The following guide outlines the steps necessary to install & configure Anonine using OpenVPN on your pfSense firewall:

1. In order to setup pfSense 2.4.4 with OpenVPN please access your pfSense via browser. Then navigate to System -> Cert. Manager -> CAs. And select +Add.

You should see this screen:

2.  Add next content to the certificate data:



Descriptive name: anonine_ca.crt

Method: Import from existing Certificate Authority

Certificate data:input content below



-----BEGIN CERTIFICATE-----
MIIGjDCCBHSgAwIBAgIJAP937Zk6DhjCMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJTQzERMA8GA1UEBxMIVmljdG9yaWExEDAOBgNVBAoTB0Fub25pbmUxCzAJ
BgNVBAsTAklUMRMwEQYDVQQDEwpBbm9uaW5lIENBMRAwDgYDVQQpEwdFYXN5UlNB
MSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGFub25pbmUuY29tMB4XDTE4MTAxMjE0
NTI1OVoXDTI4MTAwOTE0NTI1OVowgYoxCzAJBgNVBAYTAlNDMREwDwYDVQQHEwhW
aWN0b3JpYTEQMA4GA1UEChMHQW5vbmluZTELMAkGA1UECxMCSVQxEzARBgNVBAMT
CkFub25pbmUgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExIjAgBgkqhkiG9w0BCQEWE3N1
cHBvcnRAYW5vbmluZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDHsx3vZs8q/clE7DmgQQwp1dmSWsMEOTXnHAlM36Ay4HmeYFy4mtTjsZNWBZLC
jeqvUeHfQOXqXs+aYW/+Jm3s6hk5tQEOE0ykSNeILP7SMUQXvZrsnPV3dXpxDiz6
g3wT87K1glkHr5uASGQFn2WgbcQb/vopHQnq0TG8yWG5/icoW4DiDVdgIZNjr0G6
nMnlv3gy8AVHsGCvq/iJZzRvNcUsI0zY/DHSOPoc4VtQ8hBctFahuxNQhiJ4ywN6
EzD9OLE+yIN4IQ4e8XXcYjYk6u+nWm+NOXkya+0emnaT5kgkg/HTA2KWBAVXio+s
j4+zIKszcZLjlnFQSsrVRFh23cdNijMnbsFsNeGYoVo744u0+ZV53jBm3EZFNWxW
1jv0A0yw4Ma0GVLXdesVu/EcoE/GKYue6dkmGnnIIcUURYiF40n1QJdVyIlNHZd7
LpcWEVDAVckqDOsWEjA1m6SjvBKjDGqvogDW6YKnUBu4D8GwNEfpsz2Ku5qhWVS+
BxXLlKA5AOuahY+YUgFQdy6DQzo7nX9E9zdNsVSr++5v9orF1wvAjigmc4U2wvI5
ThMVcNZe7HpbBdZAI0Pj233pABuGcPVUziQ9oBmCALFari+4bL/OdcZ6bx/Zi00Y
67+KgQQd7pVA4O0iTyNbExKpbSenJhlN4kXoaqPOIhjhmQIDAQABo4HyMIHvMB0G
A1UdDgQWBBTL3UeYgLIRe1SB7dlKLEelMR6QxjCBvwYDVR0jBIG3MIG0gBTL3UeY
gLIRe1SB7dlKLEelMR6QxqGBkKSBjTCBijELMAkGA1UEBhMCU0MxETAPBgNVBAcT
CFZpY3RvcmlhMRAwDgYDVQQKEwdBbm9uaW5lMQswCQYDVQQLEwJJVDETMBEGA1UE
AxMKQW5vbmluZSBDQTEQMA4GA1UEKRMHRWFzeVJTQTEiMCAGCSqGSIb3DQEJARYT
c3VwcG9ydEBhbm9uaW5lLmNvbYIJAP937Zk6DhjCMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggIBACWH2ylEx2WAerC9+Ck+7LA+R/EjxSXCqirRatUUEbql
VZxkJRIs59D5BvPQwSW/IF4C9ewf6s+tHPnVtaGjiJQkoTZhW8BU22HQ9B/kVTBv
DBEdrYDZHNFs0jzHol5If6kLvMZIA0kmnb879EFHM9ZKcXT4YIPGKASPTn8zdr/+
8kfm20k2mBw7IwTcFW/cM44FdlpG8ccdbaOrEdGkUK1JyYQve6UJ+HcZ5D/Rx7gX
Vgiy6RHxs3OaRrrY9N8P5fseMJDDDIhduQ4mIZRFTA3CeNIyGL/MbPdY2lcUwAW5
ete8HFLP3HhDYSZfZ6sqxSpoHSnTqeIcvbbTiZ1e5rsCmnWM66Kvu5vRxcCt4uzj
9DBvLWyGTdSoGl+V04MbJdt9rtYqdmmiAd6yYkOujfhxpKurnenLAoWmTsag/MhA
SmE6jufGtYYrsu/NviqhEKEXQ7jswGKiBHzNBO0CDtprwW91t2/lS8zZfvAmN1O5
Y60KxSX2x4UyHGRF4wV8Fu7/LhfIr6qt3sZVUFVqox/YemUGlPF8L64tvfPLBd+L
Z98zwRLTc2i1i4k6iN31XImQyc7svfYPxQs7WZsNBJ+YrPecJwQbB/uT7/aP5x02
sl5fbodR20i2UTmxUw+x2bc8qOHD6KXnMih+x+trLL/ZYMtMCpd+MteTQX+eWCeI
-----END CERTIFICATE-----


Certificate Private Key: leave blank

Serial for next certificate: leave blank


Press Save


3. Then navigate to VPN -> OpenVPN -> Clients and press +Add


Fill in the fields:

Disable this client: leave unchecked.
Server mode: Peer to Peer (SSL/TLS);
Protocol: UDP on IPv4 only (you can also use TCP);
Device mode: tun – Layer 3 Tunnel Mode;
Interface: WAN;
Local port: leave blank;
Server host or address: you can use any server name from
 here ;
Server port: 1194 ;
Proxy host or address: leave blank;
Proxy port: leave blank;
Proxy Authentication: None;
Description: Any name you like, you can leave it blank too.


USER AUTHENTICATION SETTINGS

Username: Your Anonine username
Password: Your Anonine password in both fields.
Authentication Retry: leave unchecked


CRYPTOGRAPHIC SETTINGS

TLS Configuration: Check
TLS Key:

-----BEGIN OpenVPN Static key V1-----
65b0d0369e349bb07a60e2ed24b6bc87
24b009561713bb5c928e1c00edcf4615
06cd4b2011c7bcb26c5ffccad2de55a2
9bb63588253feafb356e2c7d05953269
160884f6cb408641a52a9d07c8829921
d880269b47f0f5c2cfc8a8f635304649
f00faa423c04401a692a5eebb9e9a5a4
05c0ff20977caee36d33bc2273a81377
f82df62cf721a54fa8815286184cf41b
dd683ee52f6ab597291f1a0db9dafcf2
df4b0d72263b44d6fe5525dea3ed5fbb
f961358796438317c60818b309cf0382
ae2a2e4a852bf84d7ee06e6bffa17f65
2eb6319aa447acc601a61174c4cc2402
973fb75a98ce14361bc052493ec127b0
9007cb7caeb9d14a3ef8312748167490
-----END OpenVPN Static key V1-----


TLS Key Usage Mode: TLS Authentication
Peer certificate authority: anonine_ca.crt;
Peer Certificate Revocation list: do not define.
Client certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use) (please note that the numbers on your machine could be different);
Encryption Algorithm: AES-256-GCM
Enable NCP: Check.
NCP Algorithms: AES-256-GCM and AES-256-CBC.
Auth digest algorithm: SHA384 (384bit)
Hardware Crypto: No hardware crypto acceleration.


TUNNEL SETTINGS

IPv4 tunnel network: leave blank;
IPv6 tunnel network: leave blank;
IPv4 remote network(s): leave blank;
IPv6 remote network(s): leave blank;
Limit outgoing bandwidth: leave blank;
Compression: Omit Preference (Use OpenVPN Default)
Topology: Subnet – One IP address per client in a common subnet
Type-of-service: leave unchecked;
Don’t pull routes: uncheck;
Don’t add/remove routes: leave unchecked.


ADVANCED CONFIGURATION

Custom Options

tls-client;
persist-key;
persist-tun;
remote-cert-tls server;


UDP FAST I/O: leave unchecked.
Send/Receive Buffer: Default
Gateway creation: IPv4 only
Verbosity level: 3 (recommended);

Press Save



4. Navigate to Interfaces -> Interface Assignments and Add anonine_vpn interface.


5. Press on the OPT1 to the left of your assigned interface and fill in the following information:

Enable: check
Description: anonine_vpn
Mac Address: leave blank
MTU: leave blank
MSS: leave blank

Do not change anything else. Just scroll down to the bottom and press “Save


6. Navigate to Services -> DNS Resolver -> General Settings

Enable: uncheck

Click Save


7. Navigate to Services -> DNS forwarder

Enable: check

Click Save


8. Navigate to Firewall -> NAT -> Outbound and select Manual Outbound NAT rule generation. Press Save. Then four rules will appear. Leave all rules untouched and add a new one.
Select ANONINE_VPN as an Interface.
Source: your LAN subnet.
Click Save. At the end it should look like this:



9. Navigate to Firewall -> Rules -> LAN and delete the IPv6 rule. Also, edit the IPv4 rule.
 Press on Show Advanced Options;
 Change Gateway to ANONINE_VPN;

 Click Save.

At the end it should look like this:


10. Go to System -> General Setup and fill in:

DNS Server 1:  10.10.62.1 ; ANONINE_VPN_VPNV4-opt1
DNS Server 2:  80.67.14.78 ; ANONINE_VPN_VPNV4-opt1

DNS Server 2:  1.1.1.1 ; none

DNS Server Override: uncheck

Disable DNS Forwarder: check

Click Save


11. Now you can navigate to Status -> OpenVPN and it should state that the service is “up


13. You can also check the connection log file under Status -> System Logs -> OpenVPN:


All of your online activities are now 100% secure and anonymous while connected to Anonine.

 

If you have any questions, or experience any issues while installing & setting up your pfSense firewall to connect to the Anonine VPN servers; please contact our Support Team anytime.