Your IP Address is: 23.22.136.56Your Location: United States

pfSense OpenVPN Setup Instructions

Setting up OpenVPN

  1. Open your browser and login to the OpenVPN Access Server you wish to connect to (example: https://lax-1-us.ironsocket.com). Check our Network Details page for the list of VPN server locations.
  2. Enter your VPN username and password. Change the drop-down menu from Connect to Login and click the Go button. You can get your VPN Login Details from the member's area.
  3. Click Yourself (user-locked profile) and download your client.ovpn file to your computer.
  4. Login to your pfSense server
  5. Go to Diagnostics > Edit file. In the "Save / Load from path:" type /root/user_pass.txt and in the box below it type your VPN Username and Password. Click the Save button to save the user_pass.txt file.
  6. Go to System > Cert Manager and press the plus button.
  7. Click CAs tab and in the Descriptive name, enter 'ironsocket'.
  8. Open the 'client.ovpn' file you downloaded in step (3) and copy/paste all of the contents from 'ca' into the Certificate data box including the --- BEGIN --- and --- END --- markers.
  9. Click Save
  10. Still on the 'Certificate Authority Manager' window, click Certificates tab.
  11. Open the 'client.ovpn' file you downloaded in step (3). Copy/paste all of the contents from 'cert' into the 'Certificate data' box including the --- BEGIN --- and --- END --- markers.
  12. Do the same and copy/paste all of the contents from 'key' into the 'Private Key data' box including the --- BEGIN --- and --- END --- markers.
  13. Click Save
  14. On the main pfSense menu, click VPN > OpenVPN. Click Client tab. Press the plus button to add a new OpenVPN configuration.
  15. Setup the OpenVPN client as follows:
    • Server Mode: Peer to Peer (SSL/TLS)
    • Protocol: UDP
    • Device mode: tun
    • Interface: WAN
    • Server host or address: Enter the name of the VPN server you want to connect to. Check our Network Details page for the list of VPN server names.
    • Server port: 1194
    • Description: ironsocket
    • TLS Authentication: checked
    • Automatically generate a shared TLS key: NOT checked. Open the 'client.ovpn' file you downloaded in step (3). Copy the contents of the <tls-auth></tls-auth> block into the box that appears.
    • Peer Certificate Authority: select ironsocket from the list
    • Client Certificate: select ironsocket (CA: ironsocket) from the list
    • Encryption algorithm: BF-CBC (128-bit)
    • Compression: check the "Compress tunnel packets using the LZO algorithm."
    • Advanced: auth-user-pass /root/user_pass.txt
  16. Click Save
  17. Go to Status > System Logs and select the OpenVPN tab. If the last line in the log shows "Initialization Sequence Completed" then you are successfully connected to the OpenVPN server.
    Note: No traffic is directed trough the VPN yet and you need to setup the interfaces and the routes next.
  18. Go to Interfaces > (assign) and click the plus button to add a new interface. Click the newly created interface (OPT1 under Interface column in this example) and setup as follows:
    • Enable: check the box next to "Enable Interface"
    • Description: IRONSOCKET
    • IPv4 Configuration Type: None
    • IPv6 Configuration Type: None
    Note: On older versions, there's only "Type". Set it to "None".
  19. Click Save
  20. Go to System > Routing. On the Gateways tab, check for a route using the IRONSOCKET interface. If there is an existing route using this new interface, click 'e' button to edit it. Otherwise, click the plus button to create a new route.
  21. Set it as follow:
    • Interface: IRONSOCKET
    • Address Family: IPv4
    • Name: IRONSOCKET
    • Gateway: dynamic
    • Default Gateway: Leave unchecked
    • Description: Interface Ironsocket Dynamic Gateway
  22. Click Save button to save the gateway settings.
  23. Go to Firewall > Rules and click the LAN tab. Click the plus button to add a new rule. Set it as follows:
    • Action: Pass
    • Interface: LAN
    • Protocol: any
    • Source -> Type: LAN subnet
    • Destination -> Type: any
    • Description: LAN Connection via VPN
  24. Click Save
  25. Go to Firewall > NAT > Outbound. Select 'Manual Outbound NAT rule generation'
  26. Click Save
  27. Reboot pfSense.
  28. Check the Status -> System Logs for any error
  29. Go to https://ironsocket.com to check your new location in the top bar.