PfSense VPN Client setup – Setting up an OpenVPN client to remotely access local network resources.
Now that we have a working OpenVPN server setup, we have to configure a VPN client on the machines that we will be using to remote into our network. Although we have VPN client options for many devices, including IOS and Android phones, we will be mainly focusing on Windows and Mac computers as they are traditionally used for work purposes.
Setup PfSense VPN Client
Navigate to the VPN tab within your PfSense menu bar, go to OpenVPN, and click on Clients. Click on the add button to add a new client, as shown below.
After clicking add, PfSense should take you to the OpenVPN Clients > Edit tab, here we will need to customize a few settings. We will provide a few examples of settings we had to change to accommodate our needs. However, your needs will vary.
Under the General Information tab, you can designate TCP/UDP connections for clients. We left it as IPv4 & UDP, for faster connections. In the “Server or Host” address section, please provide the IP address of your VPN Server.
- In a home network settings (this will be the dynamic/static IP address provided to you by your Internet Service Provider (ISP).
- In a work setting, this will be your VPN server’s network address reachable by the outside world.
You can also use a host-name for this purpose that resolves to a public IP address.
At the end of the form, please fill in a friendly description for easier administrative reference.
Next, we will fill out the “User Authentication Settings” field. Please be sure to use a secure username and password here for your clients.
Next, we will move on to configuring the “Cryptographic Settings” field. Here you want to add AES-128-GCM & AES-256-GCM under NCP algorithms if it isn’t already done for you.
Under the Auth Digest Algorithm, choose SHA256(256-bit).
Under Hardware Crypto, you can add any supported hardware that your system has from the drop-down drop-down, or you can leave it disabled.
In the Advanced Config section, select IPv4 only or Both for gateway creation as shown below, then go ahead and click save.
You should now have a fully working VPN client configuration setup.
We will now go ahead and create a Client Export Package.
OpenVPN Client Export Package
We can create a client export package and send that file to our clients to install on their computers so that they can connect to our VPN server. PfSense has an effortless way to do this through the OpenVPN client export packager.
Go to System > Package Manager
Go to available packages as shown below, then search for OpenVPN & click install.
Click on confirm to finish the install process.
Below you will notice your package getting installed, and it should be done within a minute or less depending on the performance of your system.
PfSense VPN User Manager
Now we need to add our users so that they can access our VPN Server. For this, go to PfSense System > User Manager, as shown below.
Fill out the fields as shown below, be sure to match all of the details including username and password that you set earlier in the VPN Client Config settings. Under Certificate Authority drop-down, be sure to choose your server certificate. Make sure the “click to create user certificate” button is checked. After these steps are completed, go ahead and click save.
You should now have a completed PfSense OpenVPN Server & a PfSense VPN Client Setup. You can now export these settings for your clients, as shown below.
Below you will see many options for client export. You can easily download a setup package for Mac OS or Windows, which includes the inline configurations, so you don’t have to import them separately.
Once the package is installed, you can download inline configurations for additional users and import them into the OpenVPN client utility.
The download options for inline configuration files or all-inclusive setup files are as follows.
Windows Downloads
- Windows 7/8/8.1/2012R2
- Windows 10/2016/2019
Mac OS X Downloads
- Viscosity Bundle
Android/IOS
- Android (Download App for your device, then download the inline configurations from PfSense to import into the App)
- IOS (Download App for your device, then download the inline configurations from PfSense to import into the App)
If this article was informative in setting up a PfSense VPN Client, please be sure to give us a Like on our FaceBook page @ TechReally, it helps us know how we are doing. You can also join our Facebook Group @ Tech Really Facebook Group.
Following your guide. At the Client Export Utility, I am getting these errors when I try to export:
An IP address or hostname must be specified.
Failed to export config files!
What do I select in the “Host Name Resolution” drop-down?
Click “Other” then fill out your own dynamic DNS hostname.
example: computer.freedns.afraid.org
if you don’t already have dynamic dns setup on your router, then sign up for one for free at Free Dns.
after your signup there map your dynamic IP to that host name under pfsense
services > dynamic dns > add
select freedns as your provider
Got it. Been working great. Thanks for the guide!
you are welcome, Dave!