Skip to main content

Using CloudConnexa Profile to configure pfSense


Many of our Users have expressed interest in using CloudConnexa compatible routers to connect to CloudConnexa instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in cases where convenience, rather than high throughput, is required.


The information provided here is for EDUCATIONAL and INFORMATIONAL purposes only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums. It is not guaranteed that all versions of the firmware will work as expected with CloudConnexa and some features may be incompatible. It is best to update the firmware to the latest version.

Downloading the Connector Profile

Sign in to the CloudConnexa Administration portal at

  1. Navigate to Networks.

  2. Select Networks.

  3. Click the name of the router Network.

  4. Click the Connectors tab.

  5. Click the Deploy drop-down menu of the Connector you wish to modify.

  6. Select Deploy Connector.

  7. Click the Connector Type drop-down menu.

  8. Select pfSense.

  9. Click Download OVPN Profile.

Alternatively, you may download the profile by clicking the Network name, and the edit icon for the Network.

Or from the Connectors menu.

Open the downloaded Profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

Configuring pfSense

  1. From the main menu go to SystemCert. Manager

  2. Next, go select CAsAdd

  3. Select Method Import an existing Certificate Authority

  4. Set some “Descriptive name”

  5. In the Certificate Data space, copy the data from the Connector’s Profile: everything between Certificate Authority  <ca> and </ca>

  6. Click Save

  7. CertificatesAdd

  8. Select Method Import an existing Certificate

  9. Set some “Descriptive name”

  10. In the Certificate Data space, copy the data from the Connector’s Profile: everything between the Certificate data and between the Private key data <cert> and <cert>.

    1. In the Private key data space, copy the data from the Connector’s Profile: everything between <key> and <key>.

    2. In certificate type, choose: X.509 (PEM)

  11. Click Save

  12. From the main menu go to VPNOpenVPN

  13. Select Clients Add a client

  14. Enter preferable PGMT Hostname of the Cloud Connexa server in the Server Host or address field. Refer to Region Locations to find hostnames if needed.

  15. Uncheck Automatically generate a TLS Key

  16. In the TLS Key space, copy the data from the Connector’s Profile: everything between the TLS Key <tls-auth> and <tls-auth>.

  17. Select your Certificate Authority in the Peer Certificate Authority drop-down menu

  18. Select your Certificate in the Client Certificate drop-down menu

  19. Select AES-256-GCM in the Encryption Algorithm Data Encryption Algorithms drop-down menu

  20. Select SHA256 in the Auth Digest Algorithm drop-down menu

  21. Select Disable Compression in the Compression drop-down menu

    1. In Allow compression drop-down choose: Decompress Incoming, do not compress outgoing (asymmetric)

    2. In Compression drop-down choose: Disable Compression [Omit Preference].

  22. Click Save

  23. From the main menu go to StatusOpenVPN

  24. Ensure that OpenVPN service is up and Virtual IP Addresses are assigned

Steps after the tunnel is ONLINE

Enable the tunnel interface by carrying out the steps below:

  1. Interfaces > assignment

  2. Add > Choose the tunnel created for CloudConnexa. It will be shown as LAN. Click on the name > Enable it and change the name if desired.

  3. Click Save.

  4. Apply changes.

  5. On Status > Interfaces check that the tunnel interface is added with status: Up.


Enable NAT by carrying out the steps below:

  1. Firewall > NAT > Outbound

  2. Outbound NAT Mode: Hybrid

  3. Add > interface Pointing to local resources

  4. Interface > WAN

    Address Family > IPv4+IPv6

    Protocol > Any

    Source > Any

    Destination > Any

  5. Click Save

  6. Apply Changes


If there are any problems, please check Status > System logs > Firewall  to ensure that there are no firewall rules blocking traffic.

Configuration Screenshots