IP address

Internet provider

Amazon Data Services NoVa

Not secure

Your internet provider can monitor what you do online.

Start Guides OpenVPN OPNsense

Install OVPN on OPNsense

This guide was created for OPNsense 19.7 “Jazzy Jaguar”. If you think it's too complicated, and want a simple way to connect to OVPN and use split tunneling features, we recommend Vilfo.

1. Change DNS servers

Navigate to SystemSettingsGeneral.

Change the DNS servers in the list to:


Deselect, so that Allow DNS server list to be overridden by DHCP/PPP on WAN is not checked

Select, so that Do not use the DNS Forwarder or Resolver as a DNS server for the firewall is checked

Save the changes.

2. Create CA certificate

Navigate to SystemTrustAuthorities.

Click on the plus (+) icon. Afterwards, alter these settings:

Create/Edit CA

Descriptive name OVPN
Method Import an existing Certificate Authority

Existing Certificate Authority

Certificate data You must be logged in to see this.
Certificate Private Key (optional) (leave blank)
Serial for next certificate (leave blank)

Save the changes.

3. Choose how you want to connect to OVPN

4. Configure OpenVPN

Navigate to VPNOpenVPNClients.

Click on the plus (+) icon. Afterwards, alter these settings

General Information

Disabled Should not be selected
Description OVPN
Server Mode Peer To Peer (SSL/TLS)
Device Mode Tun – Layer 3 Tunnel Mode
Interface WAN
Remote server
Remote server port
Retry DNS resolution Should be selected
Proxy host or address (leave blank)
Proxy port (leave blank)
Proxy authentication extra options none
Local port (leave blank)

User Authentication Settings

Username (enter your username for OVPN)
Password (enter your password for OVPN)
Renegotiate time Should not be selected

Cryptographic Settings

TLS Configuration → Enable authentication of TLS packets Should be selected
TLS Configuration → Automatically generate a a TLS Key Should not be selected
Paste your shared key here -----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
Peer Certificate Authority OVPN
Client Certificate None (Username and/or Password required)
Encryption algorithm AES-256-GCM
Auth Digest Algorithm SHA1 (160-bit)
Hardware Crypto No Hardware Crypto Acceleration

Tunnel Settings

IPv4 Tunnel Network (leave blank)
IPv6 Tunnel Network (leave blank)
IPv4 Remote Network(s) (leave blank)
IPv6 Remote Network(s) (leave blank)
Limit outgoing bandwidth (leave blank)
Compression No Preference
Type-of-Service Should not be selected
Disable IPv6 Should not be selected
Don't pull routes Should not be selected
Don't add/remove routes Should not be selected

Advanced configuration

Custom options You must be logged in to see this.
Verbosity level 3 (Recommended)

Save the changes.

5. Create OpenVPN interface

Navigate to InterfacesAssignments.

Click on the plus (+) icon to create interface ovpnc1 (OVPN client). Afterwards, click on OPT1.

Select, so that Enable interface is checked.

Save your changes and click on Apply changes.

6. Send DNS requests through the VPN tunnel

Navigate to ServicesUnbound DNSGeneral.

Enable Should be selected
Listen port (leave blank)
Network Interfaces All
DNSSEC Should not be selected
DHCP Registration Should be selected
DHCP Domain Override (leave blank)
DHCP Static Mappings Should be selected
IPv6 Link-local Should not be selected
TXT Comment Support Should not be selected
DNS Query Forwarding Should be selected
Local Zone Type Transparent
Custom options (leave blank)
Outgoing Network Interfaces ovpnc1 (OVPN client)
WPAD Records Should not be selected

Save the changes.

7. Configure NAT

Navigate to FirewallNATOutbound.

Select, so that Hybrid outbound NAT rule generation is checked. Save your changes and click on Apply changes.

Click on the plus (+) icon. On Interface, select OPT1. Leave everything else as is.

Save your changes and click on Apply changes.

Navigate to FirewallRulesLAN.

On the rule IPv4, click on the copy icon to Copy. Set the Gateway to OPT1_DHCP. Click on Save.

On the rule IPv6, click on the copy icon to Copy. Set the Gateway to OPT1_DHCP6. Click on Save.

Save your changes and click on Apply changes.

8. Start OpenVPN

Navigate to VPNOpenVPNConnection Status

Click on the icon that looks like a Play button in order to start OpenVPN. If OpenVPN is already running, we suggest restarting it.

9. Finished

You should now be connected to OVPN and be able to browse the internet safely. To make sure everything was set up correctly, please check the dashboard to verify that you are connected.