How to setup pfSense OpenVPN for Remote Access?

This article shows you how to setup the OpenVPN on pfSense, so that a user can securely access their application servers without the needs to open public ports on the firewall.

* This procedure works for pfSense 2.0.x.
* This procedure use the pfSense internal user database, this is suitable for companies with only a few remote users. (In larger deployment, pfSense can use LDAP for centralized authentication).


== Create SSL Certificates ==
# Before we can install our OpenVPN server, we must set up our own certificate authority and a self-signed SSL server certificate. Please read [[How to setup pfSense SSL Certificate Authority]] for how to create them.

== Add OpenVPN Client Export Utility ==
# Open System > Packages. Open Available Packages tab.
# Find "OpenVPN Client Export Utility", Click [+] to install it.

# Click [OK] to accept the installation and wait for the installation to complete.

== Create OpenVPN Server ==
# Open VPN > OpenVPN, then click the Wizards tab.

# On Type of Server, choose Local User Access, click Next.

# On Certificate Authority, choose the Example-RootCA we created. Click Next.

# On Certificate, choose the server certificate we created. Click Next.

# In General OpenVPN Server Information, change port to 11194 and input a Description.

# In Cryptographic Settings, don't change anything (the default is fine).

# In Tunnel Settings, input the values like the picture below.

#* Tunnel Network: Use the suggested value (
#* Redirect Gateway: Normally Unchecked.
If you check this, OpenVPN will becomes the default gateway of the client. (E.g. Allow China users access blocked web sites).
#* Local Network: Input the LAN subnet on your VDC (as shown in Interface > LAN).
#* Concurrent Connections and Duplicate Connections is recommended, because users often have multiple devices (notebook, tablet, phone, etc).
# In Client Settings, input the DNS Default Domain (e.g. example.local) and the DNS Server (e.g. LAN IP of your pfSense) for the client.

# Click Next.
# Check Firewall Rule and OpenVPN rule, then click Next.

# Click Finish.

== Check Firewall Rules ==
# Now, we need to make sure the follow firewall rules were correctly added by the wizard.
# Open Firewall > Rules. On the WAN tab, there should be a rule that open the OpenVPN Server port on WAN.

# Open the OpenVPN tab, there should be a rule that allow everything from/to the OpenVPN network.

== Create Users ==
# Open System > User Manager. Open the Users tab. Click [+] to add a new user.

# Create an user "John". Select "Click to create a user certificate".

# Input the Descriptive name and click Save.

Now, our OpenVPN server has been installed. Next step is to install OpenVPN client for our Windows and Mac Users.

Permanent link to this article: