Router Setup

How to Setup the Latest pfSense OpenVPN Client using XML Import

Last updated: September 11, 2025
Table of Contents

Important Warning

This method will delete and replace any existing OpenVPN configuration on pfSense. If you have existing configurations you want to keep, please use the manual configuration guide instead.

XML Import Method Benefits

This method uses TorGuard's config generator to create a complete OpenVPN configuration that can be imported into pfSense with just a few clicks. Perfect for setting up multiple servers quickly or deploying standardized configurations.

Method Overview

Why Use XML Import?

XML Import Method

  • Quick multi-server setup
  • Automated configuration
  • Less prone to manual errors
  • Easy to redeploy
  • Replaces existing configs

Manual Method

  • Preserves existing configs
  • More granular control
  • One server at a time
  • Takes more time
  • Good for existing setups

Prerequisites

Before You Begin

  • pfSense firewall with admin access
  • Active TorGuard VPN account
  • TorGuard VPN username and password
  • Backup of existing OpenVPN configs (if any)

Step 1: Login to pfSense

Access your pfSense web interface (typically https://192.168.1.1)

Step 2: Choose VPN Servers

Select Server Locations

Decide which VPN gateway(s) you want to connect to. You can find all available servers on our network page.

If you have a dedicated/static IP, use that server hostname instead of the shared servers.

Step 3: Import Certificate Authority

Add TorGuard CA Certificate

  1. Navigate to System → Cert Manager
  2. Click Add
  3. Configure the certificate:
    • Descriptive name: TorGuard-CA
    • Method: Import an existing Certificate Authority
  4. Download the OpenVPN CA certificate from our certificate page
  5. Open the certificate in a text editor
  6. Copy the entire contents into the Certificate data field
  7. Click Save
pfSense Certificate Manager
Importing TorGuard CA certificate into pfSense

Step 4: Generate XML Configuration

Use TorGuard Config Generator

  1. Go to TorGuard website → Tools → Config Generator
  2. Select pfSense as the platform
  3. Choose your desired VPN server(s)

    Pro Tip: Hold CTRL (or CMD on Mac) while clicking to select multiple servers!

  4. Select OpenVPN configuration options
  5. Click Generate
  6. An XML file will be downloaded to your computer
TorGuard Config Generator
TorGuard's pfSense config generator with multi-server selection

Step 5: Import XML Configuration

Restore OpenVPN Configuration

  1. In pfSense, navigate to Diagnostics → Backup & Restore
  2. Configure the restore:
    • Restore Area: OpenVPN
    • Configuration File: Choose the downloaded XML file
  3. Click Restore Configuration

This will replace ALL existing OpenVPN configurations!

pfSense restore configuration
Importing OpenVPN configuration via XML restore

Step 6: Enable and Configure Credentials

Activate OpenVPN Clients

Imported configurations are disabled by default and need your VPN credentials.

  1. Navigate to VPN → OpenVPN → Clients
  2. Click the edit icon (✏️) next to the configuration you want to activate
OpenVPN client list
Imported OpenVPN configurations ready for activation

Step 7: Configure Client Settings

Enable and Add Credentials

  1. Uncheck "Disabled" to enable the client
  2. Under User Authentication Settings:
    • Username: Your TorGuard VPN username
    • Password: Your TorGuard VPN password
    • Authentication Retry: Leave unchecked
  3. Click Save
OpenVPN authentication settings
Configuring VPN credentials and enabling the client

Step 8: Configure NAT Rules

Setup Outbound NAT

  1. Navigate to Firewall → NAT → Outbound
  2. Select Manual Outbound NAT rule generation
  3. Click Save
  4. You should see 4 default rules
  5. For each rule:
    • Click the "copy" icon (📄) to duplicate the rule
    • Change the Interface to OpenVPN
    • Click Save
  6. After duplicating all 4 rules, click Apply Changes
NAT rules configuration
Outbound NAT rules for OpenVPN interface

Step 9: Configure DNS

Set DNS Servers

  1. Navigate to System → General Setup
  2. Configure DNS servers:
    • DNS Server 1: 1.1.1.1
    • DNS Server 2: 10.8.0.1
  3. Click Save

DNS Server Explanation:

  • 1.1.1.1: Cloudflare's public DNS for reliability
  • 10.8.0.1: TorGuard's internal DNS for VPN queries

Step 10: Verify Connection

Check VPN Status

  1. Navigate to Status → OpenVPN
  2. Verify your OpenVPN client shows as "up" with a green status
OpenVPN status
OpenVPN client connected and running

Verify IP Change

Visit TorGuard's What's My IP tool to confirm:

  • Your IP address has changed to the VPN server location
  • DNS leak test shows no leaks
  • Your real IP is hidden

Managing Multiple Servers

Working with Multiple Configurations

If you imported multiple servers:

  • Each server appears as a separate client in the list
  • Enable only one at a time for standard use
  • Configure failover using gateway groups for redundancy
  • Each needs credentials configured individually

Tip: Name your clients descriptively (e.g., "TorGuard-USA-NY") for easy identification.

Troubleshooting

Import Failed

  • Ensure you selected "OpenVPN" as restore area
  • Verify the XML file isn't corrupted
  • Try generating a fresh configuration
  • Check pfSense version compatibility

Connection Won't Establish

  • Double-check username and password
  • Verify the client is enabled (not disabled)
  • Check firewall rules aren't blocking
  • Try a different server location

No Internet Access

  • Verify NAT rules are configured correctly
  • Check DNS servers are set
  • Ensure default gateway is set to VPN
  • Test with a single client device first

Was this article helpful?

Share:

Ready to Get Help?

Our support team is available 24/7 to assist you with any questions.

Submit a Ticket Email Support