pfSense is an open-source firewall and router that is available completely free of cost. It offers load balancing, unified threat management, and multi-WAN, along with many other features for those particularly concerned about their online security. Fortunately, users can further enhance its capabilities via PureVPN’s OpenVPN protocol integration, which can be set up on the latest pfSense (2.4.5) by following the given steps:
Things to Consider:
Before you begin, please make sure that you have:
A working internet connection
A VPN-supported router.
A premium PureVPN account (If you do not already own one, you can buy a subscription from here)
1 In order to configure OpenVPN on pfSense, first download the required OpenVPN Files from here and extract them.
2 After accessing your pfSense account, look for Cert Manager under System and click + to add a new certificate.
3 Now, input the following information:
Descriptive name: CA
Method: Import an existing Certificate Authority
Certificate Data: Open the ca2.crt file, copy and paste its content in the box.
Click the ‘Save’ button to save the file.
4 Now go to the ‘Certificates’ tab and then click ‘+ Add/Sign’ to add a new certificate.
Method: Import an existing Certificate
Descriptive name: Client
Certificate data: Open the client.crt file, copy and paste its content in the box.
Private key data: Open the client.key file, copy and paste its content in the box.
Click the ‘Save’ button to save the file.
5 Now go to the “VPN” option and select ‘OpenVPN’.
6 Select the Clients tab and click the + icon.
Next, input the following information:
Server Mode: Peer-to-Peer (SSL/TLS)
Protocol: UDP on IPv4 only or TCP on IPv4 only
Device Mode: tun- Layer 3 Tunnel Mode
Interface: WAN
Server host or address: ussf2-ovpn-udp.pointtoserver.com (You can use your desired server address here)
Server Port: Enter 80 for TCP or 53 for UDP
Avoid configuring or changing any other options.
Username: Enter your PureVPN username.
Password: Enter your PureVPN password. (Re-enter the same to confirm in next field)
Under ‘Cryptographic Settings’ select the following options:
TLS Configuration: Use a TLS Key. Uncheck the ‘Automatically generate a TLS Key’.
Open the Wdc.key, copy and paste its content in the next box that pops up.
TLS Key Usage Mode: TLS Authentication
TLS Keydir Direction: Use default direction
Peer Certificate Authority: CA (select the CA you created in step#1)
Client Certificate: Client (select the Client Cert you created)
Encryption Algorithm: AES-256-CBC. (select AES-256-CBC from the drop-down list)
Enable NCP: checked
NCP Algorithms: AES-256-CBC
Authentication digest Algorithm: SHA1 (160 bit)
Hardware Crypto: No Hardware Crypto Acceleration
Under Advanced Settings keep the Gateway as ‘IPv4 only’
After entering all the details, click on the “Save” button.
7 Under Firewall, click NAT.
8 Select Outbound and then click Manual Outbound NAT rule generation (AON Advanced Outbound NAT) under Outbound NAT Mode. Click Save to apply changes.
9 You will be presented with a mapping window. Each WAN perimeter within needs to be changed to OpenVPN. This can be done after clicking on the Edit button.
10 Click on ‘Edit’ icon and make the following changes:
Change the Interface from WAN to OpenVPN.
Address Family: IPv4
Protocol: TCP or UDP (select whichever you want to use)
Once done, click ‘Save’ to apply changes.
11 The above-mentioned step is repeated 3 times across the board for all interfaces to OpenVPN, after which the mapping window will look something like the image below.
12 Now go to the ‘Status’ tab and select ‘OpenVPN’ under it to check your connection status.
That’s about it. Enjoy total and unlimited internet freedom with PureVPN!
How helpful did you find this answer?
You Love PureVPN - Share the Love by referring PureVPN to
your Friends and get surprise gifts
The file “Open WDC.key” doesn’t exist.
The file “Open Client.key” doesn’t exist.
The two file available are “wdc.key” and “ca.crt” neither of which provide the data needed to complete steps 3 (the optional part admittedly) and 5.
I’d also like to know how I could configure pfsense to use my static ip too. I can find no information on this.
Hey Dave, we would request you to please join us on our live chat from which we may have a detailed look at your case. The files that you mention are already present and can be download it from here. https://support.purevpn.com/openvpn-files. However, we do not offer static IP configuration for pfSense at the current moment.
We apologies for the inconvenience. The above guide have worked for many users, if you are facing any issue then we request you to join us on live chat so we may assist you in better way.
The file “Open WDC.key” doesn’t exist.
The file “Open Client.key” doesn’t exist.
The two file available are “wdc.key” and “ca.crt” neither of which provide the data needed to complete steps 3 (the optional part admittedly) and 5.
I’d also like to know how I could configure pfsense to use my static ip too. I can find no information on this.
Hey Dave, we would request you to please join us on our live chat from which we may have a detailed look at your case. The files that you mention are already present and can be download it from here. https://support.purevpn.com/openvpn-files. However, we do not offer static IP configuration for pfSense at the current moment.
This guide is usless and does not work at all
We apologies for the inconvenience. The above guide have worked for many users, if you are facing any issue then we request you to join us on live chat so we may assist you in better way.
Looking forward to hear from you!
This guide worked first time for me. I am running latest PFsense
The guide would work just fine if the file names in the zip file would be the same as on the guide. Would create a lot less confusion for ppl i guess.