Nordvpn On Pfsense

To set up OpenVPN on pfSense 2.4.5, access your pfSense from your browser, then navigate to System Certificate Manager CAs.

  • Apr 01, 2021 NordVPN is our top pick for a pfSense VPN. It dwarfs many other VPNs when it comes to network size with over 5,600 servers to choose from in 60 countries, and is one of the fastest VPNs we’ve reviewed. It’s tried and tested with pfSense and provides instructions for getting started.
  • I have pfSense 2.5.1 and use NordVPN on all the devices on my LAN. What I'd like to do instead is use NordVPN on my pfSense router. I'm following this setup doc: pfSense 2.5 Setup with NordVPN. However, there are two sections I cannot find: Where to input the hostname/FQDN of the NordVPN server I.
  • Pfsense 2 4 Nordvpn, Hotspot Shield Elite Activator Only Zip, Connessione Vpn Gratuita, Windscribe Jumbo Frames Visit 16GB lighted smart.

Last Updated: April 1, 2021

Nordvpn On Pfsense Pc

pfSense is an open-source software distribution that can turn a computer into a dedicated router/firewall. It usually operates on a virtual machine or a dedicated physical computer. It is FreeBSD-based, which means it belongs to the family Unix-like BSD distribution. Using a VPN on pfSense enhances its abilities to protect your devices. This article takes a deep dive into configuring NordVPN on pfSense.

Setting Up NordVPN on pfSense

pfSense has different versions, but the latest one is the 2.5.0 version. This new version has an in-built WireGuard VPN client. Unfortunately, NordVPN’s proprietary WireGuard-based protocol is not available for routers. So this setup involves using the OpenVPN protocol to connect to NordVPN’s servers. Let’s take a look at the step-by-step process you need to follow.

1. Open a browser window and log in to your pfSense account with your credentials. The default is usually “admin” for the username and “pfsense” for the password. Reach out to pfSense support or check your user manual if that doesn’t work.

2. Navigate to the certificate authority section through the following path: System > Certificate Manager > CAs. Once you’re in the CA section, click “+Add.”

3. You’re going to need the name of the server in the next steps. So head over to NordVPN’s OpenVPN configurations page and note the name of the server you intend to use or let NordVPN recommend a server for you.

4. Go back to your pfSense page and input the following in their respective fields:

Descriptive Name: NordVPN_CA (this is for this guide, you can use any name)

Method: Import an existing Certificate Authority

Trust Store: Uncheck this box

Randomize Serial: Uncheck this box

Certificate data: copy and paste the data below.






Nordvpn Pfsense Netflix

























Click on “Save” to save the configuration.

5. Now go to VPN > OpenVPN > Clients and click on “+Add.”

6. Enter the following in their respective fields:

Disable this client: Uncheck this box.

Server mode: Peer to Peer (SSL/TLS)

Protocol: UDP on IPv4 only (you can also use TCP)

Device mode: tun – Layer 3 Tunnel Mode

Interface: WAN

Local port: Leave box unchecked

Server host or address: the hostname of the server you selected in step 3 above

Nordvpn On Pfsense

Server port: 1194 (use 443 if you use TCP)

Proxy host or address: Leave box unchecked

Proxy port: Leave box unchecked

Proxy Authentication: none

Description: Input any descriptive name of your choice.

7. In the “User Authentication Settings” section,input the following:

Username: Your NordVPN service username

Password: Your NordVPN service password in both fields

Authentication Retry: leave box unchecked

If you don’t know your NordVPN service credentials, you can find them in your NordAccount dashboard under “Advanced configuration.”

8. In the “Cryptographic Settings” section, input the following:

TLS Configuration: Use a TLS Key – Check this box; Automatically generate a TLS key – Uncheck this box

TLS Key: Copy and paste the data below

—–BEGIN OpenVPN Static key V1—–

















—–END OpenVPN Static key V1—–

TLS Key Usage Mode: TLS Authentication

TLS keydir direction: Use default direction

Peer certificate authority: NordVPN_CA (the CA in step 4 above)

Peer Certificate Revocation list: Do not define

Client certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use). It is important to note that the numbers on your machine might not be the same.

Data Encryption Negotiation: Check this box

Data Encryption Algorithms: AES-256-GCM and AES-256-CBC

Fallback Data Encryption Algorithm: AES-256-CBC

Auth digest algorithm: SHA512 (512-bit)

Hardware Crypto: No Hardware Crypto Acceleration

9. In the “Tunnel Settings” section, input the following:

IPv4 tunnel network: Leave blank

IPv6 tunnel network: Leave blank

IPv4 remote network(s): Leave blank

IPv6 remote network(s): Leave blank

Limit outgoing bandwidth: Leave blank

Allow Compression: Refuse any non-stub compression (Most Secure)

Topology: Subnet – One IP address per client in a common subnet

Type-of-Service: Uncheck this box

Don’t pull routes: Uncheck this box

Don’t add/remove routes: Check this box

10. In the “Advanced Configuration” section, input the following:

Custom Options: Copy and paste the data below



Nordvpn On Pfsense

tun-mtu 1500;

tun-mtu-extra 32;

mssfix 1450;



reneg-sec 0;

remote-cert-tls server;

UDP FAST I/O: Uncheck this box

Exit Notify: Disabled

Send/Receive Buffer: Default

Gateway creation: IPv4 only

Verbosity level: 3 (recommended)

11. Now go to Interfaces > Interface Assignments. Click on the green “+Add” button to add the NordVPN interface.

12. Select the “OPT1” on the left of your assigned interface input the following in their respective fields:

Enable: Check this box

Description: NordVPN

Mac Address: Leave blank

MTU: Leave blank

MSS: Leave blank

13. Leave everything else and select “Save.”

14. Go to Services -> DNS Resolver -> General Settings and input the following in their respective fields and select “Save”:

Enable: Check this box

Listen port: Ignore this field

Enable SSL/TLS Service: Uncheck this box

SSL/TLS Certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use). It is important to note that the numbers on your machine might not be the same

SSL/TLS Listen Port: Ignore this field

Network Interfaces: All

Outgoing Network Interfaces: NordVPN

System Domains Local Zone Type: Transparent

DNSSEC: Uncheck this box

Python Module: Uncheck this box

DNS Query Forwarding: Enable forwarding mode – Check this box; Use SSL/TLS for outgoing DNS Queries to Forwarding Servers – Uncheck this box

DHCP Registration: Check this box

Static DHCP: Check this box

OpenVPN Clients: Uncheck this box

15. At the top of “General DNS Resolver Options,” click “Advanced Settings” and input the following in their respective fields and click “Save”:


Hide Identity: Check this box

Hide Version: Check this box

Query Name Minimization: Uncheck this box

Strict Query Name Minimization: Uncheck this box


Prefetch Support: Check this box

Prefetch DNS Key Support: Check this box

Harden DNSSEC Data: Uncheck this box

16. Go to Firewall > NAT > Outbound, click “Manual Outbound NAT rule generation,” and select “Save.”You will see six rules. Delete every IPv6 rule, add a new one with the following and click “Save”:

Interface: NordVPN

Address Family: IPv4

Source: Input your LAN subnet (something like

Note the NAT rule you just created must be on top.

17. Go to Firewall > Rules > LAN and remove the IPv6 rule. Edit the IPv4 rule by clicking on “Display Advanced” and changing “Gateway” to “NordVPN.” Click “Save” after.

18. Head over to “System > General Setup.” Under “DNS Server Settings,” enter the following in their respective fields and click “Save”:

DNS Server 1:; none (under “Gateway”)

DNS Server 2:; NordVPN_VPNV4 – opt1 – … (under “Gateway”)

19. Now go to Status > OpenVPN and check to see if the connection is up and running. You can also look at your connection log file by navigating to Status > System Logs > OpenVPN.

You can confirm that your VPN connection is active by checking your connection’s IP address to see if it has changed.

Get NordVPN for pfSense

Why Should You Use NordVPN For pfSense?

1. Security and Privacy

NordVPN’s security structure consists of basic and advanced features. It uses the OpenVPN protocol, which is one of the most secure and reliable VPN protocols. Using 256-bit encryption is an effective way to discourage malicious entities from trying to access your data, and NordVPN uses it to protect your network connection. There is also a perfect forward secrecy feature that makes it even more difficult to penetrate your network.

Other important security features include an automatic Kill Switch, Split Tunneling, DNS/IP leak protection, Onion over VPN, DoubleVPN, and CyberSec (an adblocker). Privacy is also its strong point as it keeps no logs, has a cryptocurrency payment method, and has its headquarters in privacy-friendly Panama. Overall, NordVPN provides adequate protection when it comes to privacy and security.

2. Bypass Geo-Restrictions

NordVPN’s impressive server network is the reason why its users can confidently access several streaming platforms without facing any barriers online. It can unblock almost every mainstream streaming service, including Netflix, BBC iPlayer, ESPN, Amazon Prime Video, and Hulu.

Nordvpn Pfsense 2.4.5

3. Reliable Customer Support

Nobody wants to be stuck on a problem and have no one around to help. This is why NordVPN invests in delivering the best support to its users. If you have any issues setting it up on pfSense, you can access a 24/7 live chat system, a ticketing system, FAQs, and a support center with instructional guides.


Setting up NordVPN on pfSense is not an easy process, but if you follow the instructions in this guide accurately, you should have no issues with it. In terms of security, privacy, unblocking streaming platforms, and reliable support, you stand to gain a lot using NordVPN on pfSense.

This article has been last updated on January 31, 2021

As you guys know we sell quite a lot of open-source hardware. Most of our customers are fans of pfSense, the most popular open-source operating system for routers. The question we often get is 'What hardware should I get for pfSense?'.

It's already 2021, so any hardware you get must be ready to support the next release of pfSense. The upcoming version 2.5 of pfSense has one key requirement that previous versions didn't. The CPU must support AES-NI, the native, hardware encryption instructions. Software encryption will no longer be supported, so you must make sure your CPU has AES-NI.

Nordvpn on pfsense

Update: pfSense has announced that version 2.5 will support hardware without AES-NI. It is still strongly recommended that your processor supports it, but it's not a strict requirement. For details, see the message from the pfSense team.

pfSense 2.5 hardware requirements

Not everyone is the same, but there are some common requirements that any hardware must fulfil.

  • CPU should support AES-NI
  • CPU must be powerful enough to route your internet traffic
  • CPU should be 64bit Intel or AMD
  • RAM - you must have enough for the packages you want to run.
  • NICs - LAN ports should be coming from Intel. pfSense still doesn't perform great with Realtec Network Interfaces.
  • WiFi - pfSense supports a very limited number of WiFi adapters. If you plan on using WiFi, make sure you get the right adapter.

What is AES-NI?

AES-NI (AES New Instructions) is a new encryption instruction set, baked right into CPU that dramatically speeds up cryptography tasks such as encryption/decryption for VPN or SSL. AES-NI was initially developed by Intel, but most modern AMD CPUs also support it now.

There are a lot of routers sold online that claim to be pfSense compatible and don't support AES-NI. This is theoretically true because pfSense 2.4 does not strictly require it. Once pfSense 2.5 will be released, their routers will be stuck with the old version of pfSense.

All hardware sold by TekLager has AES-NI support and Intel NICs.

pfSense 2.5 release date

pfSense 2.5 development version is already released and can be used, but it's not considered stable. When we tested it in May, it was still causing some problems during installation, so we recommend to wait with the upgrade until the stable version is released

It's not yet known when the stable release will be made, but it's likely that we will see it during Q1 2021.

Cheap pfSense box - APU2E0

APU is a well known, reliable hardware manufactured by Swiss company PC Engines. APU2, APU3 and APU4 routers are the most popular hardware firewalls we sell at TekLager. There are few versions of APU, starting at entry-level APU2E0, to the latest version of APU4C4.

This is the cheapest pfSense router we sell but don't be deceived, it's a very capable firewall for home or small office.

Nordvpn On Pfsense Samsung

Tip: in most applications, this box will perform just as well as the more expensive versions.