How to setup OpenVPN on pfSense (2.5.2) Router

To find your VPN credentials log into the PureVPN members area. Click 👉 here to visit member area.

• Login to the Member area using your PureVPN registered email address and password.

• From manage account section, go to the Subscriptions tab.

• On Subscription tab scroll down to be able to view your VPN credentials

• You will be able to see and copy your VPN credentials.
• Note down your PureVPN username and click the Eye icon to make your password visible and use it in the manual configuration.

• In order to configure OpenVPN on pfSense, first download the required OpenVPN files from link below and extract them.

• After login, Go to the Cert Manager option under System and then click + Add to add a new CA certificate.

• Now enter the following information:
  1. Descriptive name: PureVPN_CA
  2. Method: Import an existing Certificate Authority
  3. Certificate Data: Open the ca2.crt file, copy and paste it’s content in the box.
  4. Click Save button to save the file.

• Now go to the VPN option and select OpenVPN then select the Clients tab and then click +Add to create a VPN profile.

• Now enter the following details:
  1. Server Mode: Peer-to-Peer (SSL/TLS)
  2. Protocol: TCP on IPv4 only or UDP on IPv4 only
  3. Device Mode: tun- Layer 3 Tunnel Mode
  4. Interface: WAN
  5. Server host or address: de-obf-ovpn.pointtoserver.com (You can use your desired server address here)
  6. Server Port: Enter 80 for TCP or 53 for UDP
  7. Proxy Authentication: None
  8. Avoid configuring or changing any other options.
  9. Username: Enter your PureVPN username.
  10. Password: Enter your PureVPN password.
  11. Under ‘Cryptographic Settings’ select the following options:
  12. TLS Configuration: Use a TLS Key. Uncheck the ‘Automatically generate a TLS Key’.
  13. Open the Wdc.key, copy and paste its content in the next box that pops up.
  14. TLS Key Usage Mode: TLS Authentication
  15. TLS Keydir Direction: Use default direction
  16. Peer Certificate Authority: PureVPN_CA (select the CA you created in step#1)
  17. Client Certificate: None
  18. Enable Data Encryption Negotiation: Checked
  19. Data Encryption Algorithm: Add AES-128-GCM and AES-256-CBC in the allowed list.
  20. Fallback Data Encryption Algorithm: AES-256-GCM
  21. Authentication digest Algorithm: SHA1 (160 bit)
  22. Hardware Crypto: No Hardware Crypto Acceleration
  23. Under Advanced Settings keep the Gateway as ‘IPv4 only
  24. After entering all the details, click on the Save button.

• Now go to the NAT option under Firewall tab.

• Select Outbound and then click on Manual Outbound NAT rule generation. Advanced Outbound NAT (AON) Click Save and then Apply Changes.

• You will see a Mappings window. Each WAN perimeter within needs to be changed to OpenVPN. This can be done after clicking on the Edit button.

•  Click on Edit icon and make the following changes:
  1. Change the Interface from WAN to OpenVPN.
  2. Address Family: IPv4
  3. Protocol: Any
  4. Once done, click Save to apply changes.

• Above step is repeated three times across the board for all interfaces to change them to OpenVPN, after which the mappings window will look something like this:

•  Now go to the Status tab and select OpenVPN under it to check your connection status.

• PureVPN is connected now on your pfSense 2.4.5