Skip to main content
All CollectionsRouter Setup GuidesPFSense
OpenVPN Setup Guide for pfSense (TCP)
OpenVPN Setup Guide for pfSense (TCP)
Richard avatar
Written by Richard
Updated over 2 years ago

Step 1

Go to System menu and then select Certificate Manager. Click on +Add.


Step 2

Enter the following settings:
Descriptive Name: PrivateVPN
Method: Import an existing Certificate Authority
Certificate Data:

-----BEGIN CERTIFICATE-----
MIIErTCCA5WgAwIBAgIJAPp3HmtYGCIOMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD
VQQGEwJTRTELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN0b2NraG9sbTETMBEGA1UE
ChMKUHJpdmF0ZVZQTjEWMBQGA1UEAxMNUHJpdmF0ZVZQTiBDQTETMBEGA1UEKRMK
UHJpdmF0ZVZQTjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBwcml2YXR2cG4uc2Uw
HhcNMTcwNTI0MjAxNTM3WhcNMjcwNTIyMjAxNTM3WjCBlTELMAkGA1UEBhMCU0Ux
CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdG9ja2hvbG0xEzARBgNVBAoTClByaXZh
dGVWUE4xFjAUBgNVBAMTDVByaXZhdGVWUE4gQ0ExEzARBgNVBCkTClByaXZhdGVW
UE4xIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAcHJpdmF0dnBuLnNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjqTWbKk85WN8nd1TaBgBnBHceQWosp8
mMHr4xWMTLagWRcq2Modfy7RPnBo9kyn5j/ZZwL/21gLWJbxidurGyZZdEV9Wb5K
Ql3DUNxa19kwAbkkEchdES61e99MjmQlWq4vGPXAHjEuDxOZ906AXglCyAvQoXcY
W0mNm9yybWllVp1aBrCaZQrNYr7eoFvolqJXdQQ3FFsTBCYa5bHJcKQLBfsiqdJ/
BAxhNkQtcmWNSgLy16qoxQpCsxNCxAcYnasuL4rwOP+RazBkJTPXA/2neCJC5rt+
sXR9CSfiXdJGwMpYso5m31ZEd7JL2+is0FeAZ6ETrKMnEZMsTpTkdwIDAQABo4H9
MIH6MB0GA1UdDgQWBBRCkBlC94zCY6VNncMnK36JxT7bazCBygYDVR0jBIHCMIG/
gBRCkBlC94zCY6VNncMnK36JxT7ba6GBm6SBmDCBlTELMAkGA1UEBhMCU0UxCzAJ
BgNVBAgTAkNBMRIwEAYDVQQHEwlTdG9ja2hvbG0xEzARBgNVBAoTClByaXZhdGVW
UE4xFjAUBgNVBAMTDVByaXZhdGVWUE4gQ0ExEzARBgNVBCkTClByaXZhdGVWUE4x
IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAcHJpdmF0dnBuLnNlggkA+ncea1gYIg4w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAayugvExKDHar7t1zyYn9
9Vt1NMf46J8x4Dt9TNjBml5mR9nKvWmreMUuuOhLaO8Da466KGdXeDFNLcBYZd/J
2iTawE6/3fmrML9H2sa+k/+E4uU5nQ84ZGOwCinCkMalVjM8EZ0/H2RZvLAVUnvP
uUz2JfJhmiRkbeE75fVuqpAm9qdE+/7lg3oICYzxa6BJPxT+Imdjy3Q/FWdsXqX6
aallhohPAZlMZgZL4eXECnV8rAfzyjOJggkMDZQt3Flc0Y4iDMfzrEhSOWMkNFBF
wjK0F/dnhsX+fPX6GGRpUZgZcCt/hWvypqc05/SnrdKM/vV/jV/yZe0NVzY7S8Ur
5g==
-----END CERTIFICATE-----

click Save.


Step 3

Click VPN at the top menu and then select OpenVPN.


Step 4

Choose on Clients tab and then click +Add.


Step 5

Enter the following settings:
Server mode: Peer to Peer (SSL/TLS)
Protocol: TCP on IPv4 only
Device mode: tun - Layer 3 Tunnel Mode
Interface: WAN
Server host or address: se-sto.pvdata.host
*you'll find the server list here.
Server Port: 443


Description: PrivateVPN


Username: (your PrivateVPN registered email address)
Password: (your password)


Enable use a TLS key.
untick Automatic generate a TLS Key then enter enter this code:

-----BEGIN OpenVPN Static key V1-----
a49082f082ca89d6a6bb4ecc7c047c6d
428a1d3c8254a95206d38a61d7fbe659
84214cd7d56eacc5a60803bffd677fa7
294d4bfe555036339312de2dfb1335bd
9d5fd94b04bba3a15fc5192aeb02fb6d
8dd2ca831fad7509be5eefa8d1eaa689
dc586c831a23b589c512662652ecf1bb
3a4a673816aba434a04f6857b8c2f8bb
265bfe48a7b8112539729d2f7d9734a7
20e1035188118c73fef1824d0237d557
9ca382d703b4bb252acaedc753b12199
f00154d3769efbcf85ef5ad6ee755cbe
aa944cb98e7654286df54c793a8443f5
363078e3da548ba0beed079df633283c
efb256f6a4bcfc4ab2c4affc24955c18
64d5458e84a7c210d0d186269e55dcf6
-----END OpenVPN Static key V1-----


TLS Key Usage Mode: TLS Encryption and Authentication
TLS keydir direction: Use default direction
Peer Certificate Authority: PrivateVPN
Client Certificate: None


Enable Data Encryption Negotiation.
Data Encryption Algorithms: AES-128-GCM, AES-128-CBC, AES-256-GCM
Fallback Data Encryption Algorithm: AES-256-CBC (256 bit key, 128 block)
Auth digest algorithm: SHA256 (256-bit)


Gateway creation: IPv4
*Leave the others on their default settings.
Click on the Save button below.


Step 6

Click Interfaces at the top menu then select Assignments.


Step 7

Enter the following settings:
WAN: (set your WAN Interface)
LAN: (set your LAN Interface)
Click +Add then set the Interface to PrivateVPN
Click on Save.


Step 8

Click Firewall at the top menu then choose NAT.


Step 9

Click on Outbound Tab.
Select Manual Outbound NAT rule generation (AON - Advanced Outbound NAT).
Click Save and then Apply Changes.


Step 10

Click Add new mapping to the top list button.


Step 11

Enter the following:
Interface: OpenVPN
Address Family: IPv4
Protocol: Any
Source: Any
Click Save and Apply Changes.


Step 12

Click Firewall at the top menu then choose Rules.


Step 13

Add a new Rule then enter the following:
Action: Pass
Interface: LAN
Family Address: IPv4
Protocol: Any
Source: LAN net
Leave the rest at defaults then click on Save.

Did this answer your question?