OpenVPN Client Import Package

Note

This package is only available on Netgate pfSense® Plus software.

The OpenVPN client import package can take a unified OpenVPN client configuration file as exported by an OpenVPN server and automatically turn it into an OpenVPN client instance on pfSense Plus software. The unified OpenVPN configuration file format includes all of the certificates and keys required for the connection, allowing the client instance to be created with minimal effort.

In many cases the newly imported client instance starts and passes traffic on completion of the import, but in some cases adjustments must be made to the imported client configuration by editing the resulting OpenVPN client instance.

The package can be installed using the Package Manager on pfSense Plus software. Once the package is installed, it can be accessed at VPN > OpenVPN on the Import tab.

How it Works

The import process attempts to read the configuration file and map directives from the file to their equivalent settings in pfSense Plus software. Unknown directives are placed into the Custom options area in the resulting client instance.

If the configuration being imported contains certificates, the import package will create appropriate CA and certificate entries if they do not already exist.

Note

If the configuration requires certificates but they are not present in the imported configuration file, they can be manually imported in the certificate manager and then manually selected in the OpenVPN client instance after it has been imported.

Once the import process is complete, the new client is stored and, if it is enabled and has a complete configuration, the client is immediately started.

Imported OpenVPN Client Configuration

When importing a configuration there are several options specific to pfSense Plus software which cannot be automatically determined from the imported configuration. These must be filled in manually before the import process can be completed.

These options are equivalent to their counterparts in the OpenVPN Configuration Options. Consult that document for additional details on these settings.

Config File

The OpenVPN configuration file (e.g. <name>.ovpn) to import.

The OpenVPN client configuration file can be from another instance of pfSense software, a VPN provider, or other OpenVPN compatible server so long as it uses the standard OpenVPN configuration format.

Disabled

When set, the client will be marked as disabled on import so it will not start automatically.

Server Mode

Chooses between whether this client is connecting to an SSL/TLS server with certificates, or to a shared key server.

Name

A descriptive name for this client instance.

Interface

The firewall interface to be used by this client instance for outbound connections. In most cases this will be WAN but may also be another interface, or a virtual IP address.

Username

The username to use if the OpenVPN server requires a username and password. May be left blank if the server does not require user authentication.

Password

The password to use if the OpenVPN server requires a username and password. May be left blank if the server does not require user authentication.

Client Import Example

The process to import a client generally follows this format:

  • Obtain an OpenVPN configuration file in inline format from the OpenVPN server (e.g. username.ovpn)

    Note

    If the server is also running pfSense software, use the OpenVPN Client Export Package and download the inline configuration using the Most Clients button.

  • Navigate to VPN > OpenVPN, Import tab on the client firewall

  • Click Browse in the .ovpn config file field and select the configuration file obtained from the server (e.g. username.ovpn)

  • Fill in the other options as described in Imported OpenVPN Client Configuration

  • Click Import

At that point the client instance will be created and started automatically. If the configuration was incomplete or needs other changes, then do so as follows:

  • Navigate to VPN > OpenVPN, Clients tab

  • Find the newly imported client in the list and click fa-pencil on its row

  • Make final adjustments needed

  • Click Save

See also

See also: OpenVPN Configuration Options