Next
pfBlocker-NG Package
Previous
OpenVPN Client Export Package
Note
This package is only available on Netgate pfSense® Plus software.
The OpenVPN client import package can take a unified OpenVPN clientconfiguration file as exported by an OpenVPN server and automatically turn itinto an OpenVPN client instance on pfSense Plus software. The unified OpenVPNconfiguration file format includes all of the certificates and keys required forthe connection, allowing the client instance to be created with minimal effort.
In many cases the newly imported client instance starts and passes traffic oncompletion of the import, but in some cases adjustments must be made to theimported client configuration by editing the resulting OpenVPN client instance.
The package can be installed using the Package Manager on pfSense Plussoftware. Once the package is installed, it can be accessed at VPN > OpenVPNon the Import tab.
How it Works¶
The import process attempts to read the configuration file and map directivesfrom the file to their equivalent settings in pfSense Plus software. Unknowndirectives are placed into the Custom options area in the resulting clientinstance.
If the configuration being imported contains certificates, the import packagewill create appropriate CA and certificate entries if they do not already exist.
Note
If the configuration requires certificates but they are not present in theimported configuration file, they can be manually imported in the certificatemanager and then manually selected in the OpenVPN client instance after ithas been imported.
Once the import process is complete, the new client is stored and, if it isenabled and has a complete configuration, the client is immediately started.
Imported OpenVPN Client Configuration¶
When importing a configuration there are several options specific to pfSensePlus software which cannot be automatically determined from the importedconfiguration. These must be filled in manually before the import process can becompleted.
These options are equivalent to their counterparts in theOpenVPN Configuration Options. Consult that document for additional details onthese settings.
- Config File:
The OpenVPN configuration file (e.g.
<name>.ovpn
) to import.The OpenVPN client configuration file can be from another instance of pfSensesoftware, a VPN provider, or other OpenVPN compatible server so long as ituses the standard OpenVPN configuration format.
- Disabled:
When set, the client will be marked as disabled on import so it will not startautomatically.
- Server Mode:
Chooses between whether this client is connecting to an SSL/TLS server withcertificates, or to a shared key server.
- Name:
A descriptive name for this client instance.
- Interface:
The firewall interface to be used by this client instance for outboundconnections. In most cases this will be WAN but may also be anotherinterface, or a virtual IP address.
- Username:
The username to use if the OpenVPN server requires a username and password.May be left blank if the server does not require user authentication.
- Password:
The password to use if the OpenVPN server requires a username and password.May be left blank if the server does not require user authentication.
Client Import Example¶
The process to import a client generally follows this format:
Obtain an OpenVPN configuration file in inline format from the OpenVPN server(e.g.
username.ovpn
)Note
If the server is also running pfSense software, use theOpenVPN Client Export Package and download the inline configuration usingthe Most Clients button.
Navigate to VPN > OpenVPN, Import tab on the client firewall
Click Browse in the .ovpn config file field and select theconfiguration file obtained from the server (e.g.
username.ovpn
)Fill in the other options as described in Imported OpenVPN Client Configuration
Click Import
At that point the client instance will be created and started automatically. Ifthe configuration was incomplete or needs other changes, then do so as follows:
Navigate to VPN > OpenVPN, Clients tab
Find the newly imported client in the list and click on its row
Make final adjustments needed
Click Save
See also
See also: OpenVPN Configuration Options