Before you begin…
This tutorial assumes that you already have:
- VPNReactor OpenVPN Configuration file.
Not yet? You can download the package from HERE.
- PfSense Installed.
Not yet? You can download the package from HERE
1. Open Pfsense GUI and go to ‘System’ > ‘Packages’.
2. Click ‘Available Packages’ tab.
3. Scroll down and select ‘OpenVPN Client Export Utility’ and click the plus (+) button. Select “Yes” on the popup window to run the installation and wait for the installation to complete.
4. After the installation completes, go to ‘System’ > ‘Cert Manager’ > ‘CAs’.
On the ‘CAs’ tab, remove any existing certificates.
5. Go to ’Certificates’ tab and remove any existing certificates.
(NOTE: DO NOT remove the ‘Webconfigurator default’ certificate)
6. Finally, go to ‘VPN’ > ‘OpenVPN’ and remove your existing server configuration.
7. Go back to ‘System’ > ‘Cert Manager’ > ‘CAs’ and click the plus (+) button to add a new OpenVPN Certificate.
8. Fill up the ‘Certificate Authority Manager’ as follows:
- Descriptive Name: VPNReactor – CA
- Method: Import an existing Certificate Authority.
- Certificate data: (Open the ‘ca.vpnreactor’ file via notepad from VPNReactor’s OpenVPN Configuration Package. Copy and Paste it here.)
9. Go to ‘Systems’ > ‘User Manager’ and fill up as follows:
- Username: VPNReactor Username
- Password: VPNReactor Password and confirm it by inputting it twice.
- Full Name: (Your Name)
- Certificate: Check “Click to create a user certificate”.
10. Go to ‘VPN’ > ‘OpenVPN’ and select ‘Client’ tab. Press the plus (+) button to add a new OpenVPN configuration.
11. Setup the OpenVPN client as follow:
- Server Mode: Peer to Peer (SSL/TLS)
- Protocol: UDP
- Device mode: tap
– Interface: WAN
– Server host or address: (Enter one of VPNReactor server addresses)
- Server port: 1194
- TLS Authentication: NOT checked
- Peer Certificate Authority: Select VPNReactor – CA from the list
- Encryption algorithm: BF-CBC (128-bit)
- Compression: Check the “Compress tunnel packets using the LZO algorithm.”
- Advanced: verb 5; auth-user-pass /root/user_pass.txt; fragment 1300; persist-key; persist-tun; link-mtu 1578; explicit-exit-notify 3; redirect-gateway def1
12. Go to ‘Status’ > ‘System Logs’ and select the ‘OpenVPN’ tab. If the last line in the log is “Initialization Sequence Completed” then you are connected to the VPN. Still no traffic is directed trough the VPN and you need to setup the interfaces and the routes.
Click ‘Save’ to save the interfaces.
14. Go back to ‘Interfaces’, select the newly created interface and set it as follows:
- Check “Enable Interface”
- Description: VPNReactor
- Type: None
Leave the rest of the settings as they are and press the ‘Save’ button to save the interface.
15. Go to ‘System’ > ‘Routing’. On the ‘Gateways’ tab check if there is already a route on the newly created VPNReactor interface and press the button to edit it if exist or press the plus (+) button to add if not exist.
Configure as follows:
- Interface: VPNREACTOR
- Name: VPNREACTORM
- Gateway: dynamic
- Default Gateway: Uncheck
- Monitor IP: 10.10.10.1
- Description: Interface VPNReactor Dynamic Gateway
16. Go to ‘Firewall’ > ‘Rules’ and select ‘LAN’ tab. Press the plus(+) button to add a new rule and configure it as follows:
Under ‘Edit Firewall Rule’:
- Action: Pass
- Interface: LAN
- Protocol: any
- Source > Type: LAN subnet
- Destination > Type: any
- Description: LAN to Internet through VPN
- Gateway: Select the VPNReactor – dynamic
17. Reboot pfSense box or just disable the OpenVPN configuration.
18. HOORAY! You can now use VPNReactor Service via OpenVPN with pfSense.
For questions, contact VPNReactor Support. We are glad to serve you!