Create secure VPN with OpenVPN and pFsense on EDIS KVM plans

This is a basic guide to install pFSense, set up an OpenVPN server and install the connection on a Windows or macOS computer in less than 30 minutes. pfSense has a simple to use WebGUI und is pretty much self-explanatory. 

EDIS KVM plans are available in 30+ locations around the globe.
Pick the server-location closest to you and/or the location you'd like to connect to.
Order a KVM product starting on our website at
If you own one already, you can skip forward to the next step. If you need one, use coupon code WorkFromHome during checkout to get 5% discount on your first month.
To start the installation please log in to our control panel: and login with your email address and password.
In the overview please select the server you would like to install with the pfSense.
Go to the CD-ROM dropdown menu and select the pfSense-CE-XXX-XXX.iso
A pop-up window appears on the screen please confirm with "Insert CD"
Now please enable the VNC for that click on the button "enable VNC"
Please set a password of your choosing (the button "enable VNC" appears after you inserted the password and confirmed it)
Now start you favoured VNC Viewer and use the IP and the port to connect to your KVM or press the button "Start browser-based terminal" this will open a new window where you insert the password and connect directly to your KVM.
After you are connected you can make soft reset via the control panel or you can send a Ctrl-Alt-Del to the server and it should reboot.
On the first screen press ESC or F12 to get into the Boot menu
In the boot menu please select the ata0-1 which is number 2 or 3 in the menu. 
Press 1 and with for the system to boot into the installation menu
Confirm the Copy and distribution rights with Accept (press Enter)
Confirm with ENTER the start of the install
After you selected the keyboard layout select "Continue with XX.YYY keymap"
Select the “Auto (UFS)” installation and click OK to start
Wait for the installation to finish
With "NO" confirm the end of the installation process and Reboot the server
After the server reboots you will see:
Should VLANs be set up now [y|n]? N <-- We don't use VLANs
Enter the WAN interface name or 'a' for auto-detection
(vtnet0 or a): vtnet0 <-- This is the public interface
Enter the LAN interface name or 'a' for auto-detection
(a or nothing if finished): <-- Just press enter 
Do you want to proceed [y|n]? y <-- this will take some time since the server is waiting for a DHCP which it will not get
In the menu select the 2nd option (Set interface(s) IP address)
Configure IPv4 address WAN interface via DHCP? (y/n) n <-- We will configure the static IP in the next step
Enter the new WAN IPv4 address. Press <ENTER> for none:
> XXX.XXX.XXX.XXX <-- you can find your public IP in the CP
Enter the new IPv4 subnet bit count (1 to 31):
> 24 <-- usually it is 24 in some subnets it is 25 you can find this information in the CP in the "IPv4 Network properties"
For WAN, enter the new WAN IPv4 upstream gateway address.
For a LAN, press <ENTER> for none:
> XXX.XXX.XXX.1 <-- You can find the Gateway properties in the CP  in the "IPv4 Network properties"
Configure IPv6 address WAN interface via DHCP6? (y/n) n
Enter the new WAN IPv6 address. Press <Enter> for none:
> <-- Press enter since we will not configure an IPv6 in this tutorial
Do you want to enable DHCP server on WAN? (y/n) n <-- select NO since EDIS doesn't allow DHCP servers for public IPs
In the first set up you will be asked if the WebGUI should be activated please confirm with Yes
As the last step press ENTER to return to the main menu
You will now see the WAN IP in the main menu
Please go to your favourite browser and go to http://XXX.XXX.XXX.XXX <-- replace the XXX.XXX.XXX.XXX with your WAN IP which you just set. 
You will see a login screen. Please login with the default credentials:
user: admin
pass: pfsense
Please follow the setup wizard:
Press next:
In the general information, you need to set the Hostname of the server, the domain and the Primary and Secondary DNS:
You can find the DNS in the CP  in the "IPv4 Network properties"
Select the time zone and the NTP server
In the next step, we recommend you select the option on the bottom Block private networks from entering via WAN
Select you admin password please use a secure password and don't lose it. 
Press "Reload" to save and apply the changes. 
Press Finish to complete the setup
Accept the terms and conditions
Now select from the menu System -> Advanced 
Set the Protocol to HTTPS
and press Save on the bottom
The side will reload and you will have to confirm the accept for the SSL certificate which is a local one and re-login  
Go to the System -> Advanced menu and select the Networking tab and check the box Disable hardware checksum offload
Press Save on the bottom.
Go to the Miscellaneous tab and select from the Cryptographic Hardware dropdown menu AES-NI and BSD Crypro Device
Please go to Diagnostics -> reboot and press the reboot button.
Confirm the reboot. This takes around 2 minutes
Please re-login after the reboot. 
Go to System -> Package Manager and select the Available Package tab
Into the search field enter VPN and press + Install on the OpenVPN-client-export plugin 
Confirm the installation and wait for it to complete
Now select from the main menu VPN -> OpenVPN and select the Wizard tab
Select Local User access for the Type of server
Now we need to create a new Certificat Authority Certificat short (CA)
We recommend you use an 8192-bit Key length. Fill the rest of the information and click create CA
The next step is creating the Server certificate.
Select also a Key length of 8192-bit the rest ist wat you need
Click Create new Certificate
Set a description for your server 
Set the DH Paramerts Length to 8192-bit
Encryption Algorithm to a 256 bit key of your choosing
The Auth Digest Algoridem to SHA 512-bit 
In the Tunnel Settings section:
Set your VPN IP rang like
If you set the option Redirect Gateway all the traffic from your clients will be tunnelled via the OpenVPN server else only the local traffic for the IP range will send into the VPN tunnel.
Check the box Inter-Client Communication so your clients can talk to each other. 
The rest can be set if needed. 
Click next.
Check the box Firewall Rule and OpenVPN rule.
Click next.
finish the installation by clicking the Finish button.
You will be redirected to the Servers tab in the OpenVPN menu
Select the edit option left of the newly created VPN server
and Save
You can select the Server mode here
Remote Access (SSL/TLS + User Auth) <-- For this option, the client needs an SSL certificate (we will create it in the next steps) and his username and password
Remote Access (User Auth)  <-- For this option, the client needs only his username and password
Remote Access (SSL/TLS)  <-- For this option, the client needs only the SSL
Depending on the level of security choose one of the Server modes.
Scroll down to the 
Go to Related status icon (top left)
In the action section press, the reload button.
Now go to System -> User Manager press the + Add button
Set a username and password and check the Certificate box.
in the Description type in the username, so you can locate the certificate later for the export and set the Key Lenght to 4096-bit
Click Save

Client configuration:

To export the configuration for a client please go to VPN -> OpenVPN and select the Client Export tab
Since we only have one VPN server active you don't need to change the server in the drop-down menu Remote Access Server. Scroll down to the bottom of the page where you will see OpenVPN Clients.

Windows-based clients:

For a Windows OS select Current Windows installer (XXXXX)
and select the correct version of OS
Your browser will download a .exe file.
Run the file on a clients computer. Simply click next until you finish the installation.
You will find a new Icon on the clients desktop
Run it and a new Icon will appear near the clock in the tasks menu bar.
Click on it with a right-click and select Connect
A new window will appear and text will run down when the connection is established it will disappear again
If the connection was successful the OpenVPN Icon will be Green
If the Icon is Yellow the connection is establishing or there is a problem. 
If you set the Redirect Gateway you can go to and you should see the WAN IP of your server.

macOS clients:

Download the OpenVPN client software <-- Free client
You also can use Viscosity
Install the client.
In the OpenVPN Clients list select Most Clients or Viscosity Bundle depending on your client.
Find the configuration file you just downloaded and run it. You OpenVPN client will automatically add the connection.
Go to your OpenVPN client and start the VPN connection.
If you used SSL/TLS + Auth a window will appear so you can enter you login information
Press OK and wait for the connection to be established 
If the connection is established successfully you will see
This support article was created on 18.3.2020

Add Feedback