Disclaimer: We may earn affiliate commissions if you decide to purchase through our link. Learn more.

How can I Set up and Use NordVPN on pfSense

nordvpn-on-pfsense

To set up NordVPN on pfSense routers, you’ll need to use the OpenVPN protocol. Follow our step-by-step guide to set up NordVPN with OpenVPN on pfSense.

While pfSense is one of the best routers, NordVPN is the ultimate privacy stalwart available for users. Using both these services together can provide you with maximum security either at work or home.

NordVPN is one of the best VPNs the world can offer. You can check out all of its features in our NordVPN Review.

Why should I choose NordVPN?

Well, NordVPN offers multiple features when it comes to providing complete privacy. NordVPN offers 256-bit encryption to all its users along with 5500+ servers.

One of the advantages of this VPN is that NordVPN offers P2P torrenting to users with its super-fast downloading speed.

NordVPN-torrenting-speed

According to our NordVPN speed tests, it offers an average speed of 96.92 Mbps on a 100 Mbps connection while downloading. How cool is that?

NordVPN also allows users to unblock geo-restricted content globally. I mean, if you’ve been wanting to stream Disney Plus but couldn’t do it due to its unavailability in your region, then NordVPN with Disney Plus is the perfect way to stream it now. Similarly, you can access any geo-restricted library of Netflix with NordVPN without any hassle.

NordVPN-app-servers

NordVPN offers a free trial for users that desire to purchase a VPN service. If you want to jump straight to the purchasing part, then you can opt for any of its subscription plans. Sadly, NordVPN does not offer a lifetime plan anymore.

NordVPN-offers-a-30-day-trial

You can go through NordVPN’s subscription canceling process if you feel disconnected from this VPN.

How to set up NordVPN on pfSense:

To install NordVPN on your pfSense router, you need to follow these steps below:

1. Open your browser to sign in to your pfSense account.

2. Go to System, then Certificate Manager, and select CAs.

3. Enter the following information after connecting to any of the servers suggested by NordVPN by clicking +Add:

  • Descriptive Name: Enter the name of your preferred server. The server hostname will be present under the server title.
  • Method: You need to import an existing Certificate Authority.
  • Certificate data: For this, you need to copy and paste the following, then click Save.

—–BEGIN CERTIFICATE—–

MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ

MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2

MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV

BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI

hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF

kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr

XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU

eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV

skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu

MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA

37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR

hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s

Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy

WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6

MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST

LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG

SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g

nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/

k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S

DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/

pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo

k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp

+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd

NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa

wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC

VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S

PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==

—–END CERTIFICATE—–

4. Go to VPN. Select OpenVPN and press Clients.

5. Enter the following details after selecting the +Add bar:

    Disable this client: Remove the check

    Server mode: Peer to Peer (SSL/TLS)

    Protocol: UDP on IPv4 only. TCP can also be used.

    Mode of device: tun – Layer 3 Tunnel Mode

    Interface: WAN

    Local port: please leave it empty.

    Server host/ address: Input your server’s address available in the 3rd step.

    Server port: 1194. Use 443 while using TCP.

    Proxy host/address: leave it empty.

    Proxy port: leave it empty.

    Proxy Authentication:

    Description: You can enter any name you like.

6. Under User Authentication Settings, enter:

    Username: Your username of NordVPN.

    Password: Your password in both fields of NordVPN.

   Authentication Retry: Don’t check the box.

7. Under Cryptographic Settings, enter:

    TLS Configuration: Check ‘.’

    TLS Key: Copy and paste the following commands

            —–BEGIN OpenVPN Static key V1—–

         e685bdaf659a25a200e2b9e39e51ff03

         0fc72cf1ce07232bd8b2be5e6c670143

        f51e937e670eee09d4f2ea5a6e4e6996

       5db852c275351b86fc4ca892d78ae002

       d6f70d029bd79c4d1c26cf14e9588033

       cf639f8a74809f29f72b9d58f9b8f5fe

       fc7938eade40e9fed6cb92184abb2cc1

      0eb1a296df243b251df0643d53724cdb

      5a92a1d6cb817804c4a9319b57d53be5

     80815bcfcb2df55018cc83fc43bc7ff8

     2d51f9b88364776ee9d12fc85cc7ea5b

     9741c4f598c485316db066d52db4540e

     212e1518a9bd4828219e24b20d88f598

    a196c9de96012090e333519ae18d3509

    9427e7b372d348d352dc4c85e18cd4b9

    3f8a56ddb2e64eb67adfc9b337157ff4

     —–END OpenVPN Static key V1—–

  TLS Key Usage Mode: TLS Authentication.

  Peer certificate authority: Enter your preferred descriptive name in Step 3.

  Peer Certificate Revocation list: You don’t need to define it.

  Client certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use). The numbers on your system may differ.

  Encryption Algorithm: AES-256-GCM

  Enable NCP: Check ‘.’

  NCP Algorithms: AES-256-GCM and AES-256-CBC.

  Auth digest algorithm: SHA512 (512-bit)

  Hardware Crypto: No hardware crypto acceleration.

8. Under Tunnel settings, enter:

    IPv4 tunnel network: leave it empty.

    IPv6 tunnel network: leave it empty.

    IPv4 remote network(s): leave it empty.

    IPv6 remote network(s): leave it empty.

    Limit outgoing bandwidth: leave it empty.

    Compression: No LZO Compression [Legacy style,comp-lzo no]

    Topology: Subnet – Should be one IP address per client in a common subnet.

    Type-of-service: Don’t check ‘.’

    Don’t pull routes: Don’t check ‘.’

    Don’t add/remove routes: Check ‘.’

9. Under Advanced Configuration, enter: Custom Options: Copy and paste the following commands:

      tls-client;

     remote-random;

     tun-mtu 1500;

     tun-mtu-extra 32;

     mssfix 1450;

     persist-key;

     persist-tun;

     reneg-sec 0;

     remote-cert-tls server;

    UDP FAST I/O: Don’t check “.”

    Send/Receive Buffer: Default

    Gateway creation: Check IPv4 only

    Verbosity level: 3 (recommended)

10. Click Add the NordVPN interface after selecting Interfaces and then Interfaces Assignments.

11. On the left of your assigned interfaces, choose OPT1.

12. Press Save after entering the details below:

      Enable: Check “.”

      Description: NordVPN

      Mac Address: leave empty

      MTU: leave empty.

13. Visit services, then click DNS Resolver. Go to General Settings after this. Click Save after entering the information below:

      Enable: Check ‘.’

      Listen port: You can skip this field.

      Enable SSL/TLS Service: Don’t check ‘.’

      SSL/TLS Certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use). The numbers on your system may differ.

      SSL/TLS Listen Port: You can skip this field.

      Network Interfaces: All

      Outgoing Network Interfaces: NordVPN

      System Domains Local Zone Type: Transparent

      DNSSEC: Don’t check ‘.’

      DNS Query Forwarding: Check ‘.’

      DHCP Registration: Check ‘.’

      Static DHCP: Check ‘.’

14. At the top of the DNS Resolver bar, choose Advanced Settings. You need to click Save after entering the following:

     Advanced Privacy Options

     Hide Identity: Check ‘.’

     Hide Version: Check ‘.’

     Advanced Resolver Options

     Prefetch Support: Check ‘.’

     Prefetch DNS Key Support: Check ‘.’

15. Visit the Firewall option. Then visit NAT > Outbound > Manual Outbound NAT rule generation. Click Save after this. You will find four rules in front of you. Leave them, and add a new one:

Select NordVPN as an Interface.

     Source: choose your LAN subnet.

Click Save.

16. Delete the IPv6 rule by going to Firewall, then Rules, and then LAN.

17. Select  Show Advanced Options to edit the IPv4 rule. Click Save after changing the NordVPN Gateway.

18. Visit System > General Set up. Then, fill in the following details:

      DNS Server 1: 103.86.96.100; none

      DNS Server 2: 103.86.99.100; NordVPN_VPNV4-…

19. Click Save once you’re done.

20. Visit Status, then OpenVPN. Select Status > System Logs > OpenVPN to check your connection log file if you want.

Is NordVPN not working with pfSense? Try these tips out:

If your NordVPN app doesn’t work properly, you can check out our NordVPN not working guide or follow the quick troubleshooting tips below:

1. Update your app:

An outdated VPN application may result in a VPN glitch. To avoid that, you need to keep your NordVPN app updated. Regular checks for updates may also result in a smooth VPN experience.

2. Firewall blocking:

Your firewall may block your VPN connection from running. You need to visit your firewall settings and add your VPN software to the list of exceptions. This will keep your firewall from blocking your VPN service from running.

3. Switch to another server:

Traffic overload on a server may result in dysconnectivity or a slow connection. Switch to an alternative server if that’s the case for a smoother experience.

Conclusion:

To have the perfect privacy combo on your devices, you need to set up NordVPN on your pfSense router. This step-by-step guide may seem slightly complicated, but it’s a one-time thing. Once you’re done setting up NordVPN on your pfSense router, you can enjoy a secure connection on all major devices. You can also find the details on the pfSense NordVPN setup here.

'Abdul Rehman

Abdul Rehman

Author
Posts by Abdul Rehman

Abdul Rehman's Biography :


A Cyber Security analyst who’s fed up with the eroding state of online privacy. I write about real privacy and social issues that plague our time.


Leave a Reply

Your email address will not be published. Required fields are marked *