Before you begin…

This tutorial assumes that you already have:

  • VPNReactor OpenVPN Configuration file.
    Not yet? You can download the package from HERE.
  • PfSense Installed.
    Not yet? You can download the package from HERE

Let’s Start!
1. Open Pfsense GUI and go to ‘System’ > ‘Packages’.

2. Click ‘Available Packages’ tab.

3. Scroll down and select ‘OpenVPN Client Export Utility’ and click the plus (+) button. Select “Yes” on the popup window to run the installation and wait for the installation to complete.

pfsense3
pfsense3note

4. After the installation completes, go to ‘System’ > ‘Cert Manager’ > ‘CAs’.
On the ‘CAs’ tab, remove any existing certificates.

5. Go to ’Certificates’ tab and remove any existing certificates.
(NOTE: DO NOT remove the ‘Webconfigurator default’ certificate)

6. Finally, go to ‘VPN’ > ‘OpenVPN’ and remove your existing server configuration.

7. Go back to ‘System’ > ‘Cert Manager’ > ‘CAs’ and click the plus (+) button to add a new OpenVPN Certificate.

pfsense7

8. Fill up the ‘Certificate Authority Manager’ as follows:

  • Descriptive Name: VPNReactor – CA
  • Method: Import an existing Certificate Authority.
  • Certificate data: (Open the ‘ca.vpnreactor’ file via notepad from VPNReactor’s OpenVPN Configuration Package. Copy and Paste it here.)

The configuration will look like this:
pfsense8
Leave the rest of the field empty and click ‘Save’ to save the certificate.

9. Go to ‘Systems’ > ‘User Manager’ and fill up as follows:

  • Username: VPNReactor Username
  • Password: VPNReactor Password and confirm it by inputting it twice.
  • Full Name: (Your Name)
  • Certificate: Check “Click to create a user certificate”.

The complete configuration will look like this:
pfsense9

10. Go to ‘VPN’ > ‘OpenVPN’ and select ‘Client’ tab. Press the plus (+) button to add a new OpenVPN configuration.

pfsense10

11. Setup the OpenVPN client as follow:

  • Server Mode: Peer to Peer (SSL/TLS)
  • Protocol: UDP
  • Device mode: tap
    – Interface: WAN
    – Server host or address: (Enter one of VPNReactor server addresses)
  • Server port: 1194
  • TLS Authentication: NOT checked
  • Peer Certificate Authority: Select VPNReactor – CA from the list
  • Encryption algorithm: BF-CBC (128-bit)
  • Compression: Check the “Compress tunnel packets using the LZO algorithm.”
  • Advanced: verb 5; auth-user-pass /root/user_pass.txt; fragment 1300; persist-key; persist-tun; link-mtu 1578; explicit-exit-notify 3; redirect-gateway def1

Click ‘Save’ to save the current configuration.
The complete configuration will look like this:
pfsense-11

12. Go to ‘Status’ > ‘System Logs’ and select the ‘OpenVPN’ tab. If the last line in the log is “Initialization Sequence Completed” then you are connected to the VPN. Still no traffic is directed trough the VPN and you need to setup the interfaces and the routes.
pfsense12

13. Go to ‘Interfaces’ and click the plus (+) button to add the new interface (OPT1 ovpnc1 in our example).
pfsense13

Click ‘Save’ to save the interfaces.

14. Go back to ‘Interfaces’, select the newly created interface and set it as follows:

  • Check “Enable Interface”
  • Description: VPNReactor
  • Type: None

pfsense15

Leave the rest of the settings as they are and press the ‘Save’ button to save the interface.

15. Go to ‘System’ > ‘Routing’. On the ‘Gateways’ tab check if there is already a route on the newly created VPNReactor interface and press the button to edit it if exist or press the plus (+) button to add if not exist.
pfsense15
Configure as follows:

  • Interface: VPNREACTOR
  • Name: VPNREACTORM
  • Gateway: dynamic
  • Default Gateway: Uncheck
  • Monitor IP: 10.10.10.1
  • Description: Interface VPNReactor Dynamic Gateway

pfsense15b
Click “Save” to save the gateway.

16. Go to ‘Firewall’ > ‘Rules’ and select ‘LAN’ tab. Press the plus(+) button to add a new rule and configure it as follows:

Under ‘Edit Firewall Rule’:

  • Action: Pass
  • Interface: LAN
  • Protocol: any
  • Source > Type: LAN subnet
  • Destination > Type: any
  • Description: LAN to Internet through VPN

pfsense16
Under ‘Advanced features:

  • Gateway: Select the VPNReactor – dynamic

pfsense16b

pfsense16note

17. Reboot pfSense box or just disable the OpenVPN configuration.

( Wait for 1 minute and re-enable it.)

18. HOORAY! You can now use VPNReactor Service via OpenVPN with pfSense.

For questions, contact VPNReactor Support. We are glad to serve you!