Now introducing 7-Day premium trial to work, binge, & stay secure online

PureVPN is now Zero-Log Certified by Altius IT, one of the leading independent US-based Auditors. Read More 

PureVPN’s OpenVPN Setup Guide for pfSense (2.4.4)

Download PDF

pfSense is an open source firewall and router that is available completely free of cost. It offers load balancing, unified threat management, multi WAN, and other features for those particularly concerned about their online security and privacy.

Fortunately, users can further enhance its capabilities via PureVPN’s OpenVPN, which can be setup on the latest pfSense (2.4.4).

Things to Consider:

Before you begin, please make sure that you have:

  • A working internet connection
  • A VPN-supported router.
  • A premium PureVPN account (If you do not already own one, you can buy a subscription from purevpn.com)
1 In order to configure OpenVPN on pfSense, first download the required OpenVPN Files from here and extract them.

2 After accessing your pfSense account, look for Cert Manager under System and click + to add a new certificate.

3 Now, input the following information:

  • Descriptive name: Enter CA Cert
  • Certificate data: After downloading the necessary OpenVPN files, copy its content from Open CA2.crt and paste it.
  • Once done, click the Save button.

4 Select the Certificates tab and then click the + icon. Input the following information:

  • Descriptive name: Enter Client Cert.
  • Certificate data: After downloading the necessary OpenVPN files, copy its content from Open Client.crt and paste it.
  • Private key data: From the downloaded OpenVPN files, access Open Client.key, copy its content and paste it.

Once done, click Save.

5 Select VPN and then choose OpenVPN from the drop-down menu.

6 Select the Clients tab and click the + icon.

Next, input the following information:

  • Server mode: Peer-to-Peer (SSL/TLS)
  • Protocol: UDP on IPv4 only or TCP on IPv4 only
  • Device mode: Tun – Layer 3 Tunnel Mode
  • Interface: WAN
  • Server host or address: Enter any OpenVPN server address, such as usla2-ovpn-udp.pointtoserver.com
  • Server port: Depending on the protocol previously selected (80 for TCP or 53 for UDP) select the appropriate port number
  • User Authentication Settings: Enter your PureVPN username and password

Under Cryptographic settings, do the following:

  • Check the Use a TLS Key box next to TLS Configuration
  • Access Open WDC.key. Copy and paste its content in the next box
  • TLS Key Usage Mode: Choose TLS Authentication
  • Peer Certificate Authority: CA Cert
  • Client Certificate: Client Cert
  • Encryption Algorithm: AES-256-CBC
  • Enable NCP: Check the Enable Negotiable Cryptographic Parameters box
  • Auth digest algorithm: SHA1 (160 bit)
  • Hardware Crypto: Set it to No Hardware Crypto Acceleration

Under Advanced Settings, do the following:

  • Gateway Creation:  IPv4 only
  • Click the Save button.

7 Under Firewall, click NAT.

8 Select Outbound and then click Manual Outbound NAT rule generation (AON Advanced Outbound NAT) under Outbound NAT Mode. Click Save to apply changes.

9 You will be presented with a mapping window. Each WAN perimeter within needs to be changed to OpenVPN. This can be done after clicking on the Edit button.

10 Interface needs to be changed to OpenVPN. Click Save.

11 The above mentioned step is repeated 3 time across the board for all interfaces to OpenVPN, after which the mapping window will look something like the image below.

12 Click Services under Status.

13 To access OpenVPN client, click Log Entries.

14 Once initialization is complete for the logs, it will confirm your connection.

15 You can check status of the VPN connection from Status under the OpenVPN tab.

How helpful did you find this answer?

Comments (6 )

6 Comments

  1. Dave Ogden says:

    The file “Open WDC.key” doesn’t exist.
    The file “Open Client.key” doesn’t exist.
    The two file available are “wdc.key” and “ca.crt” neither of which provide the data needed to complete steps 3 (the optional part admittedly) and 5.
    I’d also like to know how I could configure pfsense to use my static ip too. I can find no information on this.

  2. anonymous says:

    This guide is usless and does not work at all

    • PureVPN Team says:

      We apologies for the inconvenience. The above guide have worked for many users, if you are facing any issue then we request you to join us on live chat so we may assist you in better way.

      Looking forward to hear from you!

    • Pete March says:

      This guide worked first time for me. I am running latest PFsense

      • Proteuz says:

        The guide would work just fine if the file names in the zip file would be the same as on the guide. Would create a lot less confusion for ppl i guess.