You can set up NordVPN on your pfSense router by downloading the appropriate VPN server configuration to install in your router’s advanced settings page.
Likewise, you’ll need to modify some router settings to ensure the VPN works seamlessly with it.
However, doing this might be challenging if you’ve never set up a VPN on a pfSense router before.
So, continue reading for a simple guide to installing NordVPN on your pfSense router.
How to Setup NordVPN on a pfSense Router?
Since the release of pfSense 2.5, the WireGuard VPN client has been available for pfSense routers. However, the NordLynx protocol isn’t installable, as it’s available only on NordVPN’s mobile and desktop applications.
So, here’s how to set up NordVPN on a pfSense router:
But if you want a text-based guide instead, follow the one below:
- Subscribe to NordVPN.
- Open pfSense’s configuration page.
- Go to System > Certificate Manager, then select “CAs.”
- Click “+Add.”
- Download a server from NordVPN’s official server download page.
- In the “Descriptive Name” field, enter any name. For example, “NordVPN Thai.”
- In the “Method” section, select “Import an existing Certificate Authority.”
- Uncheck “Trust Store” and “Randomize Serial.”
- Copy-paste the following text into the “Certificate data” section:
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
- Select the “VPN” section.
- Select “OpenVPN” followed by “Clients.”
- Click “+Add.”
- Uncheck “Disable this client.”
- Switch “Server mode” to “Peer to Peer (SSL/TLS).”
- Select “UDP on IPv4 only” under “Protocol.” You can also use TCP.
- Change the “Device mode” to “tun – Layer 3 Tunnel Mode.”
- Click “Interface” and select “WAN” from the drop-down menu.
- Enter the server’s address in the “Server host or address” section. In my case, it’s “th25.nordvpn.com.”
- In the “Server port” section, enter “1194” if you’re using UDP or “443” for TCP.
- Type anything you like in the “Description.” It doesn’t carry much weight in the setup process.
- Open NordVPN’s dashboard in a new browser tab.
- Select NordVPN on the left-side menu and scroll down to “Advanced configuration.”
- Copy and paste the username into the “Username” section. Do the same for the password and paste it under the “Password” section in the “User Authentication Settings.”
- Configure “Cryptographic settings” by checking the “TLS Configuration” checkbox.
- Uncheck “Automatically generate a TLS key” and copy-paste the following text under the “TLS Key” textbox:
—–BEGIN OpenVPN Static key V1—–
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
—–END OpenVPN Static key V1—–
- Change “TLS Key Usage Mode” to “TLS Authentication.”
- Click the “TLS keydir direction” drop-down menu and select “Use default direction.”
- Configure “Peer certificate authority” as “NordVPN_CA.”
- Change “Peer Certificate Revocation list” to “Do not define.”
- Change “Client certificate” to “webConfigurator default (XXXXXXXX) (Server: Yes, In Use).”
- Check “Data Encryption Negotiation.”
- Select “AES-256-GCM” and “AES-256-CBC” under “Data Encryption Algorithms.”
- Change “Fallback Data Encryption Algorithm” to “AES-256-CBC.”
- Select “SHA512 (512-bit)” under “Auth digest algorithm.”
- Configure “Hardware Crypto” as “No Hardware Crypto Acceleration.”
- Configure “Tunnel Settings” by leaving “IPv4 Tunnel Network,” “IPv6 Tunnel Network,” “IPv4 Remote network(s),” and “IPv6 Remote network(s)” blank.
- Select “Refuse any non-stub compression (Most Secure)” for “Allow Compression.”
- Click the “Topology” drop-down and select “Subnet – One IP address per client in a common subnet.”
- Uncheck “Type-of-Service” and “Don’t pull routes.”
- Check “Don’t add/remove routes.”
- Configure “Advanced Configuration” by pasting the following text in the “Custom Options” text box:
tls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
reneg-sec 0;
remote-cert-tls server;
- Uncheck “UDP FAST I/O.”
- Change “Exit Notify” to “Disabled.”
- Change “Send/Receive Buffer” to “Default.”
- Select “IPv4 only” in the “Gateway creation” section.
- Click on “Verbosity level” and select “3 (recommended).”
- Select “Interfaces,” followed by “Interface Assignments,” and click “+Add” to add the NordVPN interface.
- Select the “OPT1 (ovpnc1)” section in the “Advanced Configuration” menu and check “Enable.”
- Type “NordVPN” in the “Description” box. Then, click “Save.”
- Go to Services > DNS Resolver > General Settings.
- Check “Enable.”
- Uncheck “Enable SSL/TLS Service.”
- Click on the “SSL/TLS Certificate” drop-down menu and select “webConfigurator default (XXXXXXXXXX) (Server: Yes, In Use).”
- Click the “Network Interfaces” drop-down and select “All.”
- Click the “Outgoing Network Interfaces” drop-down menu and select “NORDVPN.”
- Click the “System Domain Local Zone Type” drop-down menu and select “Transparent.”
- Uncheck “DNSSEC” and “Python Module.”
- Check “DNS Query Forwarding,” “DHCP Registration,” “Static DHCP,” and “OpenVPN Clients.” Then, click “Save.”
- Select “Advanced Settings,” then check “Hide Identity” and “Hide Version.”
- Uncheck “Query Name Minimization” and “Strict Query Name Minimization.”
- In the “Advanced Resolver Options,” check “Prefetch Support” and “Prefetch DNS Key Support.”
- Uncheck “Harden DNSSEC Data.” Then, click “Save.”
- Open Firewall settings by navigating to Firewall > NAT > Outbound.
- Choose “Manual Outbound NAT rule generation.” Then, click “Save.”
- A pop-up will appear, delete all IPv6 rules and add new ones.
- Click the “Interface” drop-down and select “NORDVPN.”
- Click the “Address Family” drop-down and select “IPv4.”
- In the “Source” drop-down menu, select your LAN’s subnet. Then, click “Save.”
- Go to Firewall > Rules > LAN.
- Delete all IPv6 rules and edit IPv4 rules.
- Click “Display Advanced” and change “Gateway” to NordVPN, then click “Save.”
- Click on “System,” then “General Setup.”
- Enter “103.86.96.100” in “DNS 1” and select “None” by clicking on the drop-down.
- In “DNS 2,” enter “103.86.99.100” and select “NordVPN_VPNV4 – opt1” from the drop-down options.
- Click “Save.”
- Click Status > OpenVPN and check if the status shows “up.”
- That’s it! You’ve set up NordVPN on your pfSense router successfully!
What Makes NordVPN a Suitable VPN for Your pfSense Router?
NordVPN impresses on almost all device types, and the pfSense router isn’t an exception. Here are a few reasons:
- All devices connected to the pfSense router are protected under NordVPN’s military-grade AES-256-bit encryption. Thus, your online activities aren’t visible to hackers, ISPs, and other online snoopers.
- NordVPN eliminates latency and delivers fast connection speeds for all devices connected to the pfSense router, ensuring fast gaming performance, streaming, and download speeds.
- Everyone connected to the pfSense router can easily unblock various streaming libraries. For example, you can watch Netflix US or Crunchyroll using the US server.
FAQs
How to Fix Slow Speeds With NordVPN on a pfSense Router?
Reducing the CPU usage on your pfSense router should result in faster connection speeds. Likewise, turning off the “Auto channel selection” setting on your pfSense, which usually takes up too much CPU resources, should free up the CPU and result in faster speeds.
Wrapping Up!
Installing NordVPN on a pfSense router allows you to unblock streaming services, browse securely and privately, and play games without facing lag, latency, or the fear of DDoS attacks.
Grab these NordVPN discounts to save on your subscription if you don’t already have one, and set up the fantastic pfSense VPN provider as described above!