Creating a pfSense Connection to VPNBook

This article is part of a series.

VPNBook is a free VPN provider. It is a little bit of a hassle to use because they are constantly changing the hosts and passwords. It is used here for demonstration purposes because it generally works and is free.

Navigate to https://www.vpnbook.com/freevpn and make a note of the username and password. Also download an OpenVPN configuration file for the proper server to use and save it for reference in the following steps. This text uses the Euro2 OpenVPN Certificate Bundle. When unzipped it presented the following files:

vpnbook-euro2-tcp443.ovpn
vpnbook-euro2-tcp80.ovpn
vpnbook-euro2-udp25000.ovpn
vpnbook-euro2-udp53.ovpn

Notice the port protocols and numbers. A determiniation should me made which port and protocol necessary to connect to the provider. For instance, if the client is behind a firewall that proxies http (tcp port 80) but doesn't proxy https (tcp port 443) it might be necessary to use tcp443. If both of those ports are somehow interfered with an option would be to use udp 53 which is the standard port for DNS queries. This example will use udp port 25000.

Open vpnbook-euro2-udp25000.ovpn in a text editor. It contains some configuration settings and cryptographic certificates and keys.

The first task is to create the VPNBook certificate authority (CA). The certificate for the CA is the one between the <ca></ca> tags in the configuration file.

In pfSense, navigate to System > Cert manager, CAs tab and click pfSense icon plus to create a new CA.

Descriptive Name: VPNBook CA
Method: Import an existing Certificate Authority

Copy everything between the <ca></ca> tags in the configuration file and paste it in the Certificate data field. Nothing is needed in the Certificate Private Key or Serial for next certificate fields. Press Save. A new certificate authority will be listed looking something like this:

 VPNBook CA Screenshot

Now a user certificate must be installed that will be used to log in to VPNBook. The certificate is enclosed in the <cert></cert> tags and the corresponding private key is enclosed in the <key></key> tags.

In pfSense, navigate to System > Cert Manager, Certificates tab. Add a new certificate pfSense icon plus

Method: Import an existing Certificate
Descriptive name: VPNBook Euro2 Client

Copy everything between the <cert></cert> tags to the clipboard and paste it into the Certificate data field. Then copy everything between the <key></key> tags and paste it into the Private key data field. Click Save. A new certificate will now be listed:

VPNBook Client Certificate Screenshot

Note that the Issuer is the Certificate Authority imported in the previous step. This is exactly what is necessary.

Open an OpenVPN client configuration dialog on your pfSense firewall by navigating to VPN > OpenVPN, Client tab.

Add a new client pfSense icon plus

General Information

Server Mode: Peer to Peer ( SSL/TLS )
Protocol: UDP
Device Mode: tun
Interface: WAN
Server host or address: euro214.vpnbook.com
Server port: 25000
Server host name resolution: Check Infinitely resolve server
Description: VPNBook Euro2 UDP

User Authentication Settings

Username: vpnbook
Password: JE5Raphu

Cryptographic Settings

TLS Authentication: Uncheck Enable authentication of TLS Packets
Peer Certificate Authority: VPNBook CA
Client Certificate: VPNBook Euro2 Client (CA: VPNBook CA)
Encryption Algorithm: AES-128-CBC (128-bit)
Auth Digest Algorithm: SHA1 (160-bit)

Tunnel Settings

Don't pull routes: Checked

Save the configuration and navigate to Status > OpenVPN. The connection status will be displayed:

 VPNBook Connection Status Screenshot