This guide was created by a community member and reviewed by us. Firmware and router interfaces may change over time, so some steps may differ depending on your device or version.
Prerequisites:
- OPNsense version must be 26.1 or later
- You will need an OpenVPN config for the location you selected in the OpenVPN generator
Setup
Open OPNsense at
192.168.1.1(by default)Log In (username is
rootand password isopnsenseby default)Go to System → Trust → Authorities
Add a new Certificate Authority
In Method, select Import an existing Certificate Authority
Enter a name in Description
- Example:
xeovo-ca
- Example:
Open your OpenVPN config file
- Example:
xeovo-fi-udp.ovpn
- Example:
Copy and paste the contents between
<ca>and</ca>tags (including-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----lines) into Certificate dataSave the Certificate Authority
Go to VPN → OpenVPN → Instances
Add an Instance
Click Advanced Mode
Set Role to Client
Enter a name in Description
- Example:
xeovo-fi
- Example:
Check the Enabled box
Set Protocol to the protocol specified in your config file
- Example:
UDP
- Example:
Enter the port from your config file in Port number
- Example:
1196
- Example:
Enter the server address from your config file in Remote
- Example:
fi.gw.xeovo.com
- Example:
Check the Verify Remote Certificate box
In Certificate Authority, select the previously created Certificate Authority
- Example:
xeovo-ca
- Example:
Enter your Xeovo username in Username
Enter your Xeovo password in Password
Save the Instance
Go to VPN → OpenVPN → Connection Status
Connection status must show connected
Go to Firewall → NAT → Outbound
Select the Hybrid outbound NAT rule generation mode and click Save
Add a Rule
In Interface, select OpenVPN
In Source address, select LAN net
In Translation / target, select Interface Address
Save the Rule
Apply changes
Verify VPN connection, visit DoesMyVPN.work
Disconnecting:
To disconnect the VPN, go to VPN → OpenVPN → Instances, find your instance and uncheck the Enabled box, then click Apply.