Configuring OpenVPN in pfSense

To access the private part of the network, configure OpenVPN

First of all you need to install the openvpn-client-export package. To do this go to the web interface System --> Package manager --> Available packages, type openvpn-client-export in the search bar and click install.

You need to wait for this to finish installing

After the installation we proceed to the settings.

Go to VPN --> OpenVPN and select Wizards.

In my example I will use local users

Click Next

On the next screen create CA

Descriptive nameDescriptive name
Common NameInternal name, if empty, Descriptive name will be used
Country CodeTwo-letter country code
State or ProvinceFull name of the state/province
CityCity Name
OrganizationName of organization
Organizational UnitDivision/Department Name

Once filled in, click Add new CA and repeat the steps for Server Certificate

After creating the certificates, proceed to configuring the OpenVPN server.

Fill in the description

Select the interface, port and protocol for the future server

The Cryptographic Settings are as you wish and need them to be.

Let’s proceed with the Tunnel configuration

It is necessary to fill in

  • IPv4 Tunnel Network - The network that will be allocated to clients must not overlap with your networks
  • IPv4 Local Network - The network or networks that will be accessed from the VPN network.

Customize the settings as you wish and need, and click Next when complete.

Select Firewall Rule and OpenVPN rule

Click Next and Finish to finish

When finished, the new server should appear in the list.

The next step is to create a user, go to System --> User Manager --> Users and click Add Fill in the user name, password

Next, select Certificate, fill in the fields and select the certificate that you created during the OpenVPN server configuration.

Click Save

Now go to VPN --> OpenVPN and click on the Client Export tab

For Client Connection Behavior, select Other and enter the Public IP or domain name if available.

Далее выбираем нашего пользователя и экспортируем конфигурацию

Configure the client according to your OS

For testing I have a virtual machine without a public IP address, now it should be accessible with a VPN connected

 ssh ubuntu@
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-79-generic x86_64)

 * Documentation:
 * Management:
 * Support:

  System information as of Wed Aug 30 08:59:32 AM UTC 2023

  System load:  0.0                Processes:             131
  Usage of /:   23.5% of 17.63GB   Users logged in:       0
  Memory usage: 16%                IPv4 address for eth0:
  Swap usage:   0%

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See or run: sudo pro status

*** System restart required ***
Last login: Wed Aug 30 08:59:33 2023 from

It is also necessary to check who packets have started traveling through pfSense

Check which external IP we get

ubuntu@test-vm:~$ curl -4

Also make sure that pfSense is the gateway for the VM.

ubuntu@test-vm:~$ traceroute
traceroute to (, 30 hops max, 60 byte packets
 1  _gateway (  0.821 ms  0.801 ms  0.792 ms
 2  * * *
 3 (  1.161 ms  1.151 ms  1.142 ms

As we can see after gateway there is LAN interface of pfSense.