Setup FastestVPN on pfSense
Step #1: Access pfSense via web browser and go to “System” and then click “Cert. Manager”.
Step #2: Click on “CAs” and click “+Add” button.
Step #3: Fill out the required fields as below
- Descriptive name: FastestVPN_OVPN_CA
- Method: Import an existing Certificate Authority
- Certificate data: Download the certificate text file from here. Open it and copy the text between <ca> </ca> tags. Paste that text into “Certificate Data” field.
Image of certificate text is given below for your reference.Now click on “Save“
You will see that a connection is created. (not connected currently).
Step #4: Go to “VPN” select “OpenVPN“. Now click on “Clients” and then press “+Add” button
Step #5: Select/ write as instructed below:
- Server mode: Peer to Peer (SSL/TLS)
- Protocol: TCP on IPv4 only (or you can also select UDP)
- Device mode: TUN – Layer 3 Tunnel Mode
- Interface: WAN
- Server host or address: FastestVPN TCP server address if you selected TCP in “Protocol” option above. If you selected UDP, then enter a UDP server address.
Here as an example I entered Australia-TCP server address which is au-sd-ovtcp-01.jumptoserver.com
Complete list of server addresses is available here. Make sure to enter correct address for TCP and UDP.
- Server port: 4443
- Description: FastestVPN (or any name as per your choice)
Step #6: In “User Authentication Settings” section, enter your FastestVPN User name and password.
Step #7: In “Cryptographic Settings” section, do the following.
- Put a check mark on “:Use a TLS key“
- Uncheck “Automatically generate a shared TLS authentication key“
- Enter TLS key : TLS Key is the text between <tls-auth> </tls-auth> tags in the certificate data file which you’ve already downloaded in step 3.
Image of TLS Key for your reference is given below.
- TLS Key Usage mode: TLS Authentication
- Peer Certificate Authority: FastestVPN_OVPN_CA
- Client Certificate: None (username and/or password required)
- Encryption Algorithm: AES-256-CBC (256-bit key, 128 bit block)
Step #8: Uncheck “Enable Negotiable Cryptographic Parameters”
Select “SHA (256 bit)” in Authentication digest Algorithm.
Select “No Hardware Crypto Acceleration” in Hardware Crypto
Step #9: Do the following.
- Compression: LZO Compression
- Topology: Subnet – One IP address per client in a common subnet
- Don’t Pull routes: Uncheck “Bars the servers from adding route to the client’s routing table
- Don’t add/ remove routes: Uncheck “Don’t add/ remove routes automatically”
Step #10: In “Advanced configurations” section do the following:
- Custom options: Type following text.
auth-nocache
tls-client
keepalive 10 60
ping-timer-rem
- Send Receive Buffer: 512 Kib
- Click on “Save”
A connection will be created as in the below image.
Step #11: Go to “Status” and press “OpenVPN”. There you will see the FastestVPN connection Status as “up”.”
Step #12: Go to “Interfaces” and select “Assignments“
Step #13: Do the following.
- Enable: Check “Enable interface”
- Description:FastestVPN
- IPv4 Connection Type: DHCP
- IPv6 Configuration Type: None
- Keep saving all settings.
Step #14: Go to “Services” and select “DNS Resolver”
Step #15: In “General Settings”, follow this:
- Enable: Check “Enable DNS Resolver”
- Listen Port: 53
- Network Interface: All
- Ongoing Network Interface: FastestVPN
- System Domain Local Zone Type: Transparent
- DNSSEC: Check “Enable DNSSEC support”
- DNS Query Forwarding:Check “Enable Forwarding Mode”
- DHCP Registration: Check “Register DHCP static mapping in the DNS resolver”
- Static DHCP: Check “Register DHCP Static mapping in the DNS resolver”
- Click on “Save“
Step #16: Go to “Advance Settings” and follow this.
- Hide Identity: Check “id.server and hostname.bind queries are refused”
- Hide Version: Check “version.server and version.bind queries are refused”
- Prefetch Support: Check “Message cache elements are prefetched.
- Prefetch DNS Key Support: Check “DNSKEYs are fetched earlier in the validation process”
- Harden DNSSEC Data: Check “DNSSEC data is required for trust-anchored zones”
- Keep saving all the settings.
Step #17: Now go to “Firewall” and open “NAT”.
Step #18: In “Outbound”, select “Manual Outbound NAT rule generation (AON-Advanced Outbound NAT) and then click on “Save“
Step #19: In Firewall> NAT > Outbound > Edit, follow these steps.
- Disabled: Uncheck “Disable this rule”
- Do not NAT : Uncheck “Enabling this option will disable NAT for traffic matching this rule”
- Interface: FastestVPN
- Protocol: any
- Source: Network 192.168.1.0 24
- Destination: any
- Address: Interface address
- Save all the settings
You will see following screen.
Step #20: Goto Firewall > Rules
Step #21: Go to “LAN”, check IPv6 rule and click on “Delete”
Step #22: Now check IPv4 rule and press pencil sign to edit.
Step #23: Follow this:
- Action: Pass
- Disabled: Uncheck “Disable this rule”
- Interface: LAN
- Address Family: IPv4
- Protocol: Any
- Source: LAN net
- Destination: any
- Description: Default allow LAN to any rule – Edit – Gateway changed to FastestVPN
- Advance Option: View Advance settings
Step #24: In “Gateway”, Select “FastestVPN_DHCP_Interface FastestVPN_DHCP Gateway“. Save all settings
Step #25: Go to System> General Setup
Step #26: In DNS Server settings section , set DNS server as “10.8.8.8 and select “FastestVPN_DHCP-opt1-
Check “Allow DNS server list to be overridden by DHCP/ PPP on WAN. Save settings.
