Before you begin…

This tutorial assumes that you already have:

  • VPNReactor OpenVPN Configuration file.
    Not yet? You can download the package from HERE.
  • PfSense Installed.
    Not yet? You can download the package from HERE

Let’s Start!
1. Open Pfsense GUI and go to ‘System’ > ‘Packages’.

2. Click ‘Available Packages’ tab.

3. Scroll down and select ‘OpenVPN Client Export Utility’ and click the plus (+) button. Select “Yes” on the popup window to run the installation and wait for the installation to complete.


4. After the installation completes, go to ‘System’ > ‘Cert Manager’ > ‘CAs’.
On the ‘CAs’ tab, remove any existing certificates.

5. Go to ’Certificates’ tab and remove any existing certificates.
(NOTE: DO NOT remove the ‘Webconfigurator default’ certificate)

6. Finally, go to ‘VPN’ > ‘OpenVPN’ and remove your existing server configuration.

7. Go back to ‘System’ > ‘Cert Manager’ > ‘CAs’ and click the plus (+) button to add a new OpenVPN Certificate.


8. Fill up the ‘Certificate Authority Manager’ as follows:

  • Descriptive Name: VPNReactor – CA
  • Method: Import an existing Certificate Authority.
  • Certificate data: (Open the ‘ca.vpnreactor’ file via notepad from VPNReactor’s OpenVPN Configuration Package. Copy and Paste it here.)

The configuration will look like this:
Leave the rest of the field empty and click ‘Save’ to save the certificate.

9. Go to ‘Systems’ > ‘User Manager’ and fill up as follows:

  • Username: VPNReactor Username
  • Password: VPNReactor Password and confirm it by inputting it twice.
  • Full Name: (Your Name)
  • Certificate: Check “Click to create a user certificate”.

The complete configuration will look like this:

10. Go to ‘VPN’ > ‘OpenVPN’ and select ‘Client’ tab. Press the plus (+) button to add a new OpenVPN configuration.


11. Setup the OpenVPN client as follow:

  • Server Mode: Peer to Peer (SSL/TLS)
  • Protocol: UDP
  • Device mode: tap
    – Interface: WAN
    – Server host or address: (Enter one of VPNReactor server addresses)
  • Server port: 1194
  • TLS Authentication: NOT checked
  • Peer Certificate Authority: Select VPNReactor – CA from the list
  • Encryption algorithm: BF-CBC (128-bit)
  • Compression: Check the “Compress tunnel packets using the LZO algorithm.”
  • Advanced: verb 5; auth-user-pass /root/user_pass.txt; fragment 1300; persist-key; persist-tun; link-mtu 1578; explicit-exit-notify 3; redirect-gateway def1

Click ‘Save’ to save the current configuration.
The complete configuration will look like this:

12. Go to ‘Status’ > ‘System Logs’ and select the ‘OpenVPN’ tab. If the last line in the log is “Initialization Sequence Completed” then you are connected to the VPN. Still no traffic is directed trough the VPN and you need to setup the interfaces and the routes.

13. Go to ‘Interfaces’ and click the plus (+) button to add the new interface (OPT1 ovpnc1 in our example).

Click ‘Save’ to save the interfaces.

14. Go back to ‘Interfaces’, select the newly created interface and set it as follows:

  • Check “Enable Interface”
  • Description: VPNReactor
  • Type: None


Leave the rest of the settings as they are and press the ‘Save’ button to save the interface.

15. Go to ‘System’ > ‘Routing’. On the ‘Gateways’ tab check if there is already a route on the newly created VPNReactor interface and press the button to edit it if exist or press the plus (+) button to add if not exist.
Configure as follows:

  • Interface: VPNREACTOR
  • Gateway: dynamic
  • Default Gateway: Uncheck
  • Monitor IP:
  • Description: Interface VPNReactor Dynamic Gateway

Click “Save” to save the gateway.

16. Go to ‘Firewall’ > ‘Rules’ and select ‘LAN’ tab. Press the plus(+) button to add a new rule and configure it as follows:

Under ‘Edit Firewall Rule’:

  • Action: Pass
  • Interface: LAN
  • Protocol: any
  • Source > Type: LAN subnet
  • Destination > Type: any
  • Description: LAN to Internet through VPN

Under ‘Advanced features:

  • Gateway: Select the VPNReactor – dynamic



17. Reboot pfSense box or just disable the OpenVPN configuration.

( Wait for 1 minute and re-enable it.)

18. HOORAY! You can now use VPNReactor Service via OpenVPN with pfSense.

For questions, contact VPNReactor Support. We are glad to serve you!