VPN Setup for pfSense : OpenVPN Protocol

1. Log into your pfSense gateway.

2. Navigate to System -> Cert Manager -> CAs.

3. If there are any certificates on this page, remove them with the trashcan icon to the right.

4. Click on Add in the lower-right to add a new certificate.

5. Download CA certificate file from herehttps://network.glbls.net/openvpnconfig/serverlocation.crt and open it on Wordpad for Windows or TextEdit for Mac, then COPY and PASTE to “Certificate data” field. Enter “CA-OpenVPN” to “Descriptive name”.

6. Click “Save” button.

7. Navigate to VPN -> OpenVPN -> Clients

8. If there are any existing VPNs on this page, remove them with the trashcan icon to the right.

9. Click on Add in the lower-right to add a new VPN connection.

Protocol: UDP or TCP (we recommended to use UDP)

Server host or address: Here enter the server you want to connect. You can find our global VPN server network list and their hostnames here : http://support.smartdnsproxy.com/customer/en/portal/articles/1907772-vpn-server-locations-addresses

Server port: 1194 (or 443, 80, 53)

Server hostname resolution: Ensure that "Infinitely resolve server" is checked.

Description: Enter any name you want to describe this VPN connection. You may enter something like "Smart DNS Proxy Netherlands".

User Authentication Settings: Fill the Username and Password fields with your VPN username and password. You can find your VPN username in your account vpn section.

TLS Authentication: Ensure "Enable authentication of TLS packets" is disabled.

Peer Certificate Authority: Select the OpenVPN-CA we setup.

Client Certificate: None (Username and/or Password required)

Encryption Algorithm: BF-CBC (128-bit).

Auth digest algorithm: SHA1 (160-bit).

Compression: Enabled with Adaptive Compression.

Disable IPv6: Ensure "Don't forward IPv6 traffic" is checked.

Custom options: Copy and paste the following into the custom options textbox:
remote-cert-tls server
reneg-sec 0

10. Click Save to save the VPN connection.

11. Navigate to Status -> OpenVPN.

12. If Status doesn't show as "up", click the circular arrow icon under Actions to restart the service. If it still does not come up, navigate to Diagnostics -> Reboot to restart the device.

13. Ensure that Status shows as "up" before continuing.

14. Navigate to Firewall -> NAT -> Outbound.

15. Set the Mode under General Logging Options to "Manual Outbound NAT rule generation (AON)", and click Save.

16. Under the Mappings section, click the duplicate (dual-page) icon on the right for the first rule shown in the list.

17. Set Interface to "OpenVPN" and click Save at the bottom.

18. Repeat the last two steps for all remaining rule shown under Mappings, until every rule has a duplicate for OpenVPN.

19. Click Apply at the top of the page to apply all changes.
20. Finished. At this point, your VPN service should be fully operational! If you find that it's not working at this point, navigate to Diagnostics -> Reboot and restart your router.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.