Setting up a Router running pfSense Firmware

To Setup Private Internet Access on pfSense firmware.

Download this certificate here:

Open the certificate with a text editor and keep this open as we will copy and paste the contents shortly. Open a browser and type in the ip address of your router to access the GUI most routers default to

Select System a Certificate Manager, if there are any Certificates here delete them by clicking the trash icon.

Click Add name the certificate PIA Cert in the Descriptive Field, then paste the certificate mentioned earlier into the certificate data text field and click save.



When finished the certificate will appear in the list of CAs.



Navigate to the VPN ->  Openvpn -> Clients tab then click Add.

Use the following settings:

In the Server host or address enter one of our domain names listed here:

  • Server port: 1194
  • Description: PIA U.S. West
  • Peer Certificate Authority: Select the PIA Cert.
  • Enter your username and password
  • TLS Configuration: Uncheck Use TLS Key
  • Ensure NCP is checked.
  • Remove AES-128-GCM and AES-256-GCM by clicking their names.
  • Add BF-CBC, AES-128-CBC and AES-256-CBC  by clicking on them in the left hand list. 

Paste the following into the Custom options text field:

remote-cert-tls server
reneg-sec 0

When finished click save.



Navigate to Firewall -> NAT -> Outbound

Set the Mode under General Logging Options to "Manual Outbound NAT rule generation (AON)", and click Save.

Under the Mappings section, click the duplicate (dual-page) icon on the right for the first rule shown in the list.

Set Interface to "OpenVPN" and click Save at the bottom.

Repeat the last two steps for all remaining rule shown under Mappings, until every rule has a duplicate for OpenVPN.



Click Apply at the top of the page to apply all changes.

Navigate to Status -> OpenVPN.

If Status doesn't show as "up", click the circular arrow icon under Actions to restart the service. If it still does not come up, navigate to Diagnostics -> Reboot to restart the device.


Feel free to contact us at for additional assistance.

Have more questions? Submit a request