Finally got my vpn working so thought I would post some details. I don't have any experience with vpns other than trying a server on Oracle recently that worked for a month or so and then had some issues I couldn't resolve. This is far from a complete step by step - just some things that tripped me up.
Since I am behind CGNAT I need the server to be in the cloud. So I gave OpenVPN cloud a try. It's free for up to 3 connections (the pfsense box counts as one so really only two others but I only need 1 so no issue there).
The configuration is split tunnel. As I recall there was a selection based on what I wanted to do that set that.
Started with default pfsense setup. There is a way to register for a free upgrade to pfsense+ that I did (Thanks for the info on that Pete!). Just a fairly standard router setup with DHCP server and blocking a few devices from the net.
As admin you set up users and they get a temporary password. They then have to log in as a user, set a new password and download their ovpn file. As admin you also need to set up a device for them - seems like sort of a placeholder because you don't put in the actual device info.
The first time I used the client on Android I had to enter the user and password but that appears to be a one time thing.
For the pfsense openvpn client it does not get set up the same way. Need to use network connector (not user profile). Get that under network, then click on network name and connector will appear. Download that ovpn file. Don't use the client import function but manually enter the parts from the ovpn file as detailed here.
https://openvpn.net/cloud-docs/using-openvpn-cloud-profile-to-configure-pfsense/
Since I am behind CGNAT I need the server to be in the cloud. So I gave OpenVPN cloud a try. It's free for up to 3 connections (the pfsense box counts as one so really only two others but I only need 1 so no issue there).
The configuration is split tunnel. As I recall there was a selection based on what I wanted to do that set that.
Started with default pfsense setup. There is a way to register for a free upgrade to pfsense+ that I did (Thanks for the info on that Pete!). Just a fairly standard router setup with DHCP server and blocking a few devices from the net.
As admin you set up users and they get a temporary password. They then have to log in as a user, set a new password and download their ovpn file. As admin you also need to set up a device for them - seems like sort of a placeholder because you don't put in the actual device info.
The first time I used the client on Android I had to enter the user and password but that appears to be a one time thing.
For the pfsense openvpn client it does not get set up the same way. Need to use network connector (not user profile). Get that under network, then click on network name and connector will appear. Download that ovpn file. Don't use the client import function but manually enter the parts from the ovpn file as detailed here.
https://openvpn.net/cloud-docs/using-openvpn-cloud-profile-to-configure-pfsense/