This took WAY too long to figure out, so here is a summary of how I got OpenVPN client working with a PFSense server.
First create an openvpn profile in pfsense.
The IP addresses and CAs will be different for you (I’m not going to go into that part, but you should have a CA and User certs already setup)
- Remote Access SSL/TLS + User Auth
- TUN mode
- pick any port you want
- Enable TLS auth
- Autogenerate the TLS key, we’ll need to get this key later on
- Server cert should be the one you generated your user certs off of
- DH length is 2048
- Encryption algorithm is BF-CBC 128 (I know, just pick it)
- Auth digest is SHA-1 160
- IPV4 network is just a small network for your VPN endpoints. I like a /28
- Do not select redirect gateway. ChromeOS will anyway
- IPv4 local network should be the networks you use in your LAN
- Compression is Enabled with Adaptive compression
I spent way too much time on this part.
- Address pool should be checked
- Topology should be Net30
- Nothing checked in this section