Grab 3-Year of PureVPN
For The Price of One!

PureVPN is now Zero-Log Certified by Altius IT, one of the leading independent US-based Auditors. Read More 

PureVPN’s OpenVPN Setup Guide for pfSense (2.4.2)

Feb 25, 2015
Mar 27, 2019
Download PDF

pfSense is an open source firewall and router that is available completely free of cost. It offers load balancing, unified threat management along with multi WAN amongst other features for those particularly concerned about their online security. Fortunately, users can further enhance its capabilities via PureVPN’s OpenVPN, which can be setup on pfSense (2.4.2) by keeping the following steps in mind:


Things to Consider:

Before you begin, please make sure that:

  • You have a working internet connection
  • VPN Supported Router.
  • Own a premium PureVPN account (If you do not already own one, you can buy a subscription from here)


In order to configure OpenVPN on pfSense, first download the required OpenVPN files from here and extract them.

1. After accessing your pfSense account, look for ‘Cert Manager’ under ‘System’.


2.To add a new certificate click “+”.


3. Input the following information:

  • Under descriptive name, enter ‘CA Cert’.
  • After downloading the necessary OpenVPN files, copy its content from ‘Open CA.crt’ and paste it in ‘Certificate Data’.
  • From the downloaded OpenVPN files, access ‘Open WDC.key’, copy its content and paste it in ‘Certificate Private Key’ and click on save. However, this step is optional.


4. Select the ‘Certificates’ tab and then click “+”.


5. Input the following information:

  • Under descriptive name, enter ‘Client Cert’.
  • After downloading the necessary OpenVPN files, copy its content from ‘Open Client.crt’ and paste it in ‘Certificate Data’.
  • From the downloaded OpenVPN files, access ‘Open Client.key’, copy its content and paste it in ‘Private Key Data’ and click save.


6. Select VPN and then select OpenVPN .


7. Select the ‘Clients’ tab and then click “+”.


8. Input the following information:

  • Peer-to-Peer (SSL/TLS) under ‘Server Mode’
  • UDP or TCP under ‘Protocol’
  • Tun under ‘Device Mode’
  • WAN under ‘Interface’
  • Enter server address provided in open.ovpn from the OpenVPN files downloaded previously under ‘Server Host’
  • Depending on the protocol previously selected, 80 for TCP or 53 for UDP, select appropriate port number for ‘Server Port’. (You can also use random server ports for TCP & UDP)
  • Avoid configuring or changing any other options.


9. Under ‘User Authentication Settings’ enter your PureVPN username and password.



10. Under ‘Cryptographic Settings’ select the following options:

  • Authentication of TLS Packets needs to be ENABLED.
  • Automatically Generate a TLS Authentication Key needs to be DISABLED.
  • Access Open WDC.key again, copy and paste its content in the next box that pops up.
  • PureVPN Cert needs to be selected under ‘Peer Certificate’.
  • Client Cert needs to be selected under ‘Client Certificate’ .
  • ‘Encryption Algorithm’ needs to be set to AES-256-CBC.
  • ‘Hardware Crypto’ needs to be set to No Hardware Crypto Acceleration.


11. Under ‘Tunnel Settings’ compression needs to be changed to ENABLED.

12. Click on the save button located at the bottom of the page.

13. Access NAT under ‘Firewall’


14. Select ‘Outbound’ and then click on “Manual Outbound NAT Rule Generation” and set it to Advanced Outbound NAT (AON). Click save and then apply changes.


15. As can be seen in the image below, you will be presented with a mapping window. Each WAN perimeter within needs to be changed to OpenVPN. This can be done after clicking on the edit button.


16. Interface needs to be changed to OpenVPN. Click on save and apply changes.


17. Steps 15 and 16 need to be repeated across the board for all interfaces to OpenVPN, After which the mapping window will look something like the image below.


18. Click “Services” under “Status”.


19. To access OpenVPN Client, click log entries.


20. Once initialization is complete for the logs, it confirms connection.



Note: If there is a TLS handshake error within the logs, change the protocol from UDP to TCP or the other way around and then reconnect again. Also, change port and server address while doing so.

You have successfully setup PureVPN’s OpenVPN on pfSense (2.4.2). But if you are having problems doing so, feel free to leave a comment below or speak to one of our representatives via Live Chat.

How helpful did you find this answer?

Comments (6 )


  1. Dave Ogden says:

    The file “Open WDC.key” doesn’t exist.
    The file “Open Client.key” doesn’t exist.
    The two file available are “wdc.key” and “ca.crt” neither of which provide the data needed to complete steps 3 (the optional part admittedly) and 5.
    I’d also like to know how I could configure pfsense to use my static ip too. I can find no information on this.

    • admin says:

      Hey Dave, we would request you to please join us on our live chat from which we may have a detailed look at your case. The files that you mention are already present and can be download it from here. However, we do not offer static IP configuration for pfSense at the current moment.

  2. anonymous says:

    This guide is usless and does not work at all

    • PureVPN Team says:

      We apologies for the inconvenience. The above guide have worked for many users, if you are facing any issue then we request you to join us on live chat so we may assist you in better way.

      Looking forward to hear from you!

    • Pete March says:

      This guide worked first time for me. I am running latest PFsense

      • Proteuz says:

        The guide would work just fine if the file names in the zip file would be the same as on the guide. Would create a lot less confusion for ppl i guess.