How to Configure & Use NordVPN on pfSense 2.4.5

pfSense 2.4.5 offers unified threat management that keeps you safe online. But, any privacy-conscious user would couple it with the VPN security. NordVPN renders an advanced level of security services, and its OpenVPN client can be easily run on pfSense firmware-based routers. Here we've prepared a step-by-step guide to help you configure and use NordVPN on pfSense 2.4.5. Have a look.


If you're using pfSense 2.4.4, check this guide. And, pfSense 2.5 users can follow this NordVPN installation guide.

1. First, visit the NordVPN website.

2. Then, hit the Grab the Deal button and pick a subscription on the next page. 

3. You need to enter your payment information to complete the purchase. 

4. Once done, you'll get a confirmation on your subscription. 

5. Next, visit your pfSense router's web page and navigate to System> Certificate Manager> CAs and click the +Add button. 

6. You need to note the server hostname to perform further steps; click here to find the dedicated IP for your preferred server location. 

server recommended by NordVPN

7. Next, fill in the details mentioned below- 

  • Descriptive Name: Any name
  • Method: Import an existing Certificate Authority
  • Certificate data:

8. Now, click Save

Edit CA for NordVPN in pfSense

9. Move to VPN> OpenVPN> Clients after that and press +Add.

10. Then, enter the below-mentioned details-

  • Disable this client: Uncheck
  • Server mode: Peer to Peer (SSL/TLS)
  • Protocol: UDP on IPv4 only (Alternatively, you can use TCP)
  • Device mode: tun – Layer 3 Tunnel Mode
  • Interface: WAN
  • Local port: Blank
  • Server host or address: The hostname of your preferred server
  • Server port: 1194 (Select 443 for TCP)
  • Proxy host or address: Blank
  • Proxy port: Blank
  • Proxy Authentication: None
  • Description: Any name
NordVPN general information on pfSense

User Authentication Settings

  • Username: Your NordVPN service name
  • Password: NordVPN service password

You can find your NordVPN service credentials in your online account dashboard, right under the Advanced configuration tab. 

  • Authentication Retry: Uncheck
NordVPN user auth settings

Cryptographic Settings

  • TLS Configuration: Check Use a TLS Key; Uncheck Automatically generate a TLS key
  • TLS Key:
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
  • TLS Key Usage Mode: TLS Authentication
  • TLS keydir direction: Use default direction
  • Peer certificate authority: NordVPN_CA
  • Peer Certificate Revocation list: No need to define
  • Client certificate: Choose webConfigurator default (59f92214095d8) (Server: Yes, In Use)
  • Encryption Algorithm: AES-256-GCM
  • Enable NCP: Check
  • NCP Algorithms: AES-256-GCM and AES-256-CBC
  • Auth digest algorithm: SHA512 (512-bit)
  • Hardware Crypto: No Hardware Crypto Acceleration
NordVPN Cryptographic settings

Tunnel Settings

  • IPv4 tunnel network: Blank
  • IPv6 tunnel network: Blank
  • IPv4 remote network(s): Blank
  • IPv6 remote network(s): Blank
  • Limit outgoing bandwidth: Blank
  • Compression: No LZO Compression [Legacy style,comp-lzo no]
  • Topology: Subnet – One IP address per client in a common subnet
  • Type-of-Service: Uncheck
  • Don’t pull routes: Uncheck
  • Don’t add/remove routes: Check
NordVPN Tunnel settings

Advanced Configuration

  • Custom Options:
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
reneg-sec 0;
remote-cert-tls server;
  • UDP FAST I/O: Uncheck
  • Exit Notify: Disabled
  • Send/Receive Buffer: Default
  • Gateway creation: IPv4 only
  • Verbosity level: 3 (recommended)
NordVPN Advanced Configuration

11. Next, move on to Interfaces> Interface Assignments and hit the Add button to include the NordVPN interface.

12. After that, click the OPT1 option and fill the below information in the assigned interface-

  • Enable: Check
  • Description: NordVPN
  • Mac Address: Blank
  • MTU: Blank
  • MSS: Blank

13. No need to change anything else; just click Save.

14. Now, locate Services> DNS Resolver> General Settings.

15. Enter the below details now-

  • Enable: Check
  • Listen port: Leave unchanged
  • Enable SSL/TLS Service: Uncheck
  • SSL/TLS Certificate: webConfigurator default (59f92214095d8) (Server: Yes, In Use)
  • SSL/TLS Listen Port: Leave as is
  • Network Interfaces: All
  • Outgoing Network Interfaces: NORDVPN
  • System Domains Local Zone Type: Transparent
  • DNSSEC: Uncheck
  • Python Module: Uncheck
  • DNS Query Forwarding: Check Enable forwarding mode; Uncheck Use SSL/TLS for outgoing DNS Queries to Forwarding Servers
  • DHCP Registration: Check
  • Static DHCP: Check
  • OpenVPN Clients: Uncheck
NordVPN DNS Resolver

16. Click Save once done. 

17. Move to DNS Resolver next and select the Advanced Settings tab.

18. Fill this field with the below information-

Advanced Privacy Options

  • Hide Identity: Check
  • Hide Version: Check
  • Query Name Minimization: Uncheck
  • Strict Query Name Minimization: Uncheck

Advanced Resolver Options

  • Prefetch Support: Check
  • Prefetch DNS Key Support: Check
  • Harden DNSSEC Data: Uncheck
Advanced Resolver Options

19. No need to change other options, just press Save.

20. Move to Firewall> NAT> Outbound and choose Manual Outbound NAT rule generation

21. Click Save now, and all 6 rules of IPv6 will appear.

22. You need to delete all the rules and add a new one. 

23. For the new rule, the Interface will be NordVPN, and the Source will be your LAN subnet, i.e.,

Advanced Outbound NAT

24. Click the Save button now and navigate to Firewall> Rules> LAN.

25. You've to delete the IPv6 rule now and edit the IPv4 rule. 

26. To edit that, click Show Advanced Options and change the Gateway to NordVPN.

27. Next, click Save and move to System> General Setup.

28. Now, enter the primary and secondary server as follows-

  • DNS Server 1:; none
  • DNS Server 2:; NordVPN_VPNV4 - opt1 - ...

29. Then, hit the Save button.

30. Finally, move to Status> OpenVPN, and the VPN services should be up

That’s all! Now you know how to configure and use NordVPN on pfSense 2.4.5. If you have further queries, drop us a comment through the below button. Thanks for reading! 

How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari