How to Set Up and Use NordVPN on pfSense (Updated 2023)
pfSense is an open-source software distribution that can turn a computer into a dedicated router/firewall. It usually operates on a virtual machine or a dedicated physical computer. It is FreeBSD-based, which means it belongs to the family Unix-like BSD distribution. Using a VPN on pfSense enhances its abilities to protect your devices. This article takes a deep dive into configuring NordVPN on pfSense.
Setting Up NordVPN on pfSense
pfSense has different versions, but the latest one is the 2.5.0 version. This new version has an in-built WireGuard VPN client. Unfortunately, NordVPN’s proprietary WireGuard-based protocol is not available for routers. So this setup involves using the OpenVPN protocol to connect to NordVPN’s servers. Let’s take a look at the step-by-step process you need to follow.
1. Open a browser window and log in to your pfSense account with your credentials. The default is usually “admin” for the username and “pfsense” for the password. Reach out to pfSense support or check your user manual if that doesn’t work.
2. Navigate to the certificate authority section through the following path: System > Certificate Manager > CAs. Once you’re in the CA section, click “+Add.”
3. You’re going to need the name of the server in the next steps. So head over to NordVPN’s OpenVPN configurations page and note the name of the server you intend to use or let NordVPN recommend a server for you.
4. Go back to your pfSense page and input the following in their respective fields:
Descriptive Name: NordVPN_CA (this is for this guide, you can use any name)
Trust Store: Uncheck this box
Randomize Serial: Uncheck this box
Certificate data: copy and paste the data below.
Click on “Save” to save the configuration.
5. Now go to VPN > OpenVPN > Clients and click on “+Add.”
6. Enter the following in their respective fields:
Disable this client: Uncheck this box.
Server mode: Peer to Peer (SSL/TLS)
Protocol: UDP on IPv4 only (you can also use TCP)
Device mode: tun – Layer 3 Tunnel Mode
Local port: Leave box unchecked
Server host or address: the hostname of the server you selected in step 3 above
Server port: 1194 (use 443 if you use TCP)
Proxy host or address: Leave box unchecked
Proxy port: Leave box unchecked
Proxy Authentication: none
Description: Input any descriptive name of your choice.
7. In the “User Authentication Settings” section, input the following:
Username: Your NordVPN service username
Password: Your NordVPN service password in both fields
Authentication Retry: leave box unchecked
If you don’t know your NordVPN service credentials, you can find them in your NordAccount dashboard under “Advanced configuration.”
8. In the “Cryptographic Settings” section, input the following:
TLS Configuration: Use a TLS Key – Check this box; Automatically generate a TLS key – Uncheck this box
TLS Key: Copy and paste the data below
—–BEGIN OpenVPN Static key V1—–
—–END OpenVPN Static key V1—–
TLS Key Usage Mode: TLS Authentication
TLS keydir direction: Use default direction
Peer certificate authority: NordVPN_CA (the CA in step 4 above)
Peer Certificate Revocation list: Do not define
Client certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use). It is important to note that the numbers on your machine might not be the same.
Data Encryption Negotiation: Check this box
Data Encryption Algorithms: AES-256-GCM and AES-256-CBC
Fallback Data Encryption Algorithm: AES-256-CBC
Auth digest algorithm: SHA512 (512-bit)
Hardware Crypto: No Hardware Crypto Acceleration
9. In the “Tunnel Settings” section, input the following:
IPv4 tunnel network: Leave blank
IPv6 tunnel network: Leave blank
IPv4 remote network(s): Leave blank
IPv6 remote network(s): Leave blank
Limit outgoing bandwidth: Leave blank
Allow Compression: Refuse any non-stub compression (Most Secure)
Topology: Subnet – One IP address per client in a common subnet
Type-of-Service: Uncheck this box
Don’t pull routes: Uncheck this box
Don’t add/remove routes: Check this box
10. In the “Advanced Configuration” section, input the following:
Custom Options: Copy and paste the data below
UDP FAST I/O: Uncheck this box
Exit Notify: Disabled
Send/Receive Buffer: Default
Gateway creation: IPv4 only
Verbosity level: 3 (recommended)
11. Now go to Interfaces > Interface Assignments. Click on the green “+Add” button to add the NordVPN interface.
12. Select the “OPT1” on the left of your assigned interface input the following in their respective fields:
Enable: Check this box
Mac Address: Leave blank
MTU: Leave blank
MSS: Leave blank
13. Leave everything else and select “Save.”
14. Go to Services -> DNS Resolver -> General Settings and input the following in their respective fields and select “Save”:
Enable: Check this box
Listen port: Ignore this field
Enable SSL/TLS Service: Uncheck this box
SSL/TLS Certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use). It is important to note that the numbers on your machine might not be the same
SSL/TLS Listen Port: Ignore this field
Network Interfaces: All
Outgoing Network Interfaces: NordVPN
System Domains Local Zone Type: Transparent
DNSSEC: Uncheck this box
Python Module: Uncheck this box
DNS Query Forwarding: Enable forwarding mode – Check this box; Use SSL/TLS for outgoing DNS Queries to Forwarding Servers – Uncheck this box
DHCP Registration: Check this box
Static DHCP: Check this box
OpenVPN Clients: Uncheck this box
15. At the top of “General DNS Resolver Options,” click “Advanced Settings” and input the following in their respective fields and click “Save”:
ADVANCED PRIVACY OPTIONS:
Hide Identity: Check this box
Hide Version: Check this box
Query Name Minimization: Uncheck this box
Strict Query Name Minimization: Uncheck this box
ADVANCED RESOLVER OPTIONS:
Prefetch Support: Check this box
Prefetch DNS Key Support: Check this box
Harden DNSSEC Data: Uncheck this box
16. Go to Firewall > NAT > Outbound, click “Manual Outbound NAT rule generation,” and select “Save.” You will see six rules. Delete every IPv6 rule, add a new one with the following and click “Save”:
Address Family: IPv4
Source: Input your LAN subnet (something like 192.168.1.0/24)
Note the NAT rule you just created must be on top.
17. Go to Firewall > Rules > LAN and remove the IPv6 rule. Edit the IPv4 rule by clicking on “Display Advanced” and changing “Gateway” to “NordVPN.” Click “Save” after.
18. Head over to “System > General Setup.” Under “DNS Server Settings,” enter the following in their respective fields and click “Save”:
DNS Server 1: 22.214.171.124; none (under “Gateway”)
DNS Server 2: 126.96.36.199; NordVPN_VPNV4 – opt1 – … (under “Gateway”)
19. Now go to Status > OpenVPN and check to see if the connection is up and running. You can also look at your connection log file by navigating to Status > System Logs > OpenVPN.
You can confirm that your VPN connection is active by checking your connection’s IP address to see if it has changed.
Get NordVPN for pfSense
Why Should You Use NordVPN For pfSense?
1. Security and Privacy
NordVPN’s security structure consists of basic and advanced features. It uses the OpenVPN protocol, which is one of the most secure and reliable VPN protocols. Using 256-bit encryption is an effective way to discourage malicious entities from trying to access your data, and NordVPN uses it to protect your network connection. There is also a perfect forward secrecy feature that makes it even more difficult to penetrate your network.
Other important security features include an automatic Kill Switch, Split Tunneling, DNS/IP leak protection, Onion over VPN, DoubleVPN, and CyberSec (an adblocker). Privacy is also its strong point as it keeps no logs, has a cryptocurrency payment method, and has its headquarters in privacy-friendly Panama. Overall, NordVPN provides adequate protection when it comes to privacy and security.
2. Bypass Geo-Restrictions
NordVPN’s impressive server network is the reason why its users can confidently access several streaming platforms without facing any barriers online. It can unblock almost every mainstream streaming service, including Netflix, BBC iPlayer, ESPN, Amazon Prime Video, and Hulu.
3. Reliable Customer Support
Nobody wants to be stuck on a problem and have no one around to help. This is why NordVPN invests in delivering the best support to its users. If you have any issues setting it up on pfSense, you can access a 24/7 live chat system, a ticketing system, FAQs, and a support center with instructional guides.
Frequently Asked Questions on Setting up and Using NordVPN on Pfsense
Will using NordVPN on Pfsense make me completely anonymous online?
No, there is nothing that can make you completely anonymous online, except you isolate your computer and not connect to the internet. While you cannot achieve a hundred percent anonymity, NordVPN has privacy features that can give you a high level of anonymity, such as Double VPN, Tor over VPN, and a watertight zero-log policy. In addition, its headquarters is in Panama, a privacy-friendly territory. So, using NordVPN on Pfsense will not make you completely anonymous, but it will do a good job of reducing your digital footprint online and making it harder for bad actors to track you.
Can I use a free VPN instead of NordVPN on Pfsense?
Yes, you can use a free VPN instead of NordVPN on Pfsense, but we recommend you stick with NordVPN. With free VPNs, you run the risk of malware infection as some of them have been discovered on Google PlayStore to spread malware. In addition, you will discover there are not many VPNs that can work on Pfsense because of its complex configuration process. Furthermore, almost all free VPN services have limitations on speed, bandwidth, server network, etc. Using NordVPN on Pfsense is way better than using the best free VPN service.
Will using NordVPN on Pfsense protect me against malware?
It depends on the sophistication of malware. NordVPN can never be an alternative to an anti-malware application. The best NordVPN can do is protect you from basic network threats that look to infiltrate your network or ads that contain malware. Its CyberSec feature blocks unwanted ads and known malicious sites. It cannot prevent advanced malware with sophisticated techniques. It is better to get a standalone anti-malware software than depend on NordVPN for protection.
Is it illegal to use NordVPN on Pfsense?
It is certainly not illegal to use NordVPN on Pfsense or any other device. NordVPN is an application meant to keep your internet connection secure, and many countries have no issues with it. However, there are a few countries that work relentlessly against VPNs. You might have to be careful in such countries.
Setting up NordVPN on pfSense is not an easy process, but if you follow the instructions in this guide accurately, you should have no issues with it. In terms of security, privacy, unblocking streaming platforms, and reliable support, you stand to gain a lot using NordVPN on pfSense.