# Point to Site VPN Configuration
## Step 1: Prerequisites
* Create a private network (VPC) without a router via Horizon.
* Navigate to Project → Network → Networks → Create Network.
* Example: Subnet - 192.168.7.0/24, Gateway IP - 192.168.7.1.
## Step 2: Create a Security Group
* Navigate to Project → Network → Security Group → Create Security Group.
* Allow any protocol for the pfSense Server.
## Step 3: Create a pfSense Server
* Attach both Public and Private Interfaces (e.g., Server-0).
* Assign the gateway IP.
* Disable port security of the Private Interface.
## Step 4: Configure pfSense Interfaces
* Set up the LAN and WAN interfaces inside pfSense Server.
## Step 5: Create a Temporary Windows Server
* Create a Windows Server with a private interface (e.g., Server-1).
## Step 6: Access pfSense WebGUI
* Log in using the default username and password.
## Step 7: Initial pfSense Setup
* Complete the basic setup wizard as shown in the images.
## Step 8: Set Up Certificates and OpenVPN Server
* Navigate to VPN → OpenVPN → Servers → Wizards.
* Tunnel Network: 192.168.8.0/24.
* Local Network: 192.168.7.0/24.
* Edit the server settings as needed.
## Step 9: Install OpenVPN Client Export Package & Create Users
* Install 'openvpn-client-export' from System → Package Manager → Available Packages.
* Navigate to VPN → OpenVPN → Client Export to download the bundled configuration archive.
* Ensure you have a user account set up with a user certificate created. This can be completed by
\
selecting System > User Manager > Add. Select a username and Password, then click to create a
user certificate. Give the certificate a name and ensure that the OpenVPN\_CA that we created earlier is
selected. Leave the rest as default and save.
## Step 10: Set up OpenVPN Client
* On Browser search “OpenVPN Connect Download” and download the “Download.msi” file and install it.
* Launch OpenVPN Connect and upload the configuration file.
* Enter the username and password associated with the certificate.
* Click 'Continue' to establish the connection.
## Step 11: Final Testing
* From the OpenVPN client, ping the pfSense LAN IP to verify connectivity.
* Verify VPN tunnel operation (client gets IP from 192.168.8.0/24).
* Ensure correct routing between VPN subnet (192.168.8.0/24) and LAN subnet (192.168.7.0/24).
* Confirm pfSense LAN interface (192.168.7.1) is reachable and responding.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.acecloud.ai/knowledge-base/tutorials/point-to-site-vpn-configuration.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.