Using OpenVPN Cloud profile to configure pfSense
Introduction
Many of our users have expressed interest in using OpenVPN compatible routers to connect to OpenVPN Cloud instead of using the Connector application.
While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in the cases where convenience, rather than high throughput, is required.
Please note that the information provided here is for EDUCATION and INFORMATIONAL uses only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums.
It is not guaranteed that all versions of the firmware will work as expected with OpenVPN Cloud and some features may be incompatible. It is best to update the firmware to the latest version.
Downloading the Connector profile
To configure the routers you need to use specific sections of the OpenVPN Cloud Connector profile in specific setting configurations.
First, you need to download the profile in .ovpn format from the Network configuration you have created in the Administration portal to represent the router’s network.
The profile can be downloaded by selecting it as the option in the drop-down list shown after clicking on the download icon. See, picture.

Open the downloaded profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).
Configuring pfSense
- From the main menu go to System → Cert. Manager
- CAs → Add
- Select Method “Import an existing Certificate Authority”
- Set some “Descriptive name”
- Copy the Certificate Authority certificate block between <ca> and </ca> markers
- Save
- Certificates → Add
- Select Method “Import an existing Certificate”
- Set some “Descriptive name”
- Copy the Certificate Data and Private Key certificate blocks between <cert> and </cert> then <key> and </key> markers respectively
- Save
- From the main menu go to VPN → OpenVPN
- Select Clients → Add a client
- Enter preferable PGMT in the “Server host or address” field
- Uncheck “Automatically generate a TLS Key”
- From the connector's profile, copy the TLS-Key certificate block between the <tls-auth> and </tls-auth> markers
- Select your Certificate Authority in the “Peer Certificate Authority” drop down menu
- Select your Certificate in the “Client Certificate” drop down menu
- Select “AES-256-GCM” in the “Encryption Algorithm” drop down menu
- Select “SHA256” in the “Auth Digest Algorithm” drop down menu
- Select “Disable Compression” in the “Compression” drop down menu
- Save
- From the main menu go to Status → OpenVPN
- Ensure that OpenVPN service is up and Virtual IP Addresses are assigned




















