How to Setup and Use NordVPN on pfSense
Our Score: 9.6
Since 2004, pfSense has taken the world by storm as an open-source router. It allows you to enjoy a fully-customized secure experience either at work or at home. However, to maximize your internet experience on your pfSense, you need a VPN.
NordVPN, a Panama based company with over 12 million subscribers, is among the best choices. But, if you’re new to setting up VPNs on routers, you might have a little trouble setting up NordVPN on your pfSense. Well, don’t stress; this clear guide will teach you all you need to know about how it’s done. But first, why NordVPN?
Why you should choose NordVPN
- NordVPN offers you military-grade security with its 256-bit keys encryption. Also, with its Double VPN and CyberSec feature, you’re safe from hackers and other internet malware.
- It has over 5800 servers in 59 countries that allow you to bypass geo-restrictions.
- NordVPN ensures your privacy with its kill switch, leak protection, and strict no-logs policy.
- NordVPN has a robust VPN infrastructure that enables you to enjoy lightning speed.
- 24/7 customer support in case you have any issues.
- It’s cost-effective and offers you a 30-day money-back guarantee if you’re not satisfied. You can purchase a 3-year plan at $3.49/month, a 2-year plan at $4.99/month, a 1-year plan at $6.99/month, or a one-month plan at $11.95.
How to install NordVPN on pfSense
Since your pfSense supports OpenVPN, here’s how to set up NordVPN with OpenVPN on it.
Step 1: Sign in to your pfSense account on your browser.
Step 2: Select System -> Certificate Manager, then select CAs.
Step 3: Connect to any of the servers suggested by NordVPN by clicking +Add. After this, input the following:
- Descriptive Name: Enter your preferred server’s name. You should find the server hostname under the server title.
- Method: Import an existing Certificate Authority
- Certificate data: Copy and paste the following then click Save
Step 4: Navigate to the VPN -> OpenVPN and select Clients.
Step 5: Select the +Add bar and enter the following.
- Disable this client: Don’t check “✔️.”
- Server mode: Peer to Peer (SSL/TLS)
- Protocol: UDP on IPv4 only (you can also use TCP)
- Device mode: tun – Layer 3 Tunnel Mode
- Interface: WAN
- Local port: leave empty
- Server host or address: Input your server’s address from step 3 above
- Server port: 1194 (use 443 if you use TCP)
- Proxy host or address: leave empty
- Proxy port: leave empty
- Proxy Authentication: None
- Description: Any name you like.
Step 6: Enter the following under User Authentication Settings.
- Username: Your NordVPN username
- Password: Your NordVPN password in both fields.
Authentication Retry: Don’t check “✔️.”
Step 7: Enter the following under Cryptographic Settings.
TLS Configuration: Check “✔️.”
TLS Key: Copy and paste the following
—–BEGIN OpenVPN Static key V1—–
—–END OpenVPN Static key V1—–
- TLS Key Usage Mode: TLS Authentication
- Peer certificate authority: Enter the descriptive name in Step 3 above
- Peer Certificate Revocation list: Do not define.
- Client certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use). Note that the numbers on your system may be different.
- Encryption Algorithm: AES-256-GCM
- Enable NCP: Check “✔️.”
- NCP Algorithms: AES-256-GCM and AES-256-CBC.
- Auth digest algorithm: SHA512 (512-bit)
- Hardware Crypto: No hardware crypto acceleration.
Step 8: Enter the following under Tunnel Settings.
- IPv4 tunnel network: leave empty
- IPv6 tunnel network: leave empty
- IPv4 remote network(s): leave empty
- IPv6 remote network(s): leave empty
- Limit outgoing bandwidth: leave empty
- Compression: No LZO Compression [Legacy style,comp-lzo no]
- Topology: Subnet – One IP address per client in a common subnet
- Type-of-service: Don’t check “✔️.”
- Don’t pull routes: Don’t check “✔️.”
- Don’t add/remove routes: Check “✔️.”
Step 9: Enter the following under Advanced Configuration.
- Custom Options: Copy and paste the following
- UDP FAST I/O: Don’t check “✔️.”
- Send/Receive Buffer: Default
- Gateway creation: Check IPv4 only
- Verbosity level: 3 (recommended)
Step 10: Click the Interfaces -> Interfaces Assignments. After this,select Add the NordVPN interface.
Step 11: Select the OPT1 to the left of your assigned interface. After this, enter the details below and click Save.
- Enable: Check “✔️.”
- Description: NordVPN
- Mac Address: leave empty
- MTU: leave empty
Step 12: Navigate to Services -> DNS Resolver, then click on General Settings. After, enter the information below and click Save.
- Enable: Check “✔️.”
- Listen port: Skip this field
- Enable SSL/TLS Service: Don’t check “✔️.”
- SSL/TLS Certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use). Note that the numbers on your system may be different.
- SSL/TLS Listen Port: Skip this field
- Network Interfaces: All
- Outgoing Network Interfaces: NordVPN
- System Domains Local Zone Type: Transparent
- DNSSEC: Don’t check “✔️.”
- DNS Query Forwarding: Check “✔️.”
- DHCP Registration: Check “✔️.”
- Static DHCP: Check “✔️.”
Step 13: Select Advanced Settings at the top of the DNS Resolver bar. After this, enter the following and click Save:
- Advanced Privacy Options
- Hide Identity: Check “✔️.”
- Hide Version: Check “✔️.”
- Advanced Resolver Options
- Prefetch Support: Check “✔️.”
- Prefetch DNS Key Support: Check “✔️.”
Step 14: Go to Firewall -> NAT -> Outbound -> Manual Outbound NAT rule generation and then click Save. Four rules should appear, however; leave the rules and add a new rule.
- Select NordVPN as an Interface
- Source: choose your LAN subnet
- Click Save
Step 15: Go to Firewall -> Rules -> LAN and delete the IPv6 rule. After, edit the IPv4 rule by selecting Show Advanced Options. Then, change the Gateway to NordVPN and click Save.
Step 16: Go to System -> General Setup, fill in the following, and click Save.
- DNS Server 1: 22.214.171.124; none
- DNS Server 2: 126.96.36.199; NordVPN_VPNV4-…
Step 17: Go to Status -> OpenVPN to confirm that your service is up. You can also check your connection log file by selecting Status -> System Logs -> OpenVPN.
If you followed our step-by-step approach above, your NordVPN should be all set up on pfSense already. Although the process appears complicated, we have simplified it as much as possible in this guide. Also, it’s a one-time thing, so you don’t need to worry about repeating the process.