LINUXMIND.DEV

How to choose, use and configure a VPN in OPNsense (Tutorial)

Why OPNsense Needs a Tailored VPN Solution

OPNsense isn’t your average Linux distro—it’s a FreeBSD-based, open-source firewall and routing platform aimed squarely at network engineers and system administrators. You won’t find GNOME or KDE here instead you interact via a polished web interface or the console. Package management is handled by FreeBSD’s pkg tool, and most additions (including VPN plugins) are delivered through OPNsense’s own firmware/plugin system. When choosing a VPN provider for OPNsense, you want:

  • Native protocol support (OpenVPN, IPsec, WireGuard)
  • Easy integration via OPNsense plugins or file import
  • Strong performance on BSD-based routing hardware
  • Clear documentation for manual config in a web GUI

Top VPN Providers for OPNsense

Provider Protocols Plugin/Import Privacy Focus Official Site
Mullvad WireGuard, OpenVPN WireGuard plugin amp OVPN import Anonymous account mullvad.net
ProtonVPN WireGuard, OpenVPN OVPN import amp manual WG Swiss-based, no logs protonvpn.com
NordVPN OpenVPN, IKEv2 OVPN import Audit-verified no logs nordvpn.com

Installing and Configuring Mullvad on OPNsense

1. Install WireGuard Plugin

First, SSH into your OPNsense box or use the console. Ensure your firmware is up to date, then install the WireGuard plugin:

# pkg update
# pkg install os-wireguard

Alternatively, via web UI: System gt Firmware gt Plugins, then find os-wireguard and click Install.

2. Generate Keys and Configure Interface

In the web UI, go to VPN gt WireGuard gt General:

  • Enable WireGuard
  • Click Add Tunnel
  • Paste your private key (from Mullvad account page)
  • Set Listen Port (e.g. 51820)
  • Save and apply

3. Add Peer Details from Mullvad

Still under VPN gt WireGuard, switch to Peers:

  • Click Add Peer
  • Use Mullvads public key amp endpoint (found in your WireGuard config file)
  • Allowed IPs: 0.0.0.0/0, ::/0
  • Save and apply

4. Assign Interface and Firewall Rules

Under Interfaces gt Assignments, add the new wg0 interface. Then:

  • Enable interface, give it a description (e.g. “VPN-Mullvad”)
  • Under Firewall gt Rules gt LAN, add a rule allowing your LAN network out via the Mullvad interface
  • Apply changes

Installing and Configuring ProtonVPN on OPNsense

1. Prepare OpenVPN Client

Download your ProtonVPN OpenVPN config archive for your chosen server from the ProtonVPN dashboard. Unzip locally to extract .ovpn files.

2. Upload and Import .ovpn

In the OPNsense web UI, navigate to VPN gt OpenVPN gt Clients:

  • Click Add
  • For Server mode choose Peer to Peer (SSL/TLS) or Peer to Peer (Shared Key) depending on ProtonVPN’s file
  • Use Import from file and upload your chosen .ovpn
  • Enter your ProtonVPN username amp password
  • Save and apply

3. Create Interface amp Firewall Rules

Just as with WireGuard:

  • Under Interfaces gt Assignments add the new ovpnc1 interface
  • Enable it and give it a description like “VPN-Proton”
  • Under Firewall gt Rules gt LAN add a rule pointing LAN traffic out via ovpnc1
  • Apply

Summary

Whether you favour the speed and simplicity of Mullvad’s WireGuard setup or the versatility of ProtonVPN’s OpenVPN profiles, OPNsense makes it straightforward. Use the built-in plugin architecture, assign your new tunnel to an interface, and craft firewall rules to direct LAN traffic through the VPN. You’ll have enterprise-grade security and privacy, all managed from the comfort of a familiar web GUI.

Download TXT



Powered by LinuxMind

Leave a Reply

Your email address will not be published. Required fields are marked *