How to set up PureVPN on OPNsense router

Learn how to set up OpenVPN on your OPNsense router with this step-by-step guide. Follow our easy-to-understand instructions and improve your network security today!

Written By Fahad Ahmed

Updated at December 26th, 2023

Configuring a PureVPN tunnel on your router is a great way to ensure the safety and security of all the devices in your home. This method is especially beneficial if you have devices that don’t have VPN compatibility or you want to protect all the Wi-Fi-connected devices in your home.

Find your VPN credentials for manual configuration

To find your VPN credentials log into the PureVPN Member Area. Click 👉 here to visit Member Area.

  • Login to the Member Area using your PureVPN registered email address and password.

  • On Subscriptions tab scroll down to be able to view your VPN credentials.

  • You will be able to see and copy your VPN credentials.
  • Note down your PureVPN username and click the Eye icon to make your password visible and use it in the manual configuration.


How to set up OpenVPN on OPNsense router

  • Login to OPNsense panel using IP assigned.

  • In your router’s web UI, navigate to System > Trust > Authorities and enter the CA2.cert into Certificate Data. Click here to get the files. 

  • Choose the VPN option from the panel OpenVPN and click on Client.

  • Choose an OpenVPN server from our Server Status page and make note of its hostname (this guide uses a German server as an example-.,
  • Navigate to VPN > OpenVPN > Clients, click on the +button and enter the following configuration as follow:
    1. Disabled - Unchecked
    2. Description - Give it any name, i.e., PureVPN Germany
    3. Server Mode - Peer to Peer (SSL/TLS)
    4. Protocol - UDP or TCP
    5. Device mode - tun
    6. Interface - WAN
    7. Remote server – Purevpn’s server hostname, i.e.,
    8. Port - 1194 (or 53, 80, 443, 2050 for UDP and 80, 443, 1443 for TCP. All ports are equally secure).

  • Put Username - Your PureVPN account ID (purevpn0sXXXX & VPN password) which can be find from member area.
  • TLS Authentication - check the Enable authentication of TLS packets option then copy and paste the contents of our wdc.key file.
  • Peer Certificate Authority – CA2.
  • Client Certificate - None (Username and Password required).
  • Encryption algorithm - (AES-256-GCM & AES-256-CBC are also supported).
  • Auth Digest Algorithm - SHA1 (160bit).
  • Compression - Legacy - Disabled LZO algorithm (–comp-lzo no).

  • Hit Save.

  • Go to Connection Status to check your VPN status.