OpenVPN cloud account and pfsense


Senior Member
Finally got my vpn working so thought I would post some details.  I don't have any experience with vpns other than trying a server on Oracle recently that worked for a month or so and then had some issues I couldn't resolve.  This is far from a complete step by step  - just some things that tripped me up.  
Since I am behind CGNAT I need the server to be in the cloud.  So I gave OpenVPN cloud a try.  It's free for up to 3 connections (the pfsense box counts as one so really only two others but I only need 1 so no issue there).  
The configuration is split tunnel.  As I recall there was a selection based on what I wanted to do that set that.
Started with default pfsense setup.  There is a way to register for a free upgrade to pfsense+ that I did (Thanks for the info on that Pete!).  Just a fairly standard router setup with DHCP server and blocking a few devices from the net.
As admin you set up users and they get a temporary password.  They then have to log in as a user, set a new password and download their ovpn file.  As admin you also need to set up a device for them - seems like sort of a placeholder because you don't put in the actual device info.  
The first time I used the client on Android I had to enter the user and password but that appears to be a one time thing.
For the pfsense openvpn client it does not get set up the same way.  Need to use network connector (not user profile). Get that under network, then click on network name and connector will appear.  Download that ovpn file.  Don't use the client import function but manually enter the parts from the ovpn file as detailed here.

OpenVPN server requires user and password each time it is used (it may not need it if it is used again a short time after it was used but it is not a one time, enter on initial use. Kind of a pain and doesn't really seem needed as a key file is used although if someone was to get my phone they could use the VPN (assuming they could unlock the phone). thinking I will make the password something simple because entering a complex but more secure password is a pain. The Oracle cloud server did not require a password like this. I suppose I should look a the setup again as it may be an option to not have a password when using the client.