Last Updated: April 6, 2021
- Surfshark Openvpn Certificate
- Surfshark Pfsense Download
- Surfshark Pfsense Web
- Surfshark Compatible Routers
- Surfshark Pfsense
- Openvpn Pfsense Guide
- Surfshark Pfsense V
pfSense, an open-source software, has the ability to turn a computer system into a dedicated router or firewall. Using a VPN on open-source pfSense can boost its security abilities, and ExpressVPN is more than up to the task. You can configure it through a web-based interface like most routers. This article will guide you through the process of configuring ExpressVPN on pfSense.
Surfshark provides a cheap VPN service that allows unlimited number of devices with ad blocking. In this tutorial we are going to configure pfSense with Surfshark and assign an interface to it so that we can route it to other services.
- VPN split tunneling – called Whitelister on the Surfshark VPN app – is the software capability to have only some of your internet traffic go over VPN while the rest uses the internet as usual. And you’re the one to decide when it happens.
- How to set up pfSense 2.4.4 with Surfshark. How to set up Surfshark on Synology NAS. How to set up Surfshark on Synology 6.2 NAS.
- SurfShark VPN Review 2020 - In this video we take a look into SurfShark VPN with my honest breakdown of the service!Check out SurfShark: http://bit.ly/ltvsu.
- Choosing a fast VPN, like Surfshark, will guarantee servers with no less than 1Gbps port connected. For servers with higher bandwidth (the US and the UK), the number increases to 2x10Gbps. The higher the number, the faster the connection. It means that such tasks as streaming videos and downloading files don’t suffer from lagging and buffering.
Setting Up ExpressVPN on pfSense
Setting up ExpressVPN on pfSense is quite technical. You need to accurately follow the instructions in this article, as any mistake can result in the wrong configuration. The configuration process involves using the OpenVPN protocol to set up a connection to an ExpressVPN server. Although there is a new pfSense version (2.5.0), we will focus on the configuration settings for version 2.4.5 as a more significant number of users are still using it. Let’s dive into how to set up ExpressVPN on pfSense 2.4.5.
1. The first thing to do is create an ExpressVPN account if you don’t have one. Go to the ExpressVPN website, click on “Get ExpressVPN,” and follow the instructions to get a subscription plan and complete the account creation process. Once you access your account, navigate to manual configuration settings through the following path: Set Up Other Devices > Manual Configuration.
2. Under “Manual Configuration,” select the “OpenVPN” tab, you will see your service credentials (username and password) directly under it. Leave the browser window open or copy the credentials somewhere you can easily reach because you will need them later. Just below the credentials, there is also a list of servers and their locations.
3. Select the server location you intend to use and pick a server. Then download the OpenVPN configuration file (.ovpn) of that server. You can choose UDP (faster) or TCP (more reliable) depending on your preference.
4. The next thing you need to do is to sign in to your pfSense control panel. The default username and password are usually “admin” and “pfsense” if no one has previously changed it. If that does not work, check the user manual or contact pfSense’s customer support team.
5. Once you’re in, on the top navigation bar, select “System,” then “Certificate Manager.” In the CA section, select the “+Add” button and input the following under their respective fields:
Descriptive name: Input any name to represent your VPN connection (e.g., ExpressVPN-USA).
Method: click on “Import an existing Certificate Authority.”
Existing Certificate Authority
Certificate data: Use any text editor to open the .ovpn file you downloaded in step 3 above, copy the text between the <ca> and </ca> tags, and paste it in this field.
Certificate Private Key (optional): Leave empty.
Serial for next certificate: Leave empty.
Click the “Save” button.
6. Next, select “Certificates,” select the “+Add/Sign” button, and input the following:
Add/Sign a New Certificate
Method: Click Import an existing Certificate.
Descriptive name: Input any name to represent your certificate (e.g., ExpressVPN-Cert).
Certificate data: Copy the text between the <cert> and </cert> tags in the .ovpn file you opened before and paste it here.
Private ket data: Copy the text between the <key> and </key> tags in the .ovpn file you opened before and paste it in this field.
Click the “Save” button.
7. Navigate to the top navigation bar and select “VPN” then “OpenVPN.” Select “Clients,” click the “+Add” button and input the following:
Disabled: Leave this box unchecked.
Server mode: Peer to Peer (SSL/TLS).
Protocol: UDP on IPv4 only.
Device mode: tun – Layer 3 Tunnel Mode.
Local port: Leave empty.
Server host or address: Copy the server address listed between the word “remote” and the 4-digit port number in the .ovpn file you opened before and paste it in this field.
Server port: Input the 4-digit port number (next to the server address) you saw above.
Proxy port: Leave empty.
Proxy Authentication: Choose none.
Description: Input any name to represent your VPN connection (e.g., ExpressVPN-NY).
User Authentication Settings
Username: Input the ExpressVPN service username in step 2 above.
Password: Input the ExpressVPN service password in step 2 above twice.
TLS Configuration: Check this box.
Automatically generate a TLS key: Leave this box unchecked
TLS Key: Copy the text between the <tls-auth> and </tls-auth> tags in the .ovpn file you opened before and paste it in this field (don’t copy any line that begins with “#”).
TLS Key Usage Mode: Choose TLS Authentication.
Peer Certificate Authority: Choose the CA you created earlier (e.g., ExpressVPN-USA)
Client Certificate: Choose the certificate you created earlier (e.g., ExpressVPN-Cert)
Encryption Algorithm: Check the .ovpn file you opened before for the word “cipher” and choose the algorithm displayed after it in the dropdown menu here (e.g., AES-256-CBC).
Enable NCP: Leave this box unchecked.
NCP Algorithms: Leave empty
Auth digest algorithm: Check the .ovpn file you opened before for the word “auth” andchoose the algorithm displayed after it in the dropdown menu here (e.g., SHA512).
Hardware Crypto: Select No Hardware Crypto Acceleration.You should select otherwise only if you are sure your device supports hardware cryptography.
IPv4 Tunnel Network: Leave empty.
IPv6 Tunnel Network: Leave empty.
IPv4 Remote Network(s): Leave empty.
IPv6 Remote Network(s): Leave empty.
Limit outgoing bandwidth: Leave blank.
Compression: Choose Adaptive LZO Compression [Legacy, comp-lzo adaptive].
Topology: Leave as it is.
Type-of-Service: Leave this box unchecked
Don’t pull routers: Leave this box unchecked
Don’t add/remove routes: Leave this box unchecked
Custom options: Copy and paste the following:
fast-io;persist-key;persist-tun;remote-random;pull;comp-lzo;tls-client;verify-x509-name Server name-prefix;remote-cert-tls server;key-direction 1;route-method exe;route-delay 2;tun-mtu 1500;fragment 1300;mssfix 1450;verb 3;sndbuf 524288;rcvbuf 524288
UDP Fast I/O: Check this box.
Send/Receive Buffer: Choose 512 KiB.
Gateway Creation: Choose IPv4 only.
Verbosity Level: Choose 3 (recommended).
Click the “Save” button.
8. Go to “Interfaces” in the top navigation bar and select “Assignments.” Click the “+Add” button to add the ExpressVPN interface.
9. Select the “OPT1” under “Interface,” select “ovpnc1,” and click the “Save” button.
10. Back to the top navigation bar, click “Interfaces,” select “OPT1,” and input the following:
Surfshark Openvpn Certificate
Enable: Check this box.
If preferred, Tor Browser may be made portable by extracting it from its archive directly onto removable media such as a USB stick or SD card. It is recommended to use writable media so that Tor Browser can be updated as required. Tor Browser will block browser plugins such as Flash, RealPlayer, QuickTime, and others: they can be manipulated into revealing your IP address. We do not recommend installing additional add-ons or plugins into Tor Browser. Tor Browser aims to make all users look the same, making it difficult for you to be fingerprinted based on your browser and device information. MULTI-LAYERED ENCRYPTION. Your traffic is relayed and encrypted three times as it passes over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays. Tails uses the Tor network to protect your privacy online and help you avoid censorship. Enjoy the Internet like it should be. Your secure computer anywhere. Shut down the computer and start on your Tails USB stick instead of starting on Windows, macOS, or Linux. Tails leaves no trace on the computer when shut down.
Description: Input any name that represents the interface (e.g., ExpressVPN).
Mac Address: Leave empty.
MTU: Leave empty.
MSS: Leave empty.
Block private networks and loopback addresses: Leave this box unchecked
Block bogon networks: Leave this box unchecked
Click the “Save” button and click “Apply Changes.”
11. Back to the top navigation bar, click “Firewall,” then “Aliases.” Select the “+Add” button to add an alias for your home network and input the following:
Name: Enter a name to represent your network (e.g., Local_Subnet)/
Description: A description to describe your network (e.g., Home)
Type: Choose Networks.
Network or FDQN: Input 192.168.1.0 and choose 24.
Click the “Save” button.
12. In the top navigation bar, select Firewall > NAT > Outbound. Choose “Manual Outbound NAT rule generation” for “Mode,” click “Save,” then “Apply Changes.”
13. Under “Mappings,” go to your first WAN interface and click the copy icon under “Actions.” Then choose “EXPRESSVPN” for “Interface” click “Save.” Repeat this step for every WAN entry in this section. Click “Apply Changes” at the top.
14. Next, click “Firewall,” then “Rules.” Select “LAN,” click the “Add” button on the far left and input the following:
Edit Firewall Rule
Action: Choose Pass.
Disabled: Leave unchecked.
Interface: Choose LAN.
Address: Choose IPv4.
Surfshark Pfsense Download
Protocol: Choose Any.
Source: Choose Single host or alias and input the name of the alias you created for your network earlier.
Destination: Choose Any
Log: Leave unchecked.
Description: Input a description of your firewall rule.
Select Display Advanced.
Gateway: Choose EXPRESSVPN.
Click the “Save” button, then “Apply Changes.”
15. To confirm the OpenVPN connection is active, navigate to the following path: Status > OpenVPN. You should see “up” under the “Status” section.
As you can see, it’s a long and technical process. Be very careful not to miss any step.
Advantages of Using ExpressVPN on pfSense
Here are the perks of using Express on pfSense:
ExpressVPN’s security structure includes reliable VPN protocols (OpenVPN), military-grade encryption (AES-256), leak protection, compatibility with the Onion network, malware/ad blocker (CyberSec), Split Tunneling, and a Kill Switch. Your privacy and security are in secure hands.
2. Circumvent Geo-Restrictions
ExpressVPN’s servers are powerful when it comes to unblocking content you cannot view due to geo-restrictions. Netflix, BBC iPlayer, HBO Now, and Amazon Prime Video are a few of the popular services it can unblock. Its extensive server network allows you to access streaming content in any region worldwide.
To use ExpressVPN on pfSense, you have to go through a thorough configuration process. You need to be very meticulous with the setup process because any small detail can affect the connection’s success. We hope that this guide helps you set up ExpressVPN on pfSense.
Last Updated: April 1, 2021
pfSense is an open-source software distribution that can turn a computer into a dedicated router/firewall. It usually operates on a virtual machine or a dedicated physical computer. It is FreeBSD-based, which means it belongs to the family Unix-like BSD distribution. Using a VPN on pfSense enhances its abilities to protect your devices. This article takes a deep dive into configuring NordVPN on pfSense.
Setting Up NordVPN on pfSense
pfSense has different versions, but the latest one is the 2.5.0 version. This new version has an in-built WireGuard VPN client. Unfortunately, NordVPN’s proprietary WireGuard-based protocol is not available for routers. So this setup involves using the OpenVPN protocol to connect to NordVPN’s servers. Let’s take a look at the step-by-step process you need to follow.
1. Open a browser window and log in to your pfSense account with your credentials. The default is usually “admin” for the username and “pfsense” for the password. Reach out to pfSense support or check your user manual if that doesn’t work.
2. Navigate to the certificate authority section through the following path: System > Certificate Manager > CAs. Once you’re in the CA section, click “+Add.”
3. You’re going to need the name of the server in the next steps. So head over to NordVPN’s OpenVPN configurations page and note the name of the server you intend to use or let NordVPN recommend a server for you.
4. Go back to your pfSense page and input the following in their respective fields:
Descriptive Name: NordVPN_CA (this is for this guide, you can use any name)
Method: Import an existing Certificate Authority
Trust Store: Uncheck this box
Randomize Serial: Uncheck this box
Certificate data: copy and paste the data below.
Surfshark Pfsense Web
Surfshark Compatible Routers
Click on “Save” to save the configuration.
5. Now go to VPN > OpenVPN > Clients and click on “+Add.”
6. Enter the following in their respective fields:
Disable this client: Uncheck this box.
Server mode: Peer to Peer (SSL/TLS)
Protocol: UDP on IPv4 only (you can also use TCP)
Device mode: tun – Layer 3 Tunnel Mode
Local port: Leave box unchecked
Server host or address: the hostname of the server you selected in step 3 above
Server port: 1194 (use 443 if you use TCP)
Proxy host or address: Leave box unchecked
Proxy port: Leave box unchecked
Proxy Authentication: none
Description: Input any descriptive name of your choice.
7. In the “User Authentication Settings” section,input the following:
Username: Your NordVPN service username
Password: Your NordVPN service password in both fields
Authentication Retry: leave box unchecked
If you don’t know your NordVPN service credentials, you can find them in your NordAccount dashboard under “Advanced configuration.”
8. In the “Cryptographic Settings” section, input the following:
TLS Configuration: Use a TLS Key – Check this box; Automatically generate a TLS key – Uncheck this box
TLS Key: Copy and paste the data below
—–BEGIN OpenVPN Static key V1—–
—–END OpenVPN Static key V1—–
TLS Key Usage Mode: TLS Authentication
TLS keydir direction: Use default direction
Peer certificate authority: NordVPN_CA (the CA in step 4 above)
Peer Certificate Revocation list: Do not define
Client certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use). It is important to note that the numbers on your machine might not be the same.
Data Encryption Negotiation: Check this box
Data Encryption Algorithms: AES-256-GCM and AES-256-CBC
Fallback Data Encryption Algorithm: AES-256-CBC
Auth digest algorithm: SHA512 (512-bit)
Hardware Crypto: No Hardware Crypto Acceleration
9. In the “Tunnel Settings” section, input the following:
IPv4 tunnel network: Leave blank
IPv6 tunnel network: Leave blank
IPv4 remote network(s): Leave blank
IPv6 remote network(s): Leave blank
Limit outgoing bandwidth: Leave blank
Allow Compression: Refuse any non-stub compression (Most Secure)
Topology: Subnet – One IP address per client in a common subnet
Type-of-Service: Uncheck this box
Don’t pull routes: Uncheck this box
Don’t add/remove routes: Check this box
10. In the “Advanced Configuration” section, input the following:
Custom Options: Copy and paste the data below
UDP FAST I/O: Uncheck this box
Exit Notify: Disabled
Send/Receive Buffer: Default
Gateway creation: IPv4 only
Verbosity level: 3 (recommended)
11. Now go to Interfaces > Interface Assignments. Click on the green “+Add” button to add the NordVPN interface.
12. Select the “OPT1” on the left of your assigned interface input the following in their respective fields:
Enable: Check this box
Mac Address: Leave blank
MTU: Leave blank
MSS: Leave blank
13. Leave everything else and select “Save.”
14. Go to Services -> DNS Resolver -> General Settings and input the following in their respective fields and select “Save”:
Enable: Check this box
Listen port: Ignore this field
Enable SSL/TLS Service: Uncheck this box
SSL/TLS Certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use). It is important to note that the numbers on your machine might not be the same
SSL/TLS Listen Port: Ignore this field
Network Interfaces: All
Outgoing Network Interfaces: NordVPN
System Domains Local Zone Type: Transparent
DNSSEC: Uncheck this box
Python Module: Uncheck this box
DNS Query Forwarding: Enable forwarding mode – Check this box; Use SSL/TLS for outgoing DNS Queries to Forwarding Servers – Uncheck this box
DHCP Registration: Check this box
Static DHCP: Check this box
OpenVPN Clients: Uncheck this box
15. At the top of “General DNS Resolver Options,” click “Advanced Settings” and input the following in their respective fields and click “Save”:
ADVANCED PRIVACY OPTIONS:
Hide Identity: Check this box
Hide Version: Check this box
Openvpn Pfsense Guide
Query Name Minimization: Uncheck this box
Strict Query Name Minimization: Uncheck this box
ADVANCED RESOLVER OPTIONS:
Prefetch Support: Check this box
Prefetch DNS Key Support: Check this box
Harden DNSSEC Data: Uncheck this box
16. Go to Firewall > NAT > Outbound, click “Manual Outbound NAT rule generation,” and select “Save.”You will see six rules. Delete every IPv6 rule, add a new one with the following and click “Save”:
Address Family: IPv4
Source: Input your LAN subnet (something like 192.168.1.0/24)
Surfshark Pfsense V
Note the NAT rule you just created must be on top.
17. Go to Firewall > Rules > LAN and remove the IPv6 rule. Edit the IPv4 rule by clicking on “Display Advanced” and changing “Gateway” to “NordVPN.” Click “Save” after.
18. Head over to “System > General Setup.” Under “DNS Server Settings,” enter the following in their respective fields and click “Save”:
DNS Server 1: 184.108.40.206; none (under “Gateway”)
DNS Server 2: 220.127.116.11; NordVPN_VPNV4 – opt1 – … (under “Gateway”)
19. Now go to Status > OpenVPN and check to see if the connection is up and running. You can also look at your connection log file by navigating to Status > System Logs > OpenVPN.
You can confirm that your VPN connection is active by checking your connection’s IP address to see if it has changed.
Get NordVPN for pfSense
Why Should You Use NordVPN For pfSense?
1. Security and Privacy
NordVPN’s security structure consists of basic and advanced features. It uses the OpenVPN protocol, which is one of the most secure and reliable VPN protocols. Using 256-bit encryption is an effective way to discourage malicious entities from trying to access your data, and NordVPN uses it to protect your network connection. There is also a perfect forward secrecy feature that makes it even more difficult to penetrate your network.
Other important security features include an automatic Kill Switch, Split Tunneling, DNS/IP leak protection, Onion over VPN, DoubleVPN, and CyberSec (an adblocker). Privacy is also its strong point as it keeps no logs, has a cryptocurrency payment method, and has its headquarters in privacy-friendly Panama. Overall, NordVPN provides adequate protection when it comes to privacy and security.
2. Bypass Geo-Restrictions
NordVPN’s impressive server network is the reason why its users can confidently access several streaming platforms without facing any barriers online. It can unblock almost every mainstream streaming service, including Netflix, BBC iPlayer, ESPN, Amazon Prime Video, and Hulu.
3. Reliable Customer Support
Nobody wants to be stuck on a problem and have no one around to help. This is why NordVPN invests in delivering the best support to its users. If you have any issues setting it up on pfSense, you can access a 24/7 live chat system, a ticketing system, FAQs, and a support center with instructional guides.
Setting up NordVPN on pfSense is not an easy process, but if you follow the instructions in this guide accurately, you should have no issues with it. In terms of security, privacy, unblocking streaming platforms, and reliable support, you stand to gain a lot using NordVPN on pfSense.