Introducing PureSquare – for security beyond VPNs

Visit our website

Enjoy access to a high-quality VPN, social media privacy tool, password manager, and data encryption tool all at once. Get PureMAX

How to Setup OpenVPN on pfSense (2.5.2) Router

Feb 25, 2015
Jun 06, 2023
Download PDF

pfSense is an open-source firewall and router that is available completely free of cost. It offers load balancing, unified threat management along with multi WAN amongst other features for those particularly concerned about their online security. Fortunately, users can further enhance its capabilities via PureVPN’s OpenVPN, which can be setup on the latest pfSense (2.5.2) by following the given steps:

Things to Consider:

  1. You have a working internet connection.
  2. VPN Supported Router.
  3. A Premium PureVPN account (If you haven’t bought yet click 👉here to buy)
Find your VPN credentials for manual configuration.

To find your VPN credentials log into the PureVPN member area. Click 👉 here to visit member area.

  • Login to the Member area using your PureVPN registered email address and password.
  • On subscriptions tab scroll down to be able to view your VPN credentials.
  • You will be able to see and copy your VPN credentials.
  • Note down your PureVPN username and click on Eye icon to make your password visible and use it in the manual configuration.
How to setup OpenVPN on pfSense (2.5.2) router
  • In order to configure OpenVPN on pfsense, frist download the required OpenVPN file from link below and extract them.
  • After login, go to the Cert Manager option under System and then click + Add to add a new CA certificate.
  • Now enter the following information:
    1. Descriptive name: PureVPN_CA
    2. Method: Import an existing Certificate Authority
    3. Certificate Data: Open the ca.2crt file, copy and paste it’s content in the box.
    4. Click Save button to save the file.
  • Now go to the VPN option and select OpenVPN then select the Clients tab and then click +Add to create a VPN profile.
  • Now enter the following details:
    1. Server Mode: Peer-to-Peer (SSL/TLS)
    2. Protocol: TCP on IPv4 only or UDP on IPv4 only
    3. Device Mode: tun- Layer 3 Tunnel Mode
    4. Interface: WAN
    5. Server host or address: (You can use your desired server address here)
    6. Server Port: Enter 80 for TCP or 53 for UDP
    7. Proxy Authentication: None
    8. Avoid configuring or changing any other options.
    9. Username and Password: Enter your VPN credentials. Here is how you can find your VPN credentials.
    10. Under Cryptographic Settings select the following options:
    11. TLS Configuration: Use a TLS Key. Uncheck the Automatically generate a TLS Key.
    12. Open the Wdc.key, copy and paste its content in the next box that pops up.
    13. TLS Key Usage Mode: TLS Authentication
    14. TLS Keydir Direction: Use default direction
    15. Peer Certificate Authority: PureVPN_CA (select the CA you created in step#1)
    16. Client Certificate: None
    17. Enable Data Encryption Negotiation: Checked
    18. Data Encryption Algorithm: Add AES-128-GCM and AES-256-CBC in the allowed list.
    19. Fallback Data Encryption Algorithm: AES-256-GCM
    20. Authentication digest Algorithm: SHA1 (160 bit)
    21. Hardware Crypto: No Hardware Crypto Acceleration
    22. Under Advanced Settings keep the Gateway as IPv4 only
    23. After entering all the details, click on the Save button.
  • Now go to the NAT option under Firewall tab.
  • Select Outbound and then click on Manual Outbound NAT rule generation. Advanced Outbound NAT (AON) Click Save and then Apply Changes.
  • You will see a Mappings window. Each WAN perimeter within needs to be changed to OpenVPN. This can be done after clicking on the Edit button.
  •  Click on Edit icon and make the following changes.
  • Above step is repeated three times across the board for all interfaces to change them to OpenVPN, after which the mappings window will look something like this.
  •  Now go to the Status tab and select OpenVPN under it to check your connection status.
  • PureVPN is connected now on your pfSense 2.4.5.
Was this article helpful? Rate and share your comments below. Your input matters to us and everyone else in the Cyber Security Community.

How helpful did you find this answer?

Comments (6 )


  1. Dave Ogden says:

    The file “Open WDC.key” doesn’t exist.
    The file “Open Client.key” doesn’t exist.
    The two file available are “wdc.key” and “ca.crt” neither of which provide the data needed to complete steps 3 (the optional part admittedly) and 5.
    I’d also like to know how I could configure pfsense to use my static ip too. I can find no information on this.

  2. anonymous says:

    This guide is usless and does not work at all

    • PureVPN Team says:

      We apologies for the inconvenience. The above guide have worked for many users, if you are facing any issue then we request you to join us on live chat so we may assist you in better way.

      Looking forward to hear from you!

    • Pete March says:

      This guide worked first time for me. I am running latest PFsense

      • Proteuz says:

        The guide would work just fine if the file names in the zip file would be the same as on the guide. Would create a lot less confusion for ppl i guess.