OpenVPN Client Import Package¶
This package is only available on Netgate pfSense® Plus software.
The OpenVPN client import package can take a unified OpenVPN client configuration file as exported by an OpenVPN server and automatically turn it into an OpenVPN client instance on pfSense Plus software. The unified OpenVPN configuration file format includes all of the certificates and keys required for the connection, allowing the client instance to be created with minimal effort.
In many cases the newly imported client instance starts and passes traffic on completion of the import, but in some cases adjustments must be made to the imported client configuration by editing the resulting OpenVPN client instance.
The package can be installed using the Package Manager on pfSense Plus software. Once the package is installed, it can be accessed at VPN > OpenVPN on the Import tab.
How it Works¶
The import process attempts to read the configuration file and map directives from the file to their equivalent settings in pfSense Plus software. Unknown directives are placed into the Custom options area in the resulting client instance.
If the configuration being imported contains certificates, the import package will create appropriate CA and certificate entries if they do not already exist.
If the configuration requires certificates but they are not present in the imported configuration file, they can be manually imported in the certificate manager and then manually selected in the OpenVPN client instance after it has been imported.
Once the import process is complete, the new client is stored and, if it is enabled and has a complete configuration, the client is immediately started.
Imported OpenVPN Client Configuration¶
When importing a configuration there are several options specific to pfSense Plus software which cannot be automatically determined from the imported configuration. These must be filled in manually before the import process can be completed.
These options are equivalent to their counterparts in the OpenVPN Configuration Options. Consult that document for additional details on these settings.
- Config File
The OpenVPN configuration file (e.g.
<name>.ovpn) to import.
The OpenVPN client configuration file can be from another instance of pfSense software, a VPN provider, or other OpenVPN compatible server so long as it uses the standard OpenVPN configuration format.
When set, the client will be marked as disabled on import so it will not start automatically.
- Server Mode
Chooses between whether this client is connecting to an SSL/TLS server with certificates, or to a shared key server.
A descriptive name for this client instance.
The firewall interface to be used by this client instance for outbound connections. In most cases this will be WAN but may also be another interface, or a virtual IP address.
The username to use if the OpenVPN server requires a username and password. May be left blank if the server does not require user authentication.
The password to use if the OpenVPN server requires a username and password. May be left blank if the server does not require user authentication.
Client Import Example¶
The process to import a client generally follows this format:
Obtain an OpenVPN configuration file in inline format from the OpenVPN server (e.g.
If the server is also running pfSense software, use the OpenVPN Client Export Package and download the inline configuration using the Most Clients button.
Navigate to VPN > OpenVPN, Import tab on the client firewall
Click Browse in the .ovpn config file field and select the configuration file obtained from the server (e.g.
Fill in the other options as described in Imported OpenVPN Client Configuration
At that point the client instance will be created and started automatically. If the configuration was incomplete or needs other changes, then do so as follows:
Navigate to VPN > OpenVPN, Clients tab
Find the newly imported client in the list and click on its row
Make final adjustments needed
See also: OpenVPN Configuration Options