OpenVPN Client Setup on OPNsense firewall

VPN / Server / Wizard

Type of Server : Local User Access

Certificate Authority:
– Create a new one

Descriptive name: Whatever name
Key length: 4096 bit
Lifetime: 3650
fill out the rest of the fields to match your location

– Add new Certificate
Descriptive name: Whatever name
use the same stuff as above

– Create new certificate…

General OpenVPN Server Info

Interface: WAN
Protocol: UDP
Local Port: 1194
Description: whatever

DH Parameters Length: 4096 bit
Encryption Algorithm: AES-256-CBC (256 bit key, 128 bit block)
Auth Digest Algorithm: SHA512 (512-bit)
IPv4 Tunnel Network: 10.8.0.0/24 (this is a made up network that VPN clients will use)
IPv4 Local Network: 192.168.1.0/24 (or whatever your network is)
DNS Server 1: 8.8.8.8 (or use a local DNS server for AD, or your whatever you want)
DNS Server 2: 8.8.4.4

– Next

Check both boxes to create rules, we can mess with them later if needed.

– Next

– Finish

Next, we need to create some users

System / Access / Users

Fill out the Username, Password, and check the “Certificate” check box

– Save

Method: Create an internal Certificate
Certificate authority: Name you created above for the VPN
Type: Client Certificate
Key length: 4096
Digets Algorithm: SHA512
Lifetime: 3650

– Save

– Save again (on user setup page)

Finally..

VPN / OpenVPN / Client Export

Export Type: File Only
Hostname: change to name if you need to
At the bottom, click on the cloud download icon to download the .ovpn file. Using the OpenVPN connect client, import the config file.