matomo

Install OVPN on pfSense

1. Change DNS servers

Navigate to SystemGeneral Setup.

Change the DNS servers in the list to:

  • 46.227.67.134
  • 192.165.9.158

Deselect, so that Allow DNS server list to be overridden by DHCP/PPP on WAN is not checked

Select, so that Do not use the DNS Forwarder or Resolver as a DNS server for the firewall is checked

Save the changes.

2. Create CA certificate

Navigate to SystemCert manager.

Click on the plus (+) icon. Afterwards, alter these settings:

Create/Edit CA

Descriptive name OVPN
Method Import an existing Certificate Authority

Existing Certificate Authority

Certificate data You must be logged in to see this.
Certificate Private Key (optional) (leave blank)
Serial for next certificate (leave blank)

Save the changes.

3. Choose how you want to connect to OVPN

4. Configure OpenVPN

Navigate to VPNOpenVPN. Afterwards click on tab Clients.

Click on the plus (+) icon. Afterwards, alter these settings

General Information

Disabled Should not be selected
Server Mode Peer To Peer (SSL/TLS)
Protocol
Device Mode Tun – Layer 3 Tunnel Mode
Interface WAN
Local port (leave blank)
Server host or address
Server port
Proxy host or address (leave blank)
Proxy port (leave blank)
Proxy authentication extra options none
Server host name resolution Should be selected
Description OVPN client

User Authentication Settings

Username (enter your username for OVPN)
Password (enter your password for OVPN)
Authentication Retry Should not be selected

Cryptographic Settings

TLS Configuration Should be selected
Automatically generate a a TLS Key Should not be selected
Paste your shared key here -----BEGIN OpenVPN Static key V1-----
81782767e4d59c4464cc5d1896f1cf60
15017d53ac62e2e3b94b889e00b2c69d
dc01944fe1c6d895b4d80540502eb719
10b8d785c9efa9e3182343532adffe1c
fbb7bb6eae39c502da2748edf0fb89b8
a20b0a1085cc1f06135037881bc0c4ad
8f2c0f4f72d2ab466fb54af3d8264c5f
ddeb0f21aa0ca41863678f5fc4c44de4
ca0926b36dfddc42c6f2fabd1694bdc8
215b2d223b9c21dc6734c2c778093187
afb8c33403b228b9af68b540c284f6d1
83bcc88bd41d47bd717996e499ce1cbb
fa768a9723c19c58314c4d19cfed82e5
43ee92e73d38ad26d4fbec231c0f9f3b
30773a5c87792e9bc7c34e8d7611002e
bedd044e48a0f1f96527bfdcc940aa09
-----END OpenVPN Static key V1-----
TLS Key Usage Mode TLS Authentication Only
Peer Certificate Authority OVPN
Peer Certificate Revocation List Leave as is
Client Certificate None (Username and/or Password required)
Encryption algorithm AES-256-GCM
Enable NCP Should be selected
NCP Algorithms AES-256-GCM, AES-128-GCM, AES-256-CBC, AES-128-CBC
Auth Digest Algorithm SHA1 (160-bit)
Hardware Crypto No Hardware Crypto Acceleration

Tunnel Settings

IPv4 Tunnel Network (leave blank)
IPv6 Tunnel Network (leave blank)
IPv4 Remote Network(s) (leave blank)
IPv6 Remote Network(s) (leave blank)
Limit outgoing bandwidth (leave blank)
Compression Adaptive LZO-Compression
Topology Subnet – One IP-address per client in a common subnet
Type-of-Service Should not be selected
Don't pull routes Should not be selected
Don't add/remove routes Should not be selected

Advanced configuration

Custom options You must be logged in to see this.
UDP fast I/O Should not be selected
Send/Receive buffer Default
Verbosity level 3 (Recommended)

Save the changes.

5. Create OpenVPN interface

Navigate to InterfacesAssignments.

Click on the plus (+) icon to create interface ovpnc1 (OVPN client). Afterwards, click on OPT1.

Select, so that Enable interface is checked. Save your changes and click on Apply changes.

6. Configure NAT

Navigate to FirewallNAT. Afterwards click on tab Outbound

Select, so that Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) is checked. Save your changes and click on Apply changes.

The next step is to duplicate all existing rules, but changing the interface to OVPN. To duplicate a rule, click on the duplicate icon (the middle icon) next to the rule

Change Interface to OPT1. You should also alter the Description in order to clarify that the rule is for OPT1. Save your changes.

When all the rules have been duplicated, commit your changes by clicking on Apply changes.

7. Start OpenVPN

Navigate to StatusOpenVPN

Click on the icon that looks like a Play button in order to start OpenVPN. If OpenVPN is already running, we suggest restarting it.

8. Finished

You should now be connected to OVPN and be able to browse the internet safely. To make sure everything was set up correctly, please check the dashboard to verify that you are connected.