OpenVPN on pfSense

Setting up a VPN with OpenVPN on pfSense with a Mikrotik router, including certificate creation, user management and client connection from Windows and Kali Linux.

Network Topology

• Kali Linux → ether3 (172.26.0.x)
• Mikrotik Router → ether1 (WAN), ether2 (10.10.10.2/30), ether3 (172.26.0.1/24)
• pfSense → WAN 10.10.10.1/30, LAN 192.168.1.1/24
• Windows → 192.168.1.150

1. Mikrotik Router

ip dhcp-client add interface=ether1 disable=no
ip address add address=10.10.10.2/30 interface=ether2
ip address add address=172.26.0.1/24 interface=ether3
ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

2. Install OpenVPN Package on pfSense

# Browser: https://192.168.1.1
# System → Package Manager → Install: openvpn-client-export

3. Create CA and Server Certificate

# System → Certificate Manager → CAs → Add (internal CA)
# System → Certificate Manager → Certificates → Add (Server Certificate)

4. Configure OpenVPN Server

# VPN → OpenVPN → Wizards
# Type: Local User Access | Tunnel: 10.8.0.0/24
# Enable Redirect Gateway, Firewall Rule and OpenVPN Rule

5. Create Users and Connect

# System → User Manager → Add (username + password + certificate)
# Windows: download OpenVPN installer + user .ovpn → import → connect
# Kali: nmcli connection import type openvpn file cert.ovpn