Link Search Menu Expand Document

Site-to-Site VPN with OpenVPN

Here is how I configured two pfSense firewalls with site-to-site VPN.

Table of contents
  1. Getting started
    1. Prerequisites
    2. Internet
    3. Local (Server)
    4. Remote (Client)
    5. Tunnel network
  2. Local (Server) configuration
    1. Certificate Authority
    2. Certificates
    3. OpenVPN
    4. Interfaces Assignment
  3. Authors
  4. Acknowledgments

Getting started

Install the Suricata package by navigating to System > Package Manager > Available Packages.


  • pfSense 2.4.4-RELEASE-p3 (amd64)


  • Local (Server):
  • Remote (Client):

Local (Server)

  • Local (VLAN101):
  • Remote (VLAN100):

Remote (Client)

  • Local (VLAN100):
  • Remote (VLAN101):

Tunnel network

  • Tunnel network:

Local (Server) configuration

Certificate Authority

Go to System > Cert. Manager and create a Certifice Authority by clicking “+ Add”.

img Site-to-Site-VPN-with-OpenVPN_01_Create-CA.png

Save it and export it (Export CA).


Go to System > Cert. Manager and go to the Certificates tab. Create a new certificate

img Site-to-Site-VPN-with-OpenVPN_02_Add-Certificate.png

img Site-to-Site-VPN-with-OpenVPN_03_Certificate-Attributes.png

Save it and Export Certificate and Export Key.


Select VPN > OpenVPN and click + Add.

img Site-to-Site-VPN-with-OpenVPN_04_General-Information

img Site-to-Site-VPN-with-OpenVPN_05_Cryptographic-Settings.png

img Site-to-Site-VPN-with-OpenVPN_06_Cryptographic-Settings-02.png

img Site-to-Site-VPN-with-OpenVPN_07_Cryptographic-Settings-03.png

Interfaces Assignment

Add the OpenVPN connection to an interface.


Mr. Johnson