How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

(/en/)

Your IP: 5.9.18.170 | Your ISP: Hetzner Online AG | Your Status: Unprotected (https://nordvpn.com/pricing/)

This is the tutorial on how to set up your pfSense device with NordVPN. The instructions were made for connection to the South Africa #1 (za1) server with pfSense 2.2.3. Special thanks to slvR for providing these instructions.

1. Download the latest CA certificates from this link (https://www.nordvpn.com/api/static /ca_and_tls_auth_certificates.zip) and extract the package.

2. Open the pfSense WebUI and go to System -> Cert Manager .

3. In the CAs tab fill in:

Descriptive name: name it NordVPN ; Method: choose Import an existing Certificate Authority ; Certificate data (this is the CA certificate of the South African server, if you wish to set up other server, you need to use that server’s certificate accordingly): —–BEGIN CERTIFICATE—– MIIEzTCCA7WgAwIBAgIJAJzKEd/h/+oTMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEbMBkGA1UEAxMSdnBuLXphLm5vcmR2 cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v cmR2cG4uY29tMB4XDTE0MDYxNzA4MjYwNFoXDTI0MDYxNDA4MjYwNFowgZ8xCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEBxMGUGFuYW1hMRAwDgYDVQQK EwdOb3JkVlBOMRAwDgYDVQQLEwdOb3JkVlBOMRswGQYDVQQDExJ2cG4temEubm9y ZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRA bm9yZHZwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDonNMX GetoZb34Fbmv+r4OuWilz/dcc5vQ1KVu0GyzWQNC+lzH/kK8w9HiTU VPN for $4 a month 8bjehdsdOKu1U

1 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

EaPe0rIhwqpf0HzC6ZJxvB8x68DS7ibxxdu6BJtngMuMqie7Vi12sPUezDKIP5XX lhqqHjaG/WytMVayRvVRFD12VwoBeXPxUWS6NU53inEyeJynDiv4Mu4DrG9oIGig TkJ5eeckNMR1te6BtoOEgYXZ6vdacl/9CDAv6Qow4K3+DJq+yEfW6576kn5sRDpN 81Maw5goE1n3+t7IFfOx8mnaY0QcoHMnn1Fe1gjEbZCzKMRTFnYnw/8+I4a6/N3n pkAIUsjPoaszYGcdAgMBAAGjggEIMIIBBDAdBgNVHQ4EFgQUQ3LpPFZLAj2DM8H/ oykDODavh5owgdQGA1UdIwSBzDCByYAUQ3LpPFZLAj2DM8H/oykDODavh5qhgaWk gaIwgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEBxMGUGFuYW1h MRAwDgYDVQQKEwdOb3JkVlBOMRAwDgYDVQQLEwdOb3JkVlBOMRswGQYDVQQDExJ2 cG4temEubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0B CQEWEGNlcnRAbm9yZHZwbi5jb22CCQCcyhHf4f/qEzAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQB7OAOufQwNm9Cl9VCyLu2gaT4Nl9YLfms9wLHnCRgF ebPyM/obOvrTlg3Oqkr1t5n2eC+FL6/yHwJ5KhXBoQ0fcZE8OnE1b7WIBolB/kRE DggkZR3/HH6R6xN3h6GXwLPaeUIecUdaoxk51Qa8knOjzzAkGVwQ7BNwFeYksUcq xunQzBvIPR/20VJPSl1Z8DtDimGlETqXVp3esgSkiKSg6fKR1Wn5FqIgEEb6GkPK HqiOFICfIyFXQS7qWGFMj4YSIMMJJ1JNcw08seEJaNS9Y4/No/wiRVEM94L9feP/ /np9n6Tqs6g9v5EYuo6yEJ/w3tBjq/xCyCwG0mzyCn3t —–END CERTIFICATE—– Certificate Private Key: leave blank ; Serial for next certificate: leave blank ; Click Save .

4. Now go to VPN and select OpenVPN from the drop-down menu.

Get VPN for $4 a month

2 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

5. GENERAL INFORMATION Select Client tab and enter the configuration as listed below: Disable this client: leave unchecked. Server mode: Peer to Peer (SSL/TLS) ; Protocol: UDP (you can also use TCP); Device mode: TUN ; Interface: WAN ; Local port: leave blank ; Server host or address: za1.nordvpn.com ; Server port: 1194 ; Proxy host or address: leave blank ; Proxy port: leave blank ; Proxy authentication extra options: Authentication method: None ; Server host name resolution: check Infinitely resolve server ; Description: Any name you like. In our case it was NordVPN .

USER AUTHENTICATION SETTINGS User name/pass: Your NordVPN username / your NordVPN password .

CRYPTOGRAPHIC SETTINGS TLS Authentication (remember, it is for South African Server): —–BEGIN OpenVPN Static key V1—– ab8937e723d396a72b08fbb95dc5eae2 70b6f769b1a3a11a9dff0d290e08c0f6 71b9dd38f2401afe689256b31875050f c1d0343aca40a468cbb44ee167b232a1 e5b9b27b507a33bb2e0f2cdcacd893df 7d1e80145ff6e52eff22dbff9df2e310 4962123001c7b57fb44f36649846b682 dcf7c2403bcfc457ce3cc9a0e8acdf67 826d96ac051b91b4c75d1853debf9917 ecb5ae25ec8bab959abf1d35931bfd30 eecc0c13d1f28ee2005a7ab27ae82c7e cde6e63421edc5e6402850f63c87e0b8 3263d18ead0046abf7adf5033d73d31d c39bc30aa237f60ce68e1710772c45ef 63dc5e4cdb0f858ecec41e578136f703 b79ee2fbddb69990d96dab2167578ade —–END OpenVPN Static key V1—– Peer certificate authority: NordVPN ; GetClient VPN certificate: for $4 awebConfigurator month default (557de1a2a90c7) *In use (please note that the numbers

3 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

on your machine could be different); Encryption algorithm: AES-256-CBC (256-bit) ; Auth digest algorithm: SHA1 (160-bit) ; Hardware crypto: No hardware crypto acceleration .

TUNNEL SETTINGS IPv4 tunnel network: leave blank ; IPv6 tunnel network: leave blank ; IPv4 remote network/s: leave blank ; IPv6 remote network/s: leave blank ; Limit outgoing bandwidth: leave blank ; Compression: Enabled with adaptive compression ; Type-of-service: leave uncheked ; Disable IPv6: check Don’t forward IPv6 traffic ; Don’t pull routes: check This option effectively bars the server from adding routes to the client’s routing table, however note that this option still allows the server to set the TCP/IP properties of the client’s TUN?TAP interface ; Don’t add/remove routes: leave unchecked .

ADVANCED CONFIGURATIONS Advanced: leave blank ; Verbosity level: 3 (recommended) ; Click Save .

Get VPN for $4 a month

4 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

Get VPN for $4 a month

5 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

6. Go to Interface and select assign drop the drop-down list. Then click on the + button. A new interface will be created. Name it Nord_ZA for instance. Also, change the interface port to ovpncX where X is the number of the interface you have created. Usually it will be 1. Save changes.

7. Now go to Firewall -> NAT -> Outbound . For the outbound rule mode select Hybrid outbound NAT rule generation (Automatic outbound NAT + rules below) . You will now need to copy Mappings listed and change Interface to Nord_ZA) (or whatever other name you have used in the previous step). You should now see something like in the picture below.

The last step is to configure Firewall rules. Go to Firewall -> Rules -> LAN . Create a new rule. The settings should be: Action: Pass ; Disabled: leave unchecked ; Interface: LAN ; TCP/IP version: IPv4 ; Protocol: any ; Source: Type: any ; Destination: any ; Log: leave uncheked ; Description: name it whatever you like; ADVANCED FEATURES In the advanced features you only need to change one setting: Gateway: Type: Interface that we have created (in our case it is Nord_ZA ).

Click Save and then Apply the changes to the firewall settings.

Get VPN for $4 a month

6 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

That’s it! You should now have the VPN connection set on your pfSense.

Navigation Earn Money

Download (https://nordvpn.com/download/) Affiliate (https://nordvpn.com/affiliate/) Pricing (https://nordvpn.com/pricing/) Refer a Friend (/profile/) GetFeatures VPN (/features/) for $4 a month Privacy tools

7 / 8 12.10.2016 18:47 How to setup OpenVPN on pfSense | NordVPN https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

About us (https://nordvpn.com/about-us/) Free Proxy List (https://nordvpn.com/free-proxy-list/) Testimonials (https://nordvpn.com/testimonials/) Web proxy (https://nordvpn.com/web-proxy/) FAQ (https://nordvpn.com/faq/) Youtube proxy (https://nordvpn.com/youtube-proxy/) Tutorials (/tutorials/) Encrypted chat (/chat/) VPN Software (https://nordvpn.com/vpn-software/) VPN Routers (https://nordvpn.com/flashrouters/) Unblock (https://nordvpn.com/unblock/) Terms Of Service (https://nordvpn.com/terms-of-service/) Privacy policy (https://nordvpn.com/privacy-policy/) Server Status (https://nordvpn.com/servers/) My account (/profile/)

Social Languages

Facebook (https://www.facebook.com/NordVPN) English (https://nordvpn.com/en/tutorials/pfsense/pfsense- Twitter (https://twitter.com/NordVPN) openvpn/) Google+ (https://plus.google.com/+Nordvpn/about) Pinterest (https://www.pinterest.com/nordvpn/) Youtube (https://www.youtube.com/channel/UCSZhRxyloC- qzURiOa3vbFQ#)

Engage

Community Board (https://nordvpn.com/community/) Blog (https://nordvpn.com/blog/) Press area (https://nordvpn.com/press-area/) Manifesto (https://nordvpn.com/manifesto/) Careers (https://nordvpn.com/careers/) Contact Us (https://nordvpn.com/contact-us/)

(https://itunes.apple.com/app/apple- (https://play.google.com/store

store/id905953485?pt=97327898&ct=footer&mt=8) /apps/details?id=com.nordvpn.android& referrer=utm_source%3Dnordvpn.com%26utm_medium%3Dlink%26utm_campaign%3Dfooter

We care about your privacy.

© Copyright 2016 Nordvpn.com and Tefincom S.A. support[@]nordvpn.com

Get VPN for $4 a month

8 / 8 12.10.2016 18:47