DrJohnZoidberg
Honorary Master
I just set my FrootVPN account through my PfSense box so I could route certain traffic over it. Thought it may be useful seeing we have so many PfSense converts here lately 
PART ONE (THE OPENVPN CONFIG)
Step 1:
Sign up and get your free Froot VPN account (https://www.frootvpn.com/).
Step 2:
Download the Froot VPN OVPN config file (https://www.frootvpn.com/files/frootvpn.ovpn).
Step 3:
Copy the certificate info into pfSense. Open up the frootvpn.ovpn file in a text editor.
1. Go to System -> Cert Manager -> CA tab.
2. Click the "+" button.
3. Make sure method is "Import an existing Certificate".
4. In "Descriptive Name" enter frootvpn-ca.
5. In "Certificate Data" copy and paste the <ca> section from the frootvpn.ovpn file. The text should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
6. You can leave the other fields blank.
7. Hit "Save".
8. Go to System -> Cert Manager -> Certificates tab.
9. Click the "+" button.
10. Make sure method is "Import an existing Certificate".
11. In "Descriptive Name" enter frootvpn.
12. In "Certificate Data" copy and paste the <cert> section from the frootvpn.ovpn file. The text should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
13. In "Private key data" copy and paste the <key> section from the frootvpn.ovpn file. The text should start with "-----BEGIN PRIVATE KEY-----" and end with "-----END PRIVATE KEY-----".
14. Hit "Save".
Step 4:
Create a password file.
1. Go to Diagnostics -> Edit File.
2. In the "Save / Load from path:" box enter: /etc/frootvpn-password.txt.
3. In the edit box below enter your FrootVPN username and then password, each on a new line like this:
4. Hit the "Save" button.
Step 5:
Set up a new OpenVPN client.
1. Go to VPN -> OpenVPN -> Client tab.
2. Click the "+" button.
3. Change "Interface" to whichever WAN interface you want to connect to the VPN with.
4. Under "Server host address" enter the host address which can be found in the frootvpn.ovpn file. Currently it is se-openvpn.frootvpn.com.
5. Under "Server port" enter any one of the listed ports in the frootvpn.ovpn file. Currently these range from 1194 through to 1209.
6. Check the "Infinitely resolve server" box.
7. Under "Description" enter Froot VPN.
8. Uncheck the box "Enable authentication of TLS packets".
9. Under "Peer Certificate Authority" select "frootvpn-ca".
10. Under "Client Certificate" select "frootvpn".
11. Under "Encryption algorithm" select "BF-CBC (128-bit)".
12. In the "Advanced" field, enter the following:
13. Leave all the other fields either blank or on their default setting and hit "Save". Here is a screen grab of my config:
Your VPN should connect now, although you won't be able to route traffic through here until we have configured out interfaces correctly (this is in part two).
To check that your VPN is working, go to Status -> OpenVPN and you will see a section like this:
Continue to part two.
PART ONE (THE OPENVPN CONFIG)
Step 1:
Sign up and get your free Froot VPN account (https://www.frootvpn.com/).
Step 2:
Download the Froot VPN OVPN config file (https://www.frootvpn.com/files/frootvpn.ovpn).
Step 3:
Copy the certificate info into pfSense. Open up the frootvpn.ovpn file in a text editor.
1. Go to System -> Cert Manager -> CA tab.
2. Click the "+" button.
3. Make sure method is "Import an existing Certificate".
4. In "Descriptive Name" enter frootvpn-ca.
5. In "Certificate Data" copy and paste the <ca> section from the frootvpn.ovpn file. The text should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
6. You can leave the other fields blank.
7. Hit "Save".
8. Go to System -> Cert Manager -> Certificates tab.
9. Click the "+" button.
10. Make sure method is "Import an existing Certificate".
11. In "Descriptive Name" enter frootvpn.
12. In "Certificate Data" copy and paste the <cert> section from the frootvpn.ovpn file. The text should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
13. In "Private key data" copy and paste the <key> section from the frootvpn.ovpn file. The text should start with "-----BEGIN PRIVATE KEY-----" and end with "-----END PRIVATE KEY-----".
14. Hit "Save".
Step 4:
Create a password file.
1. Go to Diagnostics -> Edit File.
2. In the "Save / Load from path:" box enter: /etc/frootvpn-password.txt.
3. In the edit box below enter your FrootVPN username and then password, each on a new line like this:
Code:
Username
Password
4. Hit the "Save" button.
Step 5:
Set up a new OpenVPN client.
1. Go to VPN -> OpenVPN -> Client tab.
2. Click the "+" button.
3. Change "Interface" to whichever WAN interface you want to connect to the VPN with.
4. Under "Server host address" enter the host address which can be found in the frootvpn.ovpn file. Currently it is se-openvpn.frootvpn.com.
5. Under "Server port" enter any one of the listed ports in the frootvpn.ovpn file. Currently these range from 1194 through to 1209.
6. Check the "Infinitely resolve server" box.
7. Under "Description" enter Froot VPN.
8. Uncheck the box "Enable authentication of TLS packets".
9. Under "Peer Certificate Authority" select "frootvpn-ca".
10. Under "Client Certificate" select "frootvpn".
11. Under "Encryption algorithm" select "BF-CBC (128-bit)".
12. In the "Advanced" field, enter the following:
Code:
auth-user-pass /etc/frootvpn-password.txt;
ns-cert-type server;
route-nopull;
verb 3;
13. Leave all the other fields either blank or on their default setting and hit "Save". Here is a screen grab of my config:


Your VPN should connect now, although you won't be able to route traffic through here until we have configured out interfaces correctly (this is in part two).
To check that your VPN is working, go to Status -> OpenVPN and you will see a section like this:

Continue to part two.
Last edited: