFICATE and END CERTIFICATE lines

  • Serial for next certificate: Enter any number of your choice

3. When you finish, click Save.

pfSense OpenVPN configuration guide for KeepSolid VPN Unlimited users - pfSense OpenVPN

4. Go to System > Certificate Manager > Certificates and click Add.

5. Complete the fields in the following way:

  • Descriptive name: Enter any name of your choice

  • Method: Select Import an existing Certificate Authority

  • Certificate data: Paste the text from the configuration file, which appears between <CERT> and </CERT>, including BEGIN CERTIFICATE and END CERTIFICATE lines

  • Private key data: Paste the text from the configuration file, which appears between <KEY> and </KEY>, including BEGIN PRIVATE KEY and END PRIVATE KEY lines

  • Serial for next certificate: Enter any number of your choice

6. Once completed, click Save.

pfSense OpenVPN configuration guide - Go to System>Certificate Manager>Certificates and click Add

7. Go to VPN > OpenVPN > Clients and click Add.

pfSense OpenVPN configuration guide - Go to VPN > OpenVPN > Clients and click Add

8. Complete General Information section of the pfSense OpenVPN client as shown below. As you can see, most of the fields are left default.

  • Disable this client: Leave it unchecked
  • Server mode: Peer to Peer (SSL/TLS)
  • Protocol: UDP on IPv4 only
  • Device mode: tun – Layer 3 Tunnel Mode
  • Interface: WAN
  • Local port: Leave the field blank
  • Server host or address: Type the selected VPN server address (you can find it in the Domain name field of the OpenVPN configurations you’ve previously generated) 
  • Server port: 1194
  • Proxy host or address: Leave the field blank
  • Proxy port: Leave it blank
  • Proxy Authentication: None
  • Description: You can leave the field blank

In User Authentication Settings you don't need to make any changes. 

pfSense OpenVPN configuration guide - Go to VPN > OpenVPN > Clients
pfSense OpenVPN configuration guide - Complete the fields as shown below, part1

9. Then, navigate to the Cryptographic Settings and complete this section in the following way: 

  • Use a TLS Key: Leave it unchecked
  • Peer Certificate Authority: Select KeepSolid VPN Unlimited certificate you've previously added  
  • Client Certificate: In the dropdown list select KeepSolid VPN Unlimited certificate 
  • Encryption Algorithm: Select the option AES-256-CBC (256 bit key, 128 bit block) 
  • Enable NCP: Check this option
  • NCP Algorithms: Scroll the list of available NCP Encryption Algorithms and find AES-256-GCM. Click on it to add it to the Allowed NCP Algorithms list on the right.  
  • Auth digest algorithm: Select SHA512 (512-bit)
pfSense OpenVPN configuration guide - Complete the fields as shown below, part3 pfSense configuration guide, OpenVPN - cryptographic settings

10. In the Tunnel Settings of pfSense VPN client, navigate to Compression and make sure it is disabled. Select the option Disable Compression, retain compression packet framing [compress]

pfSense OpenVPN configuration guide - Complete the fields as shown below, part4

11. Navigate to the Advanced Configuration section and input the following data within the Custom options field: 

reneg-sec 0;
persist-tun;
persist-key;
remote-random;
remote-cert-tls server;
route-metric 1;

 

pfSense OpenVPN configuration guide - Input the following data within the Custom options field

12. Once you've filled out the fields, click Save at the bottom of the page.

pfSense VPN setup - saving OpenVPN client settings

13. Go to Interfaces > Assignments and click Add.

The network port name most likely will be named ovpnc1. Please make sure that the new interface is selected as ovpnc1 (it can be ovpnc2, ovpnc3, etc, depending whether you have other ovpn interfaces or not).

14. When you finish, click Save.

pfSense OpenVPN configuration guide - Go to Interfaces > Assignments and click Add
The network port name will be named ovpnc1. Make sure that the new interface is selected as ovpnc

15. Go to Interfaces > OPT1 (your new interface name from the previous step).

Complete the fields as shown below. As you can see, most of them should be left empty.

  • Enable: Set the checkbox for Enable interface

  • Description: Enter any name of your choice, for example, KeepSolid-VPN

16. No other changes are required. Click Save and Apply Changes.

 pfSense VPN setup - adding VPN interface

17. Go to System > Routing and click Add.

pfSense OpenVPN configuration guide - Go to System > Routing and click Add

18. Complete the fields of the pfSense VPN gateway as shown below and click Save and Apply Changes.
As you can see, most of the fields are left default or empty.

pfSense OpenVPN configuration guide - Go to System > Routing part1 pfSense OpenVPN configuration guide - Go to System > Routing and click Add part2
pfSense OpenVPN configuration guide - Go to System > Routing and click Add part3

19. Go to Firewall > Aliases > IP and click Add.

pfSense OpenVPN configuration guide for VPN Unlimited - Go to Firewall>Aliases>IP and click Add

20. Complete the fields as shown below.

pfSense OpenVPN configuration guide - Go to Firewall > Aliases > IP and click Add

21. When you finish, click Save and Apply Changes.

22. Then, go to Firewall > NAT > Outbound.

23. Set the Mode to Manual, then click Save and Apply Changes.

24. After that, you have to make copies of your WAN connections. 

Click Click the button to make a copy and then  to edit to make a copy and then to edit. All you need to change in the copy is the interface: select your new virtual interface instead of WAN. In our case it is KEEPSOLIDVPN. Do the same with all the WAN connections. When you finish, click Save and Apply Changes.

Select your new virtual interface instead of WAN. Do the same with all the WAN connections

Your Mappings list should be as follows:

pfSense OpenVPN configuration guide - Your Mappings list should be as follows

25. Go to Firewall > Rules > LAN and click Add.

pfSense OpenVPN configuration guide - Go to Firewall > Rules > LAN and click Add

26. Complete the fields as shown in the screenshots below and click Save. Most of the fields are left default or empty.

pfSense OpenVPN configuration guide - Complete the fields as shown below pfSense OpenVPN configuration guide - Complete the fields as shown below part2
pfSense OpenVPN configuration guide - Complete the fields as shown below part3 pfSense OpenVPN configuration guide - Complete the fields as shown below and click Save

27. As the final step to complete the pfSense VPN configuration, go to Diagnostics > Reboot and wait a few moments for your pfSense router to restart.

 

That’s about it! You’ve completed the pfSense VPN setup and now have a running OpenVPN connection on your pfSense router. If you need VPN configuration guides for other devices, be sure to check our Manuals page to find the one you need. Need any assistance? Feel free to contact our customer support, we’ll gladly assist you!