The following guide outlines the steps necessary to install & configure VPNTunnel using OpenVPN on your pfSense firewall:

1. In order to setup pfSense 2.4.4 with OpenVPN please access your pfSense via browser. Then navigate to System -> Cert. Manager -> CAs. And select +Add.

You should see this screen:

2.  Add next content to the certificate data:



Descriptive name: vpntunnel_ca.crt

Method: Import from existing Certificate Authority

Certificate data:input content below



-----BEGIN CERTIFICATE-----
MIIFzzCCA7egAwIBAgIJAJxuWDQAbzAZMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAlNDMREwDwYDVQQHDAhWaWN0b3JpYTESMBAGA1UECgwJVlBOVHVubmVsMQsw
CQYDVQQLDAJJVDEVMBMGA1UEAwwMVlBOVHVubmVsIENBMSQwIgYJKoZIhvcNAQkB
FhVzdXBwb3J0QHZwbnR1bm5lbC5jb20wHhcNMTgxMDEyMTQ0NDUxWhcNMjgxMDA5
MTQ0NDUxWjB+MQswCQYDVQQGEwJTQzERMA8GA1UEBwwIVmljdG9yaWExEjAQBgNV
BAoMCVZQTlR1bm5lbDELMAkGA1UECwwCSVQxFTATBgNVBAMMDFZQTlR1bm5lbCBD
QTEkMCIGCSqGSIb3DQEJARYVc3VwcG9ydEB2cG50dW5uZWwuY29tMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvpmBWcHafrbuygj4xxJDuyrwRLjqBx+A
/O80oIjxTx1p8Hz/7nHtA6S7kNKYlkpM5Q9ZQdNnpr0jAo/2WAK4k0BN4bjyq9o/
wussVTy2jGqE3BMIECATlrX4w8m8pKMr+sCJYTbyWwbInXx3OzA8fM2jrhVXwbtW
9y6rqK9r5/15J6CU1uggGNLUneGAlPNXWwPmF9AUsxAZt/FmpCgnwZS7bDqjspMl
6Aht8XEz6yuLCrwPO5A19bNZqsI3Z3MRQfrQxBAj4NneHPUAgnZcU556ID/rcrIZ
j3NTejLBKOdQBPwanvAhI5Gsw0hniB7E3wWjprgGwndf9t64WyPYFar9kZw6Pdk5
UIe0mkea5qlNxZIDJqcpnXW9ZfozDlfyw8b5sYCu/MyP6vLTpMma4bhkdZaAhNAq
ePBZopQORJG0GyC09WWFPC/mVtsBsTAnxsNyhEUGp4TT6apy9CT6XktWETtBunP8
R0AZDZw08CpfkgVxhzmKl4PmIIWW9cJcHiAhV5/PUcR7ReDssqerdV0u/vkbZS65
lzLSRGBZD5egEM4EoYz5II4JGNy/3Sw9/j4g0iaI/3Khond4KA+FOkASSJFU9P9X
O+sFEp4jqcSVSEpLHgT0MZ9nmwMWje1/S4wY2Z3K/9hFWRhfIHAHpD6n7hv0IhNa
NjNKNDJfzCkCAwEAAaNQME4wHQYDVR0OBBYEFDyhtyYSHLOiOSncPa1JS8P8MS/o
MB8GA1UdIwQYMBaAFDyhtyYSHLOiOSncPa1JS8P8MS/oMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggIBAIoiOj1DcjohU9X+yPVB0LIH9uWmeqdvgmV+Cx6p
uJkv5AXwtXw27qab+62lx9eUXsvPnS0gBv+ROrCk6J3p2n94R9gOYNR/6IrMHDPB
ANHO0133ElKeY/v5rkRc6meJEwN6UWMwM7lWlugvm3dI6We/k34XdYjWLDX6QrAE
OXYq861tCcI5kAVQJWXK7e5O3S//DIOFJMuHHNbW2ATuG1qCTP++X4CCA1Qihl7P
2Lc5syLypufPq+5lrKmmILZxIPeyQ20ZShzB1eMeuTYMfFUZAT5iTEripI1Oze1/
p7tAUazM8Rawqgi/MzxPzMSgV162a5zRCXM1xT5WsZ2c4n0Dm9QiwqsFBG+f1jQ7
rxa7KU4q1Uj8Y/XxvWZIC2c8AZv0K9TqNSPr6Bx7cRLdyxnytqBMT9kEb+PK/mT5
AE3EIusogxp9NeDosM+lgLImiC5lFIX4L6E8Iilrkn/Rh9Q0yDIEXpKQepIr815L
u996SsfBMjf6TS2/dCdTL9jNM/T9H3WjYPhkXsPkesx4Al6Aa0Nlp3GtPJIdkCzw
gkqXrRq2YF9jNZceNToE5ZD7xBDLPERYhiT0x1zWDDAeosqd8qEruvGwsAipoC9r
tZ9GAShKXZFDOX+/jxo/4Y/mCD2WpaSyHByWzh4zid7g8ZkgeWpmONm/6It+FZUJ
typo
-----END CERTIFICATE-----


Certificate Private Key: leave blank

Serial for next certificate: leave blank


Press Save


3. Then navigate to VPN -> OpenVPN -> Clients and press +Add


Fill in the fields:

Disable this client: leave unchecked.
Server mode: Peer to Peer (SSL/TLS);
Protocol: UDP on IPv4 only (you can also use TCP);
Device mode: tun – Layer 3 Tunnel Mode;
Interface: WAN;
Local port: leave blank;
Server host or address: you can use any server name from here ;
Server port: 1194 ;
Proxy host or address: leave blank;
Proxy port: leave blank;
Proxy Authentication: None;
Description: Any name you like, you can leave it blank too.


USER AUTHENTICATION SETTINGS

Username: Your VPNTunnel username
Password: Your VPNTunnel password in both fields.
Authentication Retry: leave unchecked


CRYPTOGRAPHIC SETTINGS

Automatically generate a TLS Key: Uncheck
TLS Key:

-----BEGIN OpenVPN Static key V1-----
b6e71dad4903bc796128ec3b9a965e9f
b2eafc508459f96bf068ea00f1fc4077
a253fcda7751b6bf2a62ff6a07db3de7
6eb8d774fb63c1e61ca22c8f3a0f7a21
9ca7b2c3e9eb865773218ac30961dd28
83cc3f6c35369b8dd72f357da50c5b38
a51d2b20c838bdd8ae9459347aab206c
e240093b7887df8ec79908b094a1d952
70031b9efb6ea656ae9739daf291327f
bd53aadd9a53eccb247f59f9aa83a81a
566003820773410982eeefdff5c107b2
d1e580eda8c821fa1466607edea38d3b
d558126fbb40474d547e3caf45a31aaf
1ea52909165ed58ea546e1f720b7b829
f7dd297e3eda4055bf54eeb11efe8cf8
e5e3f8347d2bf785bae4df77577450ca
-----END OpenVPN Static key V1-----


TLS Key Usage Mode: TLS Authentication
Peer certificate authority: vpntunnel_ca.crt;
Peer Certificate Revocation list: do not define.
Client certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use) (please note that the numbers on your machine could be different);
Encryption Algorithm: AES-256-GCM
Enable NCP: Check.
NCP Algorithms: AES-256-GCM and AES-256-CBC.
Auth digest algorithm: SHA384 (384bit)
Hardware Crypto: No hardware crypto acceleration.


TUNNEL SETTINGS

IPv4 tunnel network: leave blank;
IPv6 tunnel network: leave blank;
IPv4 remote network(s): leave blank;
IPv6 remote network(s): leave blank;
Limit outgoing bandwidth: leave blank;
Compression: Omit Preference (Use OpenVPN Default)
Topology: Subnet – One IP address per client in a common subnet
Type-of-service: leave unchecked;
Don’t pull routes: uncheck;
Don’t add/remove routes: leave unchecked.


ADVANCED CONFIGURATION

Custom Options

tls-client;
persist-key;
persist-tun;
remote-cert-tls server;


UDP FAST I/O: leave unchecked.
Send/Receive Buffer: Default
Gateway creation: IPv4 only
Verbosity level: 3 (recommended);

Press Save



4. Navigate to Interfaces -> Interface Assignments and Add vpntunnel_vpn interface.


5. Press on the OPT1 to the left of your assigned interface and fill in the following information:

Enable: check
Description: vpntunnel_vpn
Mac Address: leave blank
MTU: leave blank
MSS: leave blank

Do not change anything else. Just scroll down to the bottom and press “Save



6. Navigate to Services -> DNS Resolver -> General Settings

Enable: uncheck

Click Save


7. Navigate to Services -> DNS forwarder

Enable: check

Click Save


8. Navigate to Firewall -> NAT -> Outbound and select Manual Outbound NAT rule generation. Press Save. Then four rules will appear. Leave all rules untouched and add a new one.
Select VPNTUNNEL_VPN as an Interface.
Source: your LAN subnet.
Click Save. At the end it should look like this:



9. Navigate to Firewall -> Rules -> LAN and delete the IPv6 rule. Also, edit the IPv4 rule.

 Change Gateway to VPNTUNNEL_VPN;

 Click Save.

At the end it should look like this:


10. Go to System -> General Setup and fill in:

DNS Server 1:  10.10.63.1 ; VPNTUNNEL_VPN_VPNV4-opt1
DNS Server 2:  80.67.14.78 ; VPNTUNNEL_VPN_VPNV4-opt1

DNS Server 2:  1.1.1.1 ; none

DNS Server Override: uncheck

Disable DNS Forwarder: check

Click Save


11. Now you can navigate to Status -> OpenVPN and it should state that the service is “up


13. You can also check the connection log file under Status -> System Logs -> OpenVPN:


All of your online activities are now 100% secure and anonymous while connected to VPNTunnel.

 

If you have any questions, or experience any issues while installing & setting up your pfSense firewall to connect to the VPNTunnel VPN servers; please contact our Support Team anytime.