Skip to main content

OpenVPN Support Center

Welcome to the new and improved OpenVPN Support Center.

Search the Support Center

Access Server: pfsense Configuration

  • Updated

Description:

Many of our customers have expressed interest in using OpenVPN compatible routers to connect to OpenVPN Access Server. While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in the cases where convenience, rather than high throughput, is required.

Please note that the information provided here is for EDUCATION and INFORMATIONAL uses only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums.

It is not guaranteed that all versions of the firmware will work as expected with OpenVPN Access Server and some features may be incompatible. It is best to update the firmware to the latest version always.

Resolution:

To configure the routers you need to use specific sections of the OpenVPN Access Server connection profile in specific setting configurations of the pfsense router.


First, you need to download the connection profile in .ovpn format from your access server CWS.

Note: It is recommended to use an autologin connection profile. 

mceclip0.png

The autologin profile can be downloaded by clicking on the listed available connection profile as shown above. Open the downloaded profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

 

Configuring pfSense

  1. From the main menu go to SystemCert. Manager
  2. CAsAdd
  3. Select Method “Import an existing Certificate Authority”
  4. Set some “Descriptive name
  5. Copy the data from the autologin connection profile: everything between  “Certificate Authority "<ca>
    mceclip10.png
  6. Then Save
  7. CertificatesAdd
  8. Select Method “Import an existing Certificate
  9. Set some “Descriptive name
  10. Copy the next data from the connector’s profile: everything between “Certificate data” and between “Private key data”mceclip9.pngmceclip8.png
  11. Then Save
  12. From the main menu go to VPN → OpenVPN
  13. Select Clients → Add a client
  14. Enter or copy the Access Server host or IP address address configured for your OpenVPN Access Server in the “Server host or address” field.mceclip4.pngmceclip5.png
  15. Uncheck “Automatically generate a TLS Key”
  16. Copy the next data from the connector’s profile: everything between to “TLS Key”mceclip7.png
  17. Select your Certificate Authority in the “Peer Certificate Authority” drop-down menu
  18. Select your Certificate in the “Client Certificate” drop-down menu
  19. Select “AES-256-GCM” in the “Encryption Algorithm” drop-down menu
  20. Select “SHA256” in the “Auth Digest Algorithm” drop-down menu
  21. Select “Disable Compression” in the “Compression” drop-down menu
  22. Then Save
  23. From the main menu go to Status → OpenVPN
  24. Ensure that OpenVPN service is up and Virtual IP Addresses are assignedmceclip6.png

 

 

 

 

 

 

Comments

0 comments

Please sign in to leave a comment.