Skip to main content
All CollectionsRouter Setup GuidesOPNsense
OpenVPN Setup Guide for OPNsense
OpenVPN Setup Guide for OPNsense
Richard avatar
Written by Richard
Updated over 5 months ago

Step 1

Go to System > Trust > Authorities at the left menu. Then click + button.


Step 2

Enter the following settings:

Descriptive name: PrivateVPN CA

Method: Import an existing Certificate Authority

​Certificate Data:

-----BEGIN CERTIFICATE-----
MIIErTCCA5WgAwIBAgIJAPp3HmtYGCIOMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD
VQQGEwJTRTELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN0b2NraG9sbTETMBEGA1UE
ChMKUHJpdmF0ZVZQTjEWMBQGA1UEAxMNUHJpdmF0ZVZQTiBDQTETMBEGA1UEKRMK
UHJpdmF0ZVZQTjEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBwcml2YXR2cG4uc2Uw
HhcNMTcwNTI0MjAxNTM3WhcNMjcwNTIyMjAxNTM3WjCBlTELMAkGA1UEBhMCU0Ux
CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdG9ja2hvbG0xEzARBgNVBAoTClByaXZh
dGVWUE4xFjAUBgNVBAMTDVByaXZhdGVWUE4gQ0ExEzARBgNVBCkTClByaXZhdGVW
UE4xIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAcHJpdmF0dnBuLnNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjqTWbKk85WN8nd1TaBgBnBHceQWosp8
mMHr4xWMTLagWRcq2Modfy7RPnBo9kyn5j/ZZwL/21gLWJbxidurGyZZdEV9Wb5K
Ql3DUNxa19kwAbkkEchdES61e99MjmQlWq4vGPXAHjEuDxOZ906AXglCyAvQoXcY
W0mNm9yybWllVp1aBrCaZQrNYr7eoFvolqJXdQQ3FFsTBCYa5bHJcKQLBfsiqdJ/
BAxhNkQtcmWNSgLy16qoxQpCsxNCxAcYnasuL4rwOP+RazBkJTPXA/2neCJC5rt+
sXR9CSfiXdJGwMpYso5m31ZEd7JL2+is0FeAZ6ETrKMnEZMsTpTkdwIDAQABo4H9
MIH6MB0GA1UdDgQWBBRCkBlC94zCY6VNncMnK36JxT7bazCBygYDVR0jBIHCMIG/
gBRCkBlC94zCY6VNncMnK36JxT7ba6GBm6SBmDCBlTELMAkGA1UEBhMCU0UxCzAJ
BgNVBAgTAkNBMRIwEAYDVQQHEwlTdG9ja2hvbG0xEzARBgNVBAoTClByaXZhdGVW
UE4xFjAUBgNVBAMTDVByaXZhdGVWUE4gQ0ExEzARBgNVBCkTClByaXZhdGVWUE4x
IzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAcHJpdmF0dnBuLnNlggkA+ncea1gYIg4w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAayugvExKDHar7t1zyYn9
9Vt1NMf46J8x4Dt9TNjBml5mR9nKvWmreMUuuOhLaO8Da466KGdXeDFNLcBYZd/J
2iTawE6/3fmrML9H2sa+k/+E4uU5nQ84ZGOwCinCkMalVjM8EZ0/H2RZvLAVUnvP
uUz2JfJhmiRkbeE75fVuqpAm9qdE+/7lg3oICYzxa6BJPxT+Imdjy3Q/FWdsXqX6
aallhohPAZlMZgZL4eXECnV8rAfzyjOJggkMDZQt3Flc0Y4iDMfzrEhSOWMkNFBF
wjK0F/dnhsX+fPX6GGRpUZgZcCt/hWvypqc05/SnrdKM/vV/jV/yZe0NVzY7S8Ur
5g==
-----END CERTIFICATE-----

Then click Save button.


Step 3

Proceed to VPN > OpenVPN > Instances > Static Keys tab. Then click + button.


Step 4

Enter the following:

Description: PrivateVPN TLS

Mode: auth (Authenticate control channel packets)

Static Key:

-----BEGIN OpenVPN Static key V1-----
f035a3acaeffb5aedb5bc920bca26ca7
ac701da88249008e03563eba6af6d262
5ac8ba1e5e0921f76be004c24ae4fd43
e42caf0f84269ad44d8d4c14ba45b138
6f251c7330d8cc56afd16d5168356456
51ef7e87a723ac78ae0d49da5b2f2d78
ceafcff7a6367d0712628a6547e5fc8f
ef93c87f7bcd6107c7b1ae68396e944a
adae50111d01a5d0c67223d667bdbf1b
f434bdef03644ecc5386e102724eef38
72f66547eb66dc0fea8286069cb082a4
1c89083b28fe9f4cec25d48017f26c4f
d85b25ddf2ae5448dd2bccf3eef2aacf
42ef1e88c3248c689423d0b05a641e9e
79dd6b9b5c40f0cc21ffdc891b9eee95
1477b537261cb56a958a4f490d961ecb
-----END OpenVPN Static key V1-----

Click Save button.


Step 5

Proceed to Instances tab and then click on + button.


Step 6

Tick advanced mode then enter the following settings:

Role: Client

Description: PrivateVPN

Tick Enabled

Protocol: UDP

Port Number: 1194

Remote: se-sto.pvdata.host

*you'll find the server list here.


Step 7

Certificate Authority: PrivateVPN CA

TLS static key: [auth] PrivateVPN TLS

Auth: SHA256

Username: (your PrivateVPN registered email)

Password: (your password)

Click Save button and then click Apply.


Step 8

Go to Interfaces menu > Assignments. Select OpenVPN Client PrivateVPN device under Assign a new interface tab.

Then enter PrivateVPN Int for Description. Click on Add button and then click Save.


Step 9

Click on PrivateVPNInt Interface.


Step 10

Tick Enable Interface. Then click Save button and then Apply changes.


Step 11

Go to Firewall > NAT > Outbound. Select Manual outbound NAT rule generation. Then click on Save button and then Apply changes.


Step 12

Click + button to add a new rule.


Step 13

Enter the following settings:

Interface: PrivateVPNInt

TCP/IP Version: IPv4

Source Address: LAN net

Translation/target: Interface address

Click Save button and then Apply changes.

Did this answer your question?