Using OpenVPN Cloud profile to configure pfSense


Many of our users have expressed interest in using OpenVPN compatible routers to connect to OpenVPN Cloud instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in the cases where convenience, rather than high throughput, is required.

Please note that the information provided here is for EDUCATION and INFORMATIONAL uses only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums.

It is not guaranteed that all versions of the firmware will work as expected with OpenVPN Cloud and some features may be incompatible. It is best to update the firmware to the latest version.

Downloading the Connector profile

To configure the routers you need to use specific sections of the OpenVPN Cloud Connector profile in specific setting configurations.

First, you need to download the profile in .ovpn format from the Network configuration you have created in the Administration portal to represent the router’s network.

The profile can be downloaded by selecting it as the option in the drop-down list shown after clicking on the download icon. See, picture.

Open the downloaded profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

Configuring pfSense

  1. From the main menu go to System → Cert. Manager
  2. CAs → Add
  3. Select Method “Import an existing Certificate Authority”
  4. Set some “Descriptive name”
  5. Copy the Certificate Authority certificate block between <ca> and </ca> markers
  6. Save
  7. Certificates → Add
  8. Select Method “Import an existing Certificate”
  9. Set some “Descriptive name”
  10. Copy the Certificate Data and Private Key certificate blocks between <cert> and </cert> then <key> and </key> markers respectively
  11. Save
  12. From the main menu go to VPN → OpenVPN
  13. Select Clients → Add a client
  14. Enter preferable PGMT in the “Server host or address” field
  15. Uncheck “Automatically generate a TLS Key”
  16. From the connector's profile, copy the TLS-Key certificate block between the <tls-auth> and </tls-auth> markers
  17. Select your Certificate Authority in the “Peer Certificate Authority” drop down menu
  18. Select your Certificate in the “Client Certificate” drop down menu
  19. Select “AES-256-GCM” in the “Encryption Algorithm” drop down menu
  20. Select “SHA256” in the “Auth Digest Algorithm” drop down menu
  21. Select “Disable Compression” in the “Compression” drop down menu
  22. Save
  23. From the main menu go to Status → OpenVPN
  24. Ensure that OpenVPN service is up and Virtual IP Addresses are assigned