How to setup VPN on pfSense 2.4.2

Welcome back, everyone! Today I have some more pfSense goodness for you. I will show you how to setup VPN on pfSense 2.4.2 – so that you have your VPN connection directly on the router level. With this method, all internet traffic will be routed through your VPN Tunnel.

I found that over the years PIA has proven itself to become my go-to VPN provider. I tried a couple of other options like Nord VPN but didn’t like it as much as PIA. PIA doesn’t save any user logs and also provides full-speed. So far I never had a problem, always surfing at the maximum speed that my ISP provides.

That being said, if you want to try out PIA, sign up with them over the link in the sidebar or directly here.

Alright, enough talk, let’s get started.


Step 1 – Downloading the PIA Certificate Authority

First, we need to download the PIA Certificate Authority from the PIA Website. I recommend using Google Chrome for the Download, as Firefox wants to directly import it. Just save it somewhere and right-click it and open it with a text editor like notepad. Copy all the files contents.

How to setup PIA on pfSense
Copy the Certificate


Step 2 – Installing the Certificate Authority in pfSense

Next, we are going to install the CA in pfSense. So log in to your pfSense firewall and navigate to System -> Certificate Manager -> CAs. Click on Add.

Paste in the text from the PIA CA and give it a name. Click Save.

How to setup PIA on pfSense
Creating the CA



Step 3 – Creating the OpenVPN Client

Navigate to VPN -> OpenVPN -> Clients and click on Add. Now you need to go ahead and choose a VPN Server from PIA. I would advise choosing one closest to your location for the best results.

Now we got to enter a couple of things:

  • Server host or address:
  • Server port: 1198
  • Username + Password
  • Uncheck Use a TLS Key
  • Peer Certificate Authority: Our PIA CA that we created earlier
  • Encryption Algorithm: AES-128-CBC(128bit key, 128bit block)
  • Enable NCP
  • Auth digest algorithm: SHA1(160-bit)
  • Hardware Crypto: No Hardware Crypto Acceleration
  • Compression: Adaptive LZO Compression
  • Custom Options:
    • persist-key
    • persist-tun
    • remote-cert-tls server
    • reneg-sec 0

Everything else stays on default. Use the screenshot below to verify all settings.

How to setup PIA VPN on pfSense
OpenVPN Client Settings 1


How to setup PIA VPN on pfSense
OpenVPN Client Settings 2


How to setup PIA VPN on pfSense
OpenVPN Client Settings 3


How to setup PIA VPN on pfSense
OpenVPN Client Settings 4


How to setup PIA VPN on pfSense
OpenVPN Client Settings 5


Phew, ok. We got that down.

Now  navigate to Status -> OpenVPN.

If you did every step correctly, you get presented with an established connection.

How to setup PIA with pfSense
OpenVPN connection established


Step 4 – Creating NAT Rules

And we are almost done, now we just have to create some NAT Rules. Navigate to Firewall -> NAT -> Outbound.

Set the Outbound NAT Mode to Manual Outbound NAT and copy the first rule on the bottom. Change the interface to OpenVPN. Repeat this step for all the other rules too.

PIA VPN pfSense
Duplicating NAT Rules


PIA VPN pfSense
Change the Interface and Rule Name


Finally, click on Save to apply all changes. Reboot your firewall for good measure.

Now all your internet traffic is routed over your PIA VPN Server. Easy, isn’t it? You don’t need to worry about privacy anymore, as all your devices traffic is routed over your VPN.

Until next time.

One thought on “How to setup VPN on pfSense 2.4.2

  • May 29, 2018 at 6:33 am

    Great Article. Is there anyway you can make only certain ports on one device in the network use the vpn while the rest of the traffic does not use the vpn?


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.