Setting up OpenVPN

1. Open your browser and login to the OpenVPN Access Server you wish to connect to (example: https://lax-1-us.ironsocket.com). Check our Network Details page for the list of VPN server locations.
2. Enter your VPN username and password. Change the drop-down menu from Connect to Login and click the Go button. You can get your VPN Login Details from the member's area.
3. Click Yourself (user-locked profile) and download your client.ovpn file to your computer.
4. Login to your pfSense server
5. Go to Diagnostics > Edit file. In the "Save / Load from path:" type /root/user_pass.txt and in the box below it type your VPN Username and Password. Click the Save button to save the user_pass.txt file.

6. Go to System > Cert Manager and press the plus button.

7. Click CAs tab and in the Descriptive name, enter 'ironsocket'.
8. Open the 'client.ovpn' file you downloaded in step (3) and copy/paste all of the contents from 'ca' into the Certificate data box including the --- BEGIN --- and --- END --- markers.
9. Click Save

10. Still on the 'Certificate Authority Manager' window, click Certificates tab.
11. Open the 'client.ovpn' file you downloaded in step (3). Copy/paste all of the contents from 'cert' into the 'Certificate data' box including the --- BEGIN --- and --- END --- markers.
12. Do the same and copy/paste all of the contents from 'key' into the 'Private Key data' box including the --- BEGIN --- and --- END --- markers.
13. Click Save

14. On the main pfSense menu, click VPN > OpenVPN. Click Client tab. Press the plus button to add a new OpenVPN configuration.
15. Setup the OpenVPN client as follows:
• Server Mode: Peer to Peer (SSL/TLS)
• Protocol: UDP
• Device mode: tun
• Interface: WAN
• Server host or address: Enter the name of the VPN server you want to connect to. Check our Network Details page for the list of VPN server names.
• Server port: 1194
• Description: ironsocket
• TLS Authentication: checked
• Automatically generate a shared TLS key: NOT checked. Open the 'client.ovpn' file you downloaded in step (3). Copy the contents of the <tls-auth></tls-auth> block into the box that appears.
• Peer Certificate Authority: select ironsocket from the list
• Client Certificate: select ironsocket (CA: ironsocket) from the list
• Encryption algorithm: BF-CBC (128-bit)
• Compression: check the "Compress tunnel packets using the LZO algorithm."
• Advanced: auth-user-pass /root/user_pass.txt
16. Click Save

17. Go to Status > System Logs and select the OpenVPN tab. If the last line in the log shows "Initialization Sequence Completed" then you are successfully connected to the OpenVPN server.
    Note: No traffic is directed trough the VPN yet and you need to setup the interfaces and the routes next.
18. Go to Interfaces > (assign) and click the plus button to add a new interface. Click the newly created interface (OPT1 under Interface column in this example) and setup as follows:
• Enable: check the box next to "Enable Interface"
• Description: IRONSOCKET
• IPv4 Configuration Type: None
• IPv6 Configuration Type: None
Note: On older versions, there's only "Type". Set it to "None".
19. Click Save

20. Go to System > Routing. On the Gateways tab, check for a route using the IRONSOCKET interface. If there is an existing route using this new interface, click 'e' button to edit it. Otherwise, click the plus button to create a new route.

21. Set it as follow:
• Interface: IRONSOCKET
• Address Family: IPv4
• Name: IRONSOCKET
• Gateway: dynamic
• Default Gateway: Leave unchecked
• Description: Interface Ironsocket Dynamic Gateway
22. Click Save button to save the gateway settings.

23. Go to Firewall > Rules and click the LAN tab. Click the plus button to add a new rule. Set it as follows:
• Action: Pass
• Interface: LAN
• Protocol: any
• Source -> Type: LAN subnet
• Destination -> Type: any
• Description: LAN Connection via VPN
24. Click Save

25. Go to Firewall > NAT > Outbound. Select 'Manual Outbound NAT rule generation'
26. Click Save

27. Reboot pfSense.
28. Check the Status -> System Logs for any error
29. Go to https://ironsocket.com to check your new location in the top bar.

Troubleshooting

I am getting the message 'Authentication Failed' when trying to connect
Be sure to check that your account is still active. If it is, note that your VPN Username and Password is different than your IronSocket Website credentials. You can locate your VPN Username and Password on your VPN Login Details page.

After connecting I am unable to browse and I get disconnected after 1-2 minutes
Some routers and ISPs use abnormal UDP Network Address Translation (NAT) configurations which can result in your outgoing data jumping between different outgoing ports. This sort of connection is not supported by OpenVPN. Try switching to TCP to see if this resolves your connectivity issues. See how to do this below.

How do I switch between TCP and UDP protocols?
All of our .ovpn configuration files include both UDP and TCP connection information. By default UDP typically is used first as it appears first in the list of connection settings.

If you are using the OpenVPN Connect application you can simply adjust the settings to force the connection to use UDP or TCP. On Windows and Mac OSX this is an option in the Right-click / Control-click menu on the taskbar / menu bar icon. On iOS, in the general "Settings" area OpenVPN Connect can be selected and configured. On Android, the Preferences option can be selected by pressing the menu button within the OpenVPN Connect app.

If you are using OpenVPN Community or Tunnelblick you can edit the .ovpn file directly with a text editor and comment out the remote UDP or TCP lines. These lines appear at the bottom of the file and start with the word 'remote' and end with 'udp' or 'tcp'. To comment out a line just add a semi-colon ';' at the start of the line. For example change "remote uk-lon-1.isvpn.net 53 udp" to ";remote uk-lon-1.usvpn.net 53 udp". Save the file and re-import it into your application.