How to setup your own OpenVPN server in pfSense (2024)

Table of Contents
pfSense and authentication Generating the Certificate Authority (CA) Generating the server certificate Create your OpenVPN user and your user certificate Create the OpenVPN server For the General Information fields: For the Cryptographic Settings fields: For the Tunnel Network fields: In the Advanced Configuration fields: Creating the firewall rules Allowing outbound traffic Connecting to the server from the internet Install the OpenVPN Client Export Utility Export the OpenVPN client configuration Summary Did you know

pfSense is a free and open source firewall and router based on FreeBSD. Here’s everything you need to know about setting up your own OpenVPN server on pfSenseHow to setup your own OpenVPN server in pfSense (1)pfSenseis a popular firewall/router that offers a flexible alternative to the average consumer release. It comes with advanced capabilities compared to a typical router, and it is constantly updated with new firmware for increased security. A comprehensive GUI makes it easy to configure and manage whether it’s used with a home or office network.

You can set up your ownOpenVPNserver with pfSense, allowing the user to access their home network securely with a Virtual Private Network (VPN). As such, your local machine will be accessible from anywhere, and you can use your home internet connection remotely via your device.

We'll take you through the necessary steps to configure your own OpenVPN server on pfSense in this detailed guide.

pfSense and authentication

To begin, you’ll need to select an authentication method, whether it’s password-based authentication, certificate-based authentication, or a combination of the two. If you decide to use only password-based authentication, you won’t need to generate a user certificate. In any case, you will need to generate a Certificate Authority and a server certificate.

Generating the Certificate Authority (CA)

Generating your Certificate Authority (CA) is necessary to validate the OpenVPN server’s identity and authenticate user certificates.

  1. Within pfSense, selectSystem, and thenCert. Manager.
  2. ClickAdd, and enter a name for your CA.
  3. Set theMethodtoCreate an internal Certificate Authority.
  4. You’ll need to select yourKey type(RSA, ECDSA).
  5. TheKey lengthneeds to be at least2048.
  6. TheDigest Algorithmneeds to be at leastsha256.
  7. You can pick aCommon Namefor your certificate. The default is internal-ca.
  8. ClickSaveto create your Certificate Authority.

Generating the server certificate

Here’s a step-by-step guide to generating your server certificate.

  1. Within pfSense, selectSystem, and thenCert. Manager.
  2. Open theCertificatessub-menu. Click theAdd/Signbutton.
  3. Set theMethodtoCreate an internal Certificate.
  4. You’ll now need to enter aDescriptive namefor the server certificate.
  5. For theKey type,key length, and theDigest Algorithm, enter the same values used for the Certificate Authority.
  6. TheLifetimeshould be set to365 days.
  7. TheCertificate Typeshould beServer Certificate.
  8. ClickSaveto create your server certificate.

Create your OpenVPN user and your user certificate

Next up, you’ll need to create a user for the OpenVPN server. This process can be replicated as many times as you’d like for multiple users.

  1. From pfSense, selectSystem, and thenUser Manager.
  2. ClickAdd, and enter aUsername and Passwordfor this user. HitSave.
  3. If you’re using certificate-based authentication or certificate and password-based authentication, open theEdit Userwindow (pencil icon).
  4. Click theAddbutton underUser Certificates. This will open theCertificate Manager. Input the parameters for your user certificate.
  5. Set theMethodtoCreate an internal Certificate.
  6. You’ll now need to enter aDescriptive namefor the server certificate.
  7. For theKey type,key length, and theDigest Algorithm, enter the same values used for the Certificate Authority.
  8. TheLifetimeshould be365 days.
  9. TheCertificate Typeshould beUser Certificate.
  10. Save, and click Save again when taken back to theUser Managermenu.

Create the OpenVPN server

It’s now time to create your OpenVPN server.

See Also
L2TP/IPsec Remote Access VPN Configuration Example

For the General Information fields:

  1. From the pfSense menu, selectVPN, andOpenVPN. ClickAdd.
  2. Select the Server mode, either Remote Access (SSL/TLS), Remote Access (User Auth), or Remote Access (SSL/TLS + User Auth).
  3. Change theLocal portif necessary. Otherwise, the default is 1194.
  4. Name your server in theDescriptionsection.

For the Cryptographic Settings fields:

  1. CheckUse a TLS KeyandAutomatically generate a TLS Key.
  2. Match thePeer Certificate Authorityto the CA created above.
  3. Do the same for theServer certificateyou’ve previously created.
  4. TheDH Parameter Lengthshould be 4096.
  5. TheAuth digest algorithmshould be set toRSA-SHA512 (512-bit).

For the Tunnel Network fields:

  1. Enter a subnet in theIPv4 Tunnel Network. This is to be used as the OpenVPN network’s internal subnet, and it should not be present on your network already. For example: 192.168.1.0/24.
  2. You can also set your OpenVPN tunnel to support IPv6 within theIPv6 Tunnel Networkfield.
  3. Check the box forRedirect IPv4 Gateway. This works with all IPv4 traffic over the VPN tunnel. Do the same forRedirect IPv6 Gatewayif applicable.

In the Advanced Configuration fields:

  1. Make sureUDP Fast I/Ois checked.
  2. WithinGateway creation, selectIPv4 only. If you’re also using IPv6, keep it set toBoth.
  3. ClickSaveto finish creating your OpenVPN server.
  4. It’s a good idea to make sure that everything is set up correctly. Open theStatusmenu in pfSense, and clickSystem Logs.
  5. SelectOpenVPN, and take a look at the logs. It should sayInitialization Sequence Completed.

Creating the firewall rules

Next up, you’ll need to create a firewall rule which will allow traffic to and from your server. Here's a step-by-step guide to get started:

Allowing outbound traffic

Firstly, we’ll focus on the rule to allow traffic from the OpenVPN subnet onto the internet.

  1. SelectFirewall, and thenRules.
  2. Click theOpenVPNsub-menu.
  3. Next, clickAddto create a new rule.
  4. Choose betweenIPv4andIPv4 + IPv6, depending on your setup.
  5. TheProtocolshould be set toAny, and the Source set toNetwork.
  6. Enter the OpenVPN subnet information you created earlier in theSource Addressfield. Remove the last two digits. For example, 192.168.1.0 rather than 192.168.1.0/24.
  7. Select theSource Address, matching the last two digits. In the above example, it would be24.
  8. Name your rule in theDescriptionsection.
  9. ClickSave, andApply Changes.

Connecting to the server from the internet

If you want to connect to your newly created OpenVPN server from the internet, you’ll need to open your ports within the WAN interface.

Here’s a quick guide detailing how to create a rule to allow client connections to the OpenVPN server via the internet.

  1. SelectFirewall, and thenRules.
  2. Click theWANsub-menu.
  3. Next, clickAddto create a new rule.
  4. Choose betweenIPv4andIPv4 + IPv6, depending on your setup. The default is IPv4.
  5. TheProtocolshould be set toUDP, and the Source set toAny.
  6. TheDestination Port Rangeshould be set to the port your server runs on.
  7. Name your rule in theDescriptionsection.
  8. ClickSave, andApply Changesto finish.

Install the OpenVPN Client Export Utility

pfSense comes with an automated configuration generator for OpenVPN, although it requires manual installation. To do so:

  1. From the main menu, selectSystem, and clickPackage Manager.
  2. ClickAvailable Packages, and findopenvpn-client-export. HitInstallto open thePackage Installermenu.
  3. ClickConfirmto install the package. Once complete, it should saySuccess.

Export the OpenVPN client configuration

  1. From the pfSense menu, selectVPN, andOpenVPN.
  2. Open theClient Exportmenu.
  3. Double check that theRemote Access Serverlists the right OpenVPN server.
  4. ForDynamic DNS users, selectOtherinHost Name Resolution. Next, you’ll need to enter your hostname in theHost Namefield. This works to access your WAN without the IP address. For non-Dynamic DNS users, leave theHost Name Resolutionset toInterface IP Address.
  5. You’ll find a collection of generated configurations for a selection of apps and operating systems depending on the information you’ve provided. Pick the option that works with your device.
  6. Download the configuration. You may be prompted to enter your username and password. You’ll then be free to connect to your OpenVPN server.
  7. Open Google, and type in ‘what is my IP’. Your public IP address should have changed to the WAN address of your home internet.

Summary

You now have a basic OpenVPN server in pfSense! You can remotely access your home devices and internet connection, and you should have a basic understanding of how to set and configure new rules within pfSense. It’s worth checking out add-ons, with features includingsplit tunnelingand the ability to block ads and malicious sites. There are multiple advanced options to pick from once you get the hang of things.

You'll be able to route any client device as long as it's connected to the server.This is the case whether it's an office network or a mobile network. It's slightly more difficult to set upthan your typical connection, but it's a valid option for any VPN users. If you're having issues while using a pfSense box with an OpenVPN connection, make sure to check the firewall rules, as well as the OpenVPN logs and the network itself.

How to setup your own OpenVPN server in pfSense (2)

Did you know

The following information is available to any site you visit:

Your IP Address:

Your Location:

Your Internet Provider:

BLEEPINGCOMPUTER RECOMMENDS:

Using a VPN will hide these details and protect your privacy. We recommend using NordVPN - #1 VPN in our tests. It offers outstanding privacy features and is currently available with three months extra free.

Get NordVPN

How to setup your own OpenVPN server in pfSense (2024)
Top Articles
How to find out the number of Apex Legends packs you’ve opened
How Accurate Is a Pipette?
Netr Aerial Viewer
craigslist: kenosha-racine jobs, apartments, for sale, services, community, and events
Wisconsin Women's Volleyball Team Leaked Pictures
Bin Stores in Wisconsin
How Many Cc's Is A 96 Cubic Inch Engine
DENVER Überwachungskamera IOC-221, IP, WLAN, außen | 580950
Sissy Hypno Gif
Zitobox 5000 Free Coins 2023
Kris Carolla Obituary
Craigslist - Pets for Sale or Adoption in Zeeland, MI
Mikayla Campino Video Twitter: Unveiling the Viral Sensation and Its Impact on Social Media
Horned Stone Skull Cozy Grove
Little Rock Arkansas Craigslist
More Apt To Complain Crossword
Troy Athens Cheer Weebly
Worcester On Craigslist
7 Low-Carb Foods That Fill You Up - Keto Tips
Accuradio Unblocked
What is Cyber Big Game Hunting? - CrowdStrike
Curtains - Cheap Ready Made Curtains - Deconovo UK
Northern Whooping Crane Festival highlights conservation and collaboration in Fort Smith, N.W.T. | CBC News
Idaho Harvest Statistics
Red Devil 9664D Snowblower Manual
Grimes County Busted Newspaper
Air Traffic Control Coolmathgames
Mta Bus Forums
Masterbuilt Gravity Fan Not Working
Infinite Campus Asd20
Soiza Grass
Where Can I Cash A Huntington National Bank Check
Sun Haven Pufferfish
Craigslist Neworleans
Obsidian Guard's Skullsplitter
Craigslist Lakeside Az
Die Filmstarts-Kritik zu The Boogeyman
Stanford Medicine scientists pinpoint COVID-19 virus’s entry and exit ports inside our noses
Stafford Rotoworld
Mid America Irish Dance Voy
511Pa
Guy Ritchie's The Covenant Showtimes Near Grand Theatres - Bismarck
Lyndie Irons And Pat Tenore
Fairbanks Auto Repair - University Chevron
Backpage New York | massage in New York, New York
Samsung 9C8
Joy Taylor Nip Slip
What Time Do Papa John's Pizza Close
Fresno Craglist
Tamilyogi Cc
Taterz Salad
Latest Posts
Banking Alerts That Help Protect Your Money | Bankrate
Dilution - Dilutions of Solutions - Definition & Meaning, Formula, Methods & Importance of Dilution
Article information

Author: Delena Feil

Last Updated:

Views: 5721

Rating: 4.4 / 5 (45 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Delena Feil

Birthday: 1998-08-29

Address: 747 Lubowitz Run, Sidmouth, HI 90646-5543

Phone: +99513241752844

Job: Design Supervisor

Hobby: Digital arts, Lacemaking, Air sports, Running, Scouting, Shooting, Puzzles

Introduction: My name is Delena Feil, I am a clean, splendid, calm, fancy, jolly, bright, faithful person who loves writing and wants to share my knowledge and understanding with you.