{"id":31307,"date":"2026-01-20T17:29:56","date_gmt":"2026-01-20T16:29:56","guid":{"rendered":"https:\/\/blog.miniserver.it\/?p=31307"},"modified":"2026-01-20T17:41:15","modified_gmt":"2026-01-20T16:41:15","slug":"vpn-road-warrior-opnsense-openvpn-instances","status":"publish","type":"post","link":"https:\/\/blog.miniserver.it\/en\/firewall\/vpn-road-warrior-opnsense-openvpn-instances\/","title":{"rendered":"VPN Road Warrior on OPNsense with OpenVPN Instances"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1123.2px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\" style=\"--awb-margin-top:40px;\"><p>From OPNSense version 25.7 onward, to create a VPN server with OpenVPN it will be mandatory to use the Instances tab.<\/p>\n<p>You will still be able to import old VPN configurations from a backup up to the latest version of 25, while starting with version 26 this will no longer be possible.<\/p>\n<p>At the time of writing this document, there is no wizard for creating a VPN with OpenVPN\/Instances (VPN \u2192 OpenVPN \u2192 Instances); therefore, everything must be created manually.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-padding-right:20px;--awb-padding-left:20px;--awb-bg-color:#f1f4f6;--awb-bg-color-hover:#f1f4f6;--awb-bg-blend:overlay;--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top:20px;--awb-margin-bottom:20px;--awb-margin-top-small:10px;--awb-margin-right-small:0px;--awb-margin-bottom-small:10px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left\" style=\"margin:0;\"><h1 class=\"fusion-title-heading title-heading-left\">How to Create a Road Warrior VPN on OPNsense with OpenVPN Instances<\/h1><\/h2><\/div><div class=\"awb-toc-el awb-toc-el--1\" data-awb-toc-id=\"1\" data-awb-toc-options=\"{&quot;allowed_heading_tags&quot;:{&quot;h3&quot;:0},&quot;ignore_headings&quot;:&quot;&quot;,&quot;ignore_headings_words&quot;:&quot;indice&quot;,&quot;enable_cache&quot;:&quot;yes&quot;,&quot;highlight_current_heading&quot;:&quot;no&quot;,&quot;hide_hidden_titles&quot;:&quot;yes&quot;,&quot;limit_container&quot;:&quot;post_content&quot;,&quot;select_custom_headings&quot;:&quot;&quot;,&quot;icon&quot;:&quot;fa-flag fas&quot;,&quot;counter_type&quot;:&quot;none&quot;}\" style=\"--awb-margin-bottom:20px;--awb-margin-left:30px;\"><div class=\"awb-toc-el__content\"><ul class=\"awb-toc-el__list awb-toc-el__list--0\"><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_1_Certificate_creation\">1. Certificate creation<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_Server_Certificate\">-Server Certificate<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_2_User_creation\">2. User creation<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_3_User_certificate_creation\">3. User certificate creation<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_4_Creazione_Instance\">4. Instance Creation<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_5_Creazione_regole\">5. Rule creation<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_6_Esportazione_del_certificato_per_il_client_OpenVPN\">6. Exporting the certificate for the OpenVPN client<\/a><\/li><li class=\"awb-toc-el__list-item\"><a class=\"awb-toc-el__item-anchor\" href=\"#toc_7_Type_TUN_Vs_DCO\">7. Type TUN Vs DCO<\/a><\/li><\/ul><\/div><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-2\"><h3>1. Certificate creation<\/h3>\n<p>Authorities<\/p>\n<p>From the menu, select System \u2192 Trust \u2192 Authorities and configure an internal CA.<\/p>\n<p>Fill in your internal certificate authority, making sure to choose an appropriate lifetime and a meaningful common name.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31259\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1.jpg\" alt=\"\" width=\"1371\" height=\"795\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-200x116.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-400x232.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-583x338.jpg 583w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-600x348.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-768x445.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-800x464.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-1024x594.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1-1200x696.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-1.jpg 1371w\" sizes=\"(max-width: 1371px) 100vw, 1371px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-3\"><h3>-Server Certificate<\/h3>\n<p>From the menu, select System \u2192 Trust \u2192 Certificates and add an internal certificate \u2013 Server certificate.<\/p>\n<p>Fill in your internal server certificate, making sure to choose the correct CA (in this example, the one just created), an appropriate lifetime, and a meaningful common name.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31262\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2.jpg\" alt=\"\" width=\"1373\" height=\"801\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-200x117.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-400x233.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-579x338.jpg 579w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-600x350.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-768x448.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-800x467.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-1024x597.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2-1200x700.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-2.jpg 1373w\" sizes=\"(max-width: 1373px) 100vw, 1373px\" \/><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31264\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3.jpg\" alt=\"\" width=\"1365\" height=\"741\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-200x109.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-400x217.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-600x326.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-623x338.jpg 623w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-768x417.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-800x434.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-1024x556.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3-1200x651.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-3.jpg 1365w\" sizes=\"(max-width: 1365px) 100vw, 1365px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-4\"><h3>2. User creation<\/h3>\n<p>Per ogni utilizzatore della VPN devo creare un utente e il relativo certificato.<\/p>\n<p><b>ATTENZIONE<\/b>: il nome utente e il nome del certificato dovranno essere identici!<\/p>\n<p>Dal menu scegliete System\u2192Users e quindi aggiungere un utente (in questo esempio usr1)<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31268\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4.jpg\" alt=\"\" width=\"1394\" height=\"797\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-200x114.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-400x229.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-591x338.jpg 591w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-600x343.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-768x439.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-800x457.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-1024x585.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4-1200x686.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-4.jpg 1394w\" sizes=\"(max-width: 1394px) 100vw, 1394px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-5\"><h3>3. User certificate creation<\/h3>\n<p>From the menu, select System \u2192 Trust \u2192 Certificates and add an internal certificate \u2013 Client Certificate<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31271\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5.jpg\" alt=\"\" width=\"1386\" height=\"792\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-200x114.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-400x229.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-592x338.jpg 592w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-600x343.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-768x439.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-800x457.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-1024x585.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5-1200x686.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-5.jpg 1386w\" sizes=\"(max-width: 1386px) 100vw, 1386px\" \/><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31273\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6.jpg\" alt=\"\" width=\"1365\" height=\"719\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-200x105.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-400x211.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-600x316.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-642x338.jpg 642w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-768x405.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-800x421.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-1024x539.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6-1200x632.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-6.jpg 1365w\" sizes=\"(max-width: 1365px) 100vw, 1365px\" \/><\/p>\n<p>-Description- and especially -Common Name- must be identical to the username created earlier.<\/p>\n<p>Note: At this point, in the menu System \u2192 Trust \u2192 Certificates, you will see the client certificate \u201cusr1\u201d with a little person icon indicating it is associated with a user, while the server certificate has an X showing it is not yet in use.<\/p>\n<\/div><div class=\"fusion-text fusion-text-6\"><h3 id=\"toc_4_Creazione_Instance\">4. Instance Creation<\/h3>\n<p>From the menu VPN \u2192 OpenVPN \u2192 Instances, add the OpenVPN server instance.<\/p>\n<p>It is important to choose the correct certificate.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31276\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7.jpg\" alt=\"\" width=\"1355\" height=\"746\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-200x110.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-400x220.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-600x330.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-614x338.jpg 614w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-768x423.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-800x440.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-1024x564.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7-1200x661.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-7.jpg 1355w\" sizes=\"(max-width: 1355px) 100vw, 1355px\" \/><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31278\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8.jpg\" alt=\"\" width=\"1375\" height=\"804\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-200x117.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-400x234.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-578x338.jpg 578w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-600x351.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-768x449.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-800x468.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-1024x599.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8-1200x702.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-8.jpg 1375w\" sizes=\"(max-width: 1375px) 100vw, 1375px\" \/><\/p>\n<p>&#8211; <span style=\"background-color: rgba(0, 0, 0, 0);\">Generate a key from the Static Key tab.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31280\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9.jpg\" alt=\"\" width=\"1452\" height=\"534\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-200x74.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-400x147.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-600x221.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-768x282.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-800x294.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-919x338.jpg 919w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-1024x377.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9-1200x441.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-9.jpg 1452w\" sizes=\"(max-width: 1452px) 100vw, 1452px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-7\"><p>* You can also create a revocation list from System \u2192 Trust \u2192 Revocation and edit the CA used in the OpenVPN server (if you don\u2019t want to revoke any certificates, you can leave Nothing selected).<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31282\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10.jpg\" alt=\"\" width=\"1837\" height=\"513\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-200x56.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-400x112.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-600x168.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-768x214.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-800x223.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-1024x286.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-1200x335.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-1210x338.jpg 1210w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10-1536x429.jpg 1536w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-10.jpg 1837w\" sizes=\"(max-width: 1837px) 100vw, 1837px\" \/><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31284\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11.jpg\" alt=\"\" width=\"1258\" height=\"796\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-200x127.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-320x202.jpg 320w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-400x253.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-534x338.jpg 534w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-600x380.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-768x486.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-800x506.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-1024x648.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11-1200x759.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-11.jpg 1258w\" sizes=\"(max-width: 1258px) 100vw, 1258px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-8\"><p>* Once these two parameters are generated, I can add them to my OpenVPN server under Certificate Revocation List and TLS Static Key, respectively.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31287\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12.jpg\" alt=\"\" width=\"1375\" height=\"819\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-200x119.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-400x238.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-567x338.jpg 567w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-600x357.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-768x457.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-800x477.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-1024x610.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12-1200x715.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-12.jpg 1375w\" sizes=\"(max-width: 1375px) 100vw, 1375px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-9\"><h3 id=\"toc_5_Creazione_regole\">5. Rule creation<\/h3>\n<p>One way to allow connections to the OpenVPN server is to create a rule in Firewall \u2192 Rules \u2192 Floating. In our example, I need to allow access on the WAN to UDP port 1194.<\/p>\n<p><span style=\"background-color: rgba(0, 0, 0, 0);\">Then, I will need to add a rule on the OpenVPN tab to allow VPN traffic. Initially, I recommend allowing everything and then narrowing the rules according to the requirements.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31289\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13.jpg\" alt=\"\" width=\"1844\" height=\"540\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-200x59.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-400x117.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-600x176.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-768x225.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-800x234.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-1024x300.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-1154x338.jpg 1154w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-1200x351.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13-1536x450.jpg 1536w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-13.jpg 1844w\" sizes=\"(max-width: 1844px) 100vw, 1844px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-10\"><h3 id=\"toc_6_Esportazione_del_certificato_per_il_client_OpenVPN\">6. Exporting the certificate for the OpenVPN client<\/h3>\n<p>OPNsense includes the Client Export utility. In the Hostname field, you must enter the IP or the FQDN that points to the public IP through which you can reach the firewall on the WAN.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31291\" src=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15.jpg\" alt=\"\" width=\"1803\" height=\"800\" srcset=\"https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-200x89.jpg 200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-400x177.jpg 400w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-600x266.jpg 600w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-762x338.jpg 762w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-768x341.jpg 768w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-800x355.jpg 800w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-1024x454.jpg 1024w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-1200x532.jpg 1200w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15-1536x682.jpg 1536w, https:\/\/blog.miniserver.it\/wp-content\/uploads\/VPN-Road-Warrior-su-OPNsense-con-OpenVPN-Instances-15.jpg 1803w\" sizes=\"(max-width: 1803px) 100vw, 1803px\" \/><\/p>\n<\/div><div class=\"fusion-text fusion-text-11\"><h3 id=\"toc_7_Type_TUN_Vs_DCO\">7. Type TUN Vs DCO<\/h3>\n<p>You can experiment with a new OpenVPN parameter, especially useful for speeding up VPN traffic.<\/p>\n<p>Edit your OpenVPN server (from VPN \u2192 OpenVPN \u2192 Instances), change the type from TUN to DCO (experimental).<\/p>\n<p>Save.<\/p>\n<p>You don\u2019t need to do anything else on the firewall. To test it on the client, disconnect from the VPN (if connected) and reconnect. In various tests, I noticed a speed increase of 10% to 20%, with brief initial peaks of 30% (depending on several factors). If the fact that DCO is experimental makes you uneasy, or you notice any issues, you can easily switch back to TUN.<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":11,"featured_media":31312,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[123],"tags":[],"class_list":["post-31307","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-firewall"],"_links":{"self":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/31307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/comments?post=31307"}],"version-history":[{"count":5,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/31307\/revisions"}],"predecessor-version":[{"id":31313,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/31307\/revisions\/31313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/media\/31312"}],"wp:attachment":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/media?parent=31307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/categories?post=31307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/tags?post=31307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}