The following guide outlines the steps necessary to install & configure Anonine using OpenVPN on your pfSense firewall:
1. In order to setup pfSense 2.4.4 with OpenVPN please access your pfSense via browser. Then navigate to System -> Cert. Manager -> CAs. And select +Add.
You should see this screen:
2. Add next content to the certificate data:
Descriptive name: anonine_ca.crt
Method: Import from existing Certificate Authority
Certificate data:input content below
-----BEGIN CERTIFICATE-----
MIIGjDCCBHSgAwIBAgIJAP937Zk6DhjCMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJTQzERMA8GA1UEBxMIVmljdG9yaWExEDAOBgNVBAoTB0Fub25pbmUxCzAJ
BgNVBAsTAklUMRMwEQYDVQQDEwpBbm9uaW5lIENBMRAwDgYDVQQpEwdFYXN5UlNB
MSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGFub25pbmUuY29tMB4XDTE4MTAxMjE0
NTI1OVoXDTI4MTAwOTE0NTI1OVowgYoxCzAJBgNVBAYTAlNDMREwDwYDVQQHEwhW
aWN0b3JpYTEQMA4GA1UEChMHQW5vbmluZTELMAkGA1UECxMCSVQxEzARBgNVBAMT
CkFub25pbmUgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExIjAgBgkqhkiG9w0BCQEWE3N1
cHBvcnRAYW5vbmluZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDHsx3vZs8q/clE7DmgQQwp1dmSWsMEOTXnHAlM36Ay4HmeYFy4mtTjsZNWBZLC
jeqvUeHfQOXqXs+aYW/+Jm3s6hk5tQEOE0ykSNeILP7SMUQXvZrsnPV3dXpxDiz6
g3wT87K1glkHr5uASGQFn2WgbcQb/vopHQnq0TG8yWG5/icoW4DiDVdgIZNjr0G6
nMnlv3gy8AVHsGCvq/iJZzRvNcUsI0zY/DHSOPoc4VtQ8hBctFahuxNQhiJ4ywN6
EzD9OLE+yIN4IQ4e8XXcYjYk6u+nWm+NOXkya+0emnaT5kgkg/HTA2KWBAVXio+s
j4+zIKszcZLjlnFQSsrVRFh23cdNijMnbsFsNeGYoVo744u0+ZV53jBm3EZFNWxW
1jv0A0yw4Ma0GVLXdesVu/EcoE/GKYue6dkmGnnIIcUURYiF40n1QJdVyIlNHZd7
LpcWEVDAVckqDOsWEjA1m6SjvBKjDGqvogDW6YKnUBu4D8GwNEfpsz2Ku5qhWVS+
BxXLlKA5AOuahY+YUgFQdy6DQzo7nX9E9zdNsVSr++5v9orF1wvAjigmc4U2wvI5
ThMVcNZe7HpbBdZAI0Pj233pABuGcPVUziQ9oBmCALFari+4bL/OdcZ6bx/Zi00Y
67+KgQQd7pVA4O0iTyNbExKpbSenJhlN4kXoaqPOIhjhmQIDAQABo4HyMIHvMB0G
A1UdDgQWBBTL3UeYgLIRe1SB7dlKLEelMR6QxjCBvwYDVR0jBIG3MIG0gBTL3UeY
gLIRe1SB7dlKLEelMR6QxqGBkKSBjTCBijELMAkGA1UEBhMCU0MxETAPBgNVBAcT
CFZpY3RvcmlhMRAwDgYDVQQKEwdBbm9uaW5lMQswCQYDVQQLEwJJVDETMBEGA1UE
AxMKQW5vbmluZSBDQTEQMA4GA1UEKRMHRWFzeVJTQTEiMCAGCSqGSIb3DQEJARYT
c3VwcG9ydEBhbm9uaW5lLmNvbYIJAP937Zk6DhjCMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggIBACWH2ylEx2WAerC9+Ck+7LA+R/EjxSXCqirRatUUEbql
VZxkJRIs59D5BvPQwSW/IF4C9ewf6s+tHPnVtaGjiJQkoTZhW8BU22HQ9B/kVTBv
DBEdrYDZHNFs0jzHol5If6kLvMZIA0kmnb879EFHM9ZKcXT4YIPGKASPTn8zdr/+
8kfm20k2mBw7IwTcFW/cM44FdlpG8ccdbaOrEdGkUK1JyYQve6UJ+HcZ5D/Rx7gX
Vgiy6RHxs3OaRrrY9N8P5fseMJDDDIhduQ4mIZRFTA3CeNIyGL/MbPdY2lcUwAW5
ete8HFLP3HhDYSZfZ6sqxSpoHSnTqeIcvbbTiZ1e5rsCmnWM66Kvu5vRxcCt4uzj
9DBvLWyGTdSoGl+V04MbJdt9rtYqdmmiAd6yYkOujfhxpKurnenLAoWmTsag/MhA
SmE6jufGtYYrsu/NviqhEKEXQ7jswGKiBHzNBO0CDtprwW91t2/lS8zZfvAmN1O5
Y60KxSX2x4UyHGRF4wV8Fu7/LhfIr6qt3sZVUFVqox/YemUGlPF8L64tvfPLBd+L
Z98zwRLTc2i1i4k6iN31XImQyc7svfYPxQs7WZsNBJ+YrPecJwQbB/uT7/aP5x02
sl5fbodR20i2UTmxUw+x2bc8qOHD6KXnMih+x+trLL/ZYMtMCpd+MteTQX+eWCeI
-----END CERTIFICATE-----Certificate Private Key: leave blank
Serial for next certificate: leave blank
Press Save
3. Then navigate to VPN -> OpenVPN -> Clients and press +Add
Fill in the fields:
Disable this client: leave unchecked.
Server mode: Peer to Peer (SSL/TLS);
Protocol: UDP on IPv4 only (you can also use TCP);
Device mode: tun – Layer 3 Tunnel Mode;
Interface: WAN;
Local port: leave blank;
Server host or address: you can use any server name from here ;
Server port: 1194 ;
Proxy host or address: leave blank;
Proxy port: leave blank;
Proxy Authentication: None;
Description: Any name you like, you can leave it blank too.
USER AUTHENTICATION SETTINGS
Username: Your Anonine username
Password: Your Anonine password in both fields.
Authentication Retry: leave unchecked
CRYPTOGRAPHIC SETTINGS
TLS Configuration: Check
TLS Key:
-----BEGIN OpenVPN Static key V1----- 65b0d0369e349bb07a60e2ed24b6bc87 24b009561713bb5c928e1c00edcf4615 06cd4b2011c7bcb26c5ffccad2de55a2 9bb63588253feafb356e2c7d05953269 160884f6cb408641a52a9d07c8829921 d880269b47f0f5c2cfc8a8f635304649 f00faa423c04401a692a5eebb9e9a5a4 05c0ff20977caee36d33bc2273a81377 f82df62cf721a54fa8815286184cf41b dd683ee52f6ab597291f1a0db9dafcf2 df4b0d72263b44d6fe5525dea3ed5fbb f961358796438317c60818b309cf0382 ae2a2e4a852bf84d7ee06e6bffa17f65 2eb6319aa447acc601a61174c4cc2402 973fb75a98ce14361bc052493ec127b0 9007cb7caeb9d14a3ef8312748167490 -----END OpenVPN Static key V1-----
TLS Key Usage Mode: TLS Authentication
Peer certificate authority: anonine_ca.crt;
Peer Certificate Revocation list: do not define.
Client certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use) (please note that the numbers on your machine could be different);
Encryption Algorithm: AES-256-GCM
Enable NCP: Check.
NCP Algorithms: AES-256-GCM and AES-256-CBC.
Auth digest algorithm: SHA384 (384bit)
Hardware Crypto: No hardware crypto acceleration.
TUNNEL SETTINGS
IPv4 tunnel network: leave blank;
IPv6 tunnel network: leave blank;
IPv4 remote network(s): leave blank;
IPv6 remote network(s): leave blank;
Limit outgoing bandwidth: leave blank;
Compression: Omit Preference (Use OpenVPN Default)
Topology: Subnet – One IP address per client in a common subnet
Type-of-service: leave unchecked;
Don’t pull routes: uncheck;
Don’t add/remove routes: leave unchecked.
ADVANCED CONFIGURATION
Custom Options
tls-client; persist-key; persist-tun; remote-cert-tls server;
UDP FAST I/O: leave unchecked.
Send/Receive Buffer: Default
Gateway creation: IPv4 only
Verbosity level: 3 (recommended);
Press Save
4. Navigate to Interfaces -> Interface Assignments and Add anonine_vpn interface.
5. Press on the OPT1 to the left of your assigned interface and fill in the following information:
Enable: check
Description: anonine_vpn
Mac Address: leave blank
MTU: leave blank
MSS: leave blank
Do not change anything else. Just scroll down to the bottom and press “Save”
6. Navigate to Services -> DNS Resolver -> General Settings
Enable: uncheck
Click Save
7. Navigate to Services -> DNS forwarder
Enable: check
Click Save
8. Navigate to Firewall -> NAT -> Outbound and select Manual Outbound NAT rule generation. Press Save. Then four rules will appear. Leave all rules untouched and add a new one.
Select ANONINE_VPN as an Interface.
Source: your LAN subnet.
Click Save. At the end it should look like this:
9. Navigate to Firewall -> Rules -> LAN and delete the IPv6 rule. Also, edit the IPv4 rule.
Press on Show Advanced Options;
Change Gateway to ANONINE_VPN;
Click Save.
At the end it should look like this:
10. Go to System -> General Setup and fill in:
DNS Server 1: 10.10.62.1 ; ANONINE_VPN_VPNV4-opt1
DNS Server 2: 80.67.14.78 ; ANONINE_VPN_VPNV4-opt1
DNS Server 2: 1.1.1.1 ; none
DNS Server Override: uncheck
Disable DNS Forwarder: check
Click Save
11. Now you can navigate to Status -> OpenVPN and it should state that the service is “up”
13. You can also check the connection log file under Status -> System Logs -> OpenVPN:
All of your online activities are now 100% secure and anonymous while connected to Anonine.
If you have any questions, or experience any issues while installing & setting up your pfSense firewall to connect to the Anonine VPN servers; please contact our Support Team anytime.