OpenVPN as WAN Interface

From PFSenseDocs

Using a custom OpenVPN interface as WAN

Problem: You want to connect to a tunnel provider (like prq.se) with OpenVPN but you can’t use the web interface due to no encryption/login/certificate.

Solution: In this example I'm connecting to prq.se. Configure your machine the way you want it. Then make a backup of the configuration. Open the configuration in a text editor and insert these two lines at the end of the <system> tag.

 <shellcmd>openvpn --ifconfig xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy --route rrr.rrr.rrr.rrr yyy.yyy.yyy.yyy --remote sss.sss.sss.sss --port pppp --dev tap --comp-lzo --ping 15 --verb 3 --daemon</shellcmd>
 <shellcmd>/etc/rc.filter_configure_sync</shellcmd>
 <shellcmd>rm /tmp/notice*</shellcmd>

• xxx.xxx.xxx.xxx is your IP at the end of the tunnel
• yyy.yyy.yyy.yyy is the net mask
• rrr.rrr.rrr.rrr is the network
• sss.sss.sss.sss is the IP to the OpenVPN server
• pppp is the port on the OpenVPN server

The shellcmd lines will be loaded after the firewall rules get loaded. Therefore you have to reload the rules after the tunnel is created. That’s what the second line does. Save you changes and use the restore function in web interface to load the files. The machine will reboot. Assign the new interface using Interfaces -> Assign in the web interface. Enter the IP and the gateway in the settings for the new interface. Then you have to reboot the machine. It will then enable PF on the tunnel interface (When the tap interface has a gateway it will be treated as a second wan interface)

This article is part of the HOWTO series.