It’s easy to see why pfSense is a popular open source firewall and router solution. It’s suitable for home, business, and enterprise users, and enables you to build a completely customized secure router. Advantages include frequent updates, an easy-to-use interface, and backup configuration files. Plus, the platform is scalable and versatile; you can create multiple subnets and there are lots of add-ons available for further customization. Although pfSense provides a security solution in itself, knowing how to set up a VPN in conjunction with the platform is a good idea.
A VPN (Virtual Private Network) encrypts all of the traffic flowing to and from any devices connected to it, rendering your information unreadable to anyone who may be monitoring. This includes your internet service provider, government agencies, and hackers. A VPN also redirects traffic through a secondary server in a location of your choice. This can help you evade censorship and access sites that wouldn’t normally be open to users in your real location.
We’ll walk you through how to setup a VPN with pfSense but first here’s a quick roundup of the best VPNs to use. We’ll cover each in more detail later in the article.
Best pfSense VPNs:
- ExpressVPN: Our top recommendation for pfSense. This fast, secure VPN comes with an easy-to-follow guide for pfSense setup. It’s a risk-free option with a 30-day money-back guarantee.
- NordVPN: A great pick for users on a budget, NordVPN has a ton of servers to choose from and comes with security extras such as double-hop VPN.
- PureVPN: This VPN is fast and secure and has a great selection of server locations.
- HideMyAss: A huge network and strong security features make this a worthy contender.
While pfSense is ideal for use with VPNs, not all VPNs will work with the platform. Below are the criteria we used to determine this list of the best pfSense VPN:
- Provides pfSense VPN setup tutorials
- Has a selection of strong security features
- Doesn’t keep logs of user activity
- Provides fast, reliable connections
- Offers prompt and knowledgeable customer support
How to set up a pfSense VPN
The exact pfSense VPN setup will vary slightly depending on which provider you choose to go with. You can find links for tutorials for our recommended providers below, but here are the general steps for how to set up a VPN with pfSense. (Note that this installation process assumes you have already installed your pfSense software and configured it for basic routing.)
How to set up a VPN with pfSense:
- Select a VPN provider from the list above and subscribe. We recommend ExpressVPN.
- Log in to your VPN provider’s website and download the VPN configuration files for your desired server location.
- Log in to your pfSense dashboard and go to System > Cert. Manager.
- Under CAs, select Add to add a new certificate authority (CA).
- Name the CA (for example, the name of your VPN provider) and select Import an existing Certificate Authority from the Method dropdown.
- For the Certificate data field, copy the <ca> section from your configuration files. Note that this and other sections of the configuration files may be labeled differently depending on your VPN.
- Click Save.
- Go to the Certificates tab and hit Add to add a new certificate.
- Name the certificate and select Import an existing Certificate from the Method dropdown.
- For the Certificate data field, copy the <cert> section from your configuration files.
- For the Private key data field, copy the <key> section from your configuration files.
- Click Save.
- Now that you have your certificate installed, you need to add your VPN client. Go to VPN > OpenVPN > Clients, and select Add.
- The following information needs to be added and can be found for your chosen VPN in the setup guides below:
- General Information
- User Authentication Settings
- Cryptographic Settings
- Tunnel Settings
- Advanced Configuration (where applicable)
- Once you have entered and saved these settings, you’ll want to confirm that you’ve successfully connected OpenVPN. Go to Status > OpenVPN. In the Client Instance Statistics section, under Status, the word up tells you that the connection was successful.
Individual VPN setup guides for pfSense:
- ExpressVPN: How to set up pfSense with ExpressVPN (OpenVPN)
- NordVPN: pfSense
- PureVPN: PureVPN’s OpenVPN Setup Guide for pfSense (2.4.2)
- HideMyAss: pfSense configuration for routing all traffic via VPN
Best VPNs for pfSense
Here’s our more detailed rundown of the best VPNs for pfSense:
Money-back guarantee: 30 DAYS
ExpressVPN is our top pick for a pfSense VPN. This VPN boasts excellent speeds and has a network of more than 3,000 servers in 94 countries. It provides a detailed and easy-to-follow setup guide for pfSense, and customer support is available via live chat at all times if you need any help. ExpressVPN is great at unblocking geo-restricted media, allows torrenting, and works in China.
This provider offers a highly-secure service with features including 256-bit encryption and perfect forward secrecy. Protection against DNS, IPv6, and WebRTC leaks further secures your data. ExpressVPN records some minimal metadata but nothing that ties activity to an individual user.
If you’re looking to set up the VPN on additional devices, apps are available for Linux, Windows, MacOS, iOS, and Android. Five connections are allowed at a time with your router connection counting as just one.
- Compatible with pfSense
- Extremely fast VPN
- Lots of location options
- Tight security
- 24/7 live chat support
- A bit more expensive than some rivals
BEST VPN FOR PFSENSE:ExpressVPN is our top choice for pfSense. It’s fast, secure, and reliable, and provides excellent customer support. A 30-day money-back guarantee makes it risk-free.
Read our full ExpressVPN review.
Money-back guarantee: 30 DAYS
NordVPN dwarfs many other VPNs when it comes to network size with over 5,600 servers to choose from in 60 countries. It’s tried and tested with pfSense and provides instructions for getting started. NordVPN comes with a low price tag but has a ton of security features, and is highly adept at bypassing geo-restrictions.
The security suite includes military-grade encryption with perfect forward secrecy, along with a kill switch and leak protection. Extras include servers optimized for specific tasks such as double VPN (routing traffic through two servers), VPN traffic obfuscation (good for countries like China), and P2P filesharing. NordVPN doesn’t keep any logs.
Native apps can be downloaded for Linux, MacOS, Windows, Android, and iOS, and you get a six-connection limit under each plan. Support is available 24/7.
- Works with pfSense and includes a setup guide
- Large server network
- Lots of security extras
- Keeps no logs
- Some connections are slow
BEST BUDGET PFSENSE VPN:NordVPN is an ideal budget choice It offers around-the-clock support for help with setup and provides a highly secure connection. A 30-day money-back guarantee is included.
See our in-depth review of NordVPN.
Money-back guarantee: 31 DAYS
PureVPN may have a bit of a checkered privacy past but it has worked hard on repairing its reputation and is now considered a privacy-focused VPN service. It helps users setup the VPN with pfSense by way of a detailed guide. This network has plenty of server options with over 2,000 servers in more than 140 countries, although some locations house virtual servers. PureVPN provides decent speeds and is suitable for streaming and torrenting.
There are no logs of personally identifiable information and the company has undergone an external audit to prove as much. User information is secured with 256-bit AES encryption, perfect forward secrecy and protected from leaks. A kill switch is built into all software versions.
PureVPN has apps for Windows, MacOS, Android, and iOS, and the VPN can be manually configured with Linux. It allows five simultaneous connections. For help with setup and troubleshooting, you can contact the support team at any time via a live-chat function.
- Lots of location options
- Fast speeds
- Doesn’t log user data
- Some connection issues in testing
FAST AND SECURE:PureVPN is speedy and secure, and is proving itself as a private VPN. A 31-day money-back guarantee is extended to all users.
Check out our full PureVPN review.
Money-back guarantee: 30 DAYS
HideMyAss! (HMA) has a lot going for it in terms of performance. It’s very fast and operates a broad network of over 1,000 servers spanning more than 190 countries. A pfSense setup guide is provided on the HMA website, although based on some forum responses, the company isn’t prepared to provide advanced setup support.
Built-in security features include 256-bit AES encryption, a kill switch (in all apps except Windows), perfect forward secrecy, and protection against some leaks. One thing that will be a turnoff for some users is HMA’s logging policy. The company maintains some pretty thorough connection metadata logs, including real user IP address, VPN server IP address, and timestamps. As such, it’s not the best option for more privacy-conscious users.
Up to five devices can be connected to the VPN at a given time under each plan. Native apps are available for Windows, MacOS, iOS, and Android, and you can manually configure HMA with Linux systems.
- Servers in more than 190 countries
- Very fast speeds
- Strong security features
- Keeps logs of IP addresses
- Limited support for pfSense setup
LOTS OF LOCATIONS:HideMyAss beats out others when it comes to sheer number of countries to choose from. Its speeds are fast and the VPN is configurable with pfSense. HMA offers a 30-day money-back guarantee.
Read our in-depth review of HMA.
Other VPNs that work with pfSense
Although these VPNs don’t provide pfSense tutorials on their websites, there are tutorials provided by users who’ve had success with setup:
- IPVanish: Guide – How to connect pfSense OpenVPN client to IPVanish
- VyprVPN: VyprVPN on pfSense (Working)
You may find that other VPNs work when you follow the same general steps.
What are the benefits of pfSense?
Alone, pfSense offers lots of benefits to users. This open-source security platform is scalable and versatile, enabling you to build a customized router. Some of its standout features include:
- The availability of add-ons such as cloud security options.
- Backup configuration files that enable you to keep a backup of your router, so you can restore your custom build should anything go wrong.
- An option to configure specific routing of traffic patterns (split tunneling)
- The ability to create subnets, for example, a guest and private network.
- An easy-to-use rules configuration interface that’s far less clunky than those for many other routers.
- Active updates to help mitigate the threat of hacking attempts.
Why use a VPN with pfSense?
So what can a VPN add to all of this? A VPN complements the pfSense software by making your data even more secure. Even though pfSense is updated regularly (most router software isn’t), routers are big targets for hackers, so the threat remains. A VPN encrypts all of the traffic going to and from the router. This means that even if a hacker manages to intercept your data, it will be unreadable. Many VPNs have additional built-in security functionality such as leak protection and an anti-malware feature. The nature of a VPN also helps protect against DDoS attacks.
A VPN can also help you bypass restrictions to access content that would otherwise be blocked. When you connect to a VPN server, your traffic is routed through that server before reaching your destination website. Since you can choose which country your VPN server is in, you can make it appear that you’re somewhere else. As a result, you can unblock geo-restricted streaming platforms and gaming sites, as well as access any content that is censored in your country.
Another bonus of encrypting traffic and routing it through a secondary server is that anyone monitoring your activity, such as your internet service provider or government agency, can no longer see where it’s going. This prevents them from tracking things like which sites you visit and what files you download.
Don’t want all of your traffic to go through the VPN? That’s not an issue, as pfSense’s split tunneling feature allows you to decide which devices connect via the VPN.
Can I use a free VPN with pfSense?
Probably not. Most free VPNs are limited in their capabilities and wouldn’t be well-suited for use with pfSense for a host of reasons. While free VPNs usually offer native apps for several operating systems, they likely won’t provide support for more complex setups such as routers.
Even if you do manage to configure the VPN with pfSense, there are more practical issues to overcome. These services typically run a small number of servers with lots of users trying to access them. This leads to long wait times and laggy connections, making for a frustrating experience.
Perhaps the worst part about free VPNs is their subpar security and privacy reputation. Many have been found to use weak encryption or none at all, and some even carry malware. Others monitor your online activity so they can sell your profile to third-party advertisers. None of this is good news when you’re trying to make your home or business network more secure.
Investing a few dollars per month in a reputable pfSense VPN is clearly the better option.