Setup VPN on Router with pfSense 2.4.2
I found that over the years PIA has proven itself to become my go-to VPN provider. I tried a couple of other options like Nord VPN but didn’t like it as much as PIA. PIA doesn’t save any user logs and also provides full-speed. So far I never had a problem, always surfing at the maximum speed that my ISP provides.
That being said, if you want to try out PIA, sign up with them over the link in the sidebar or directly here.
Alright, enough talk, let’s get started.
Step 1 – Downloading the PIA Certificate Authority
First, we need to download the PIA Certificate Authority from the PIA Website. I recommend using Google Chrome for the Download, as Firefox wants to directly import it. Just save it somewhere and right-click it and open it with a text editor like notepad. Copy all the files contents.

Step 2 – Installing the Certificate Authority in pfSense
Next, we are going to install the CA in pfSense. So log in to your pfSense firewall and navigate to System -> Certificate Manager -> CAs. Click on Add.
Paste in the text from the PIA CA and give it a name. Click Save.

Step 3 – Creating the OpenVPN Client
Navigate to VPN -> OpenVPN -> Clients and click on Add. Now you need to go ahead and choose a VPN Server from PIA. I would advise choosing one closest to your location for the best results.
Now we got to enter a couple of things:
- Server host or address: germany.privateinternetaccess.com
- Server port: 1198
- Username + Password
- Uncheck Use a TLS Key
- Peer Certificate Authority: Our PIA CA that we created earlier
- Encryption Algorithm: AES-128-CBC(128bit key, 128bit block)
- Enable NCP
- Auth digest algorithm: SHA1(160-bit)
- Hardware Crypto: No Hardware Crypto Acceleration
- Compression: Adaptive LZO Compression
- Custom Options:
- persist-key
- persist-tun
- remote-cert-tls server
- reneg-sec 0
Everything else stays on default. Use the screenshot below to verify all settings.





Phew, ok. We got that down.
Now navigate to Status -> OpenVPN.
If you did every step correctly, you get presented with an established connection.

Step 4 – Creating NAT Rules
And we are almost done, now we just have to create some NAT Rules. Navigate to Firewall -> NAT -> Outbound.
Set the Outbound NAT Mode to Manual Outbound NAT and copy the first rule on the bottom. Change the interface to OpenVPN. Repeat this step for all the other rules too.


Finally, click on Save to apply all changes. Reboot your firewall for good measure.
Now all your internet traffic is routed over your PIA VPN Server. Easy, isn’t it? You don’t need to worry about privacy anymore, as all your devices traffic is routed over your VPN.
Until next time.
Pingback: pfSense设置VPN路由 | 鉄血男儿的BLOG
Great Article. Is there anyway you can make only certain ports on one device in the network use the vpn while the rest of the traffic does not use the vpn?