ENDE
The #1 VPN Client for Mac, iPhone & iPad
The #1 VPN Client for Mac, iPhone & iPad
Blog
Skip to main content
DevicesHow Tos

How to Connect to pfSense VPN on Mac – Easy VPN Configuration Guide for Netgate pfSense

By Team equinuxSeptember 17, 2025October 7th, 2025No Comments

Learn how to connect to pfSense VPN on Mac. Use this step-by-step guide to set up WireGuard VPN with your Netgate pfSense appliance. We cover configuration on your device, connecting with VPN Tracker, and rolling out VPN access for your team.

Guide Contents

About Netgate pfSense Appliances

Netgate pfSense appliances are powerful, flexible firewall and VPN solutions for networks of all sizes. With models ranging from compact devices for small offices to enterprise-grade appliances, pfSense offers reliable network security and connectivity features. Each device is powered by pfSense Plus software, which provides advanced routing, firewall, and VPN capabilities.

Connect to pfSense VPN on Mac: Supported Devices

VPN Tracker works with all current Netgate pfSense appliances. This includes:

    • Netgate 1100
    • Netgate 2100
    • Netgate 3100
    • Netgate 4200
    • Netgate 6100
    • Netgate 6200
    • Netgate 7100
    • Netgate 8100
    • PFSense Plus
    • PFSense CE
Netgate 1100 appliance

Connect to pfSense VPN on Mac – including Netgate 1100

If your device is a different Netgate pfSense appliance, there’s a good chance it will still work with VPN Tracker. For guidance, refer to the official VPN Tracker documentation.

Supported VPN Protocols

pfSense appliances support a wide range of VPN protocols to meet different networking needs. These include:

  • OpenVPN for flexible remote access
  • IPsec (IKEv1 + IKEv2) for site-to-site and remote access connections
  • WireGuard for modern, fast, and easy VPN setups

OpenVPN Configuration on pfSense

This guide will walk you through setting up an OpenVPN server on pfSense, creating certificates, and exporting client configurations to connect in VPN Tracker for Mac, iPhone and iPad.

Step 1: Create CA and Server Certificate

A Certificate Authority (CA) allows pfSense to issue trusted certificates. The server certificate identifies the VPN server to the VPN client.

    1. To begin, navigate to System → Certificates → Authorities.
    2. Click + Add to create a new CA
      screenshot from netgate pfsense certificate manager showing how to add a certificate authority for OpenVPN

      Click to create a new CA for OpenVPN

    3. Enter the required information and hit Savescreenshot from netgate pfsense certificate manager showing how to add a certificate authority for OpenVPN
    4. Move to the Certificates tab and click +Add
    5. Under Method, choose Create an internal certificate
    6. Set Certificate Type to Server Certificate
    7. Then, select the CA you created earlier
    8. Give it a clear name (e.g. OpenVPN-Server-Cert) and save

    Step 2: Add Users and Generate User Certificates

    A user certificate is unique to the VPN user (i.e. your team members) and identifies each user to the VPN client (i.e. VPN Tracker.)

    1. Go to System > User Manager > Users
    2. Click +Add to add a new user profile
      screenshot from netgate pfsense user manager showing how to add a system user

      Click to add a new user

    3. Enter the user's settings and define their user group(s). Then, check the box Click to create a user certificate
      screenshot from netgate pfsense user manager showing how to update user properties and generate user certificate needed for OpenVPN

      Check the box to create a user certificate

       

    4. Under Create Certificate for User, you can fill in the information – i.e. Name and certificate lifetime – to generate a personalized user certificate
      screenshot from netgate pfsense user manager showing how to update user properties and generate user certificate needed for OpenVPN

      Fill in properties for the user certificate

    5. Your newly created user will appear in the User Manager. Repeat this process to add further users

Step 3: Set Up the OpenVPN Server Using the Wizard

The OpenVPN wizard simplifies server configuration, guiding you through network settings, protocols, and authentication. This ensures that the VPN is secure and properly integrated with pfSense.

Note: This setup guide refers to the Local User Access VPN configuration option.
If you choose LDAP or RADIUS authentication, additional steps will appear in the wizard. For Local User Access, the wizard skips directly from Step 1 to Step 5 — this is expected behavior.

  1. Go to VPN → OpenVPN → Wizards
  2. For Type of Server, select Local User Access from the dropdownscreenshot from netgate pfsense openvpn wizard
  3. Next, choose the Certificate Authority (CA) you created earlierscreenshot from netgate pfsense openvpn wizard
  4. Then, select the Server Certificate you createdscreenshot from netgate pfsense openvpn wizard
  5. In the next step, give your server a name for reference (e.g. ovpn Server) and enter the port for the VPN. VPN Tracker uses the default port 1194screenshot from netgate pfsense openvpn wizard
  6. The OpenVPN encryption settings can be kept as default
  7. Next, specify the IPv4 Tunnel Network, which defines the private IP range used inside the VPN tunnel, and the IPv4 Local Network, which is the internal network your VPN users will access — in most cases, this will be your LANscreenshot from netgate pfsense openvpn wizard
Note: The wizard also includes steps for DNS settings and firewall rules.
For this setup, you can leave these options at their defaults — pfSense will automatically apply suitable settings.
  1. Review and complete the wizard to apply the OpenVPN server configuration

Step 4: Export the Client Configuration

VPN clients need the correct configuration files to connect. The Client Export Utility generates ready-to-use profiles for VPN Tracker, saving you from manual configuration errors.

  1. Install the OpenVPN Client Export Utility from the pfSense package manager
    screenshot from netgate pfsense UI showing the package installer for the openvpn configuration exporter tool

    Install the exporter to be able to export OpenVPN configuration files from your pfSense device

  2. Go to VPN → OpenVPN → Client Export
  3. Remote Access Server: Choose the OpenVPN server you created earlierscreenshot from netgate pfsense openvpn client exporter
  4. Scroll down and select the preferred VPN user. Then, export the Most Clients configuration (compatibility with macOS confirmed)screenshot from netgate pfsense openvpn configuration export
  5. Your configuration file will be downloaded onto your Mac, ready to use with VPN Tracker

Step 5: Import Configuration into VPN Tracker

VPN Tracker allows you to quickly import the exported OpenVPN configuration file to connect to your pfSense server on Mac, iPhone and iPad.

  1. Open the VPN Tracker Connection Creator for pfSense OpenVPN
  2. Upload the previously exported .ovpn fileScreenshot of openvpn file upload in VPN Tracker connection creator for Netgate pfSense OpenVPN
  3. Save the connection in your account to connect to your pfSense VPN on Mac, iPhone and iPad in VPN Tracker
VPN Tracker screenshot showing a successful NetGate PFSense OpenVPN connection in VPN Tracker for Mac

Success! Connect to your Netgate pfSense OpenVPN in VPN Tracker

Tip: The first time you try to connect in VPN Tracker, you will need to enter the username and password for the user you created during the VPN setup on your pfSense device. Remember to store your login details in your Keychain for future use!

screenshot from VPN Tracker for Mac requesting username and password for pfSense OpenVPN connection

Enter your VPN username and password to connect to Netgate pfSense VPN in VPN Tracker


How to Set Up WireGuard on Your pfSense Appliance

WireGuard is a modern, lightweight VPN protocol that’s fast, secure, and easy to configure. With pfSense, you can use WireGuard to provide remote access for Macs, iPhones, and iPads — and connect seamlessly using VPN Tracker.

Important note: If you don’t see WireGuard as an option in the VPN menu, you may need to install the WireGuard package first.

To install the package:

  1. Log in to the pfSense web interface as an administrator
  2. Go to System > Package Manager > Available Packages
  3. Search WireGuard in the list and click + Installinstall the wireguard package for netgate pfsense vpn
  4. Click Confirm to start installation, then wait for the package to complete before continuingconfirm installation of the wireguard package

Configuring a WireGuard VPN server on pfSense

Once the package is installed, you can configure WireGuard on your pfSense appliance:

  1. In the admin interface, go to VPN > WireGuardwireguard vpn settings in the netgate pfsense interface
  2. Click + Add Tunnel to create a new WireGuard tunneladd a new WireGuard tunnel
  3. Click the blue Generate button to create a public/private key pair for your tunnel and assign an internal tunnel address (for example: 10.0.50.1/24) for the WireGuard interface and click Save and Apply Changesadd a new tunnel 
  4. Switch to the Peers tab. Here, you’ll add a peer for each device that will connect (such as your Mac running VPN Tracker).
    - Choose your new WireGuard tunnel from the dropdown
    - Enter a peer description
    - Generate a PSK and Copy'n'Paste it to the Public Key field
    - Regenerate a PSK or just delete the former PSK
    - Add an allowed IP which is part of the network of the tunnel interface, e.g. 10.0.51.2/24)
    - Add a description (just for reference)
    Add a new peer for the wireguard tunnel
  5. Save each peer and Apply Changes to finalise the peers
  6. Generate the client configuration files

Tip: Each configuration file contains the keys and connection details needed to connect a client device. You’ll use these files in the next step when setting up your connection in VPN Tracker.

Once the configuration files are ready, you can import them directly into VPN Tracker on your Mac, iPhone, or iPad to start using your WireGuard VPN. For advanced firewall or NAT adjustments, we also advise you refer to the official pfSense documentation.

Connect to pfSense VPN on Mac in VPN Tracker: WireGuard

WireGuard setup complete? VPN Tracker makes it easy to connect to pfSense VPN on Mac, iPhone, or iPad. To get started with your new WireGuard VPN:

  1. Open the VPN Tracker Connection Creator for WireGuard
  2. Add your WireGuard configuration file from pfSense. You can upload the file or scan the QR code generated by your appliance
  3. Save the connection securely in your VPN Tracker account
  4. Start the VPN connection to securely access your network
VPN Tracker file upload for WireGuard

Upload your WireGuard configuration file to connect to pfSense VPN on Mac in VPN Tracker

Your pfSense WireGuard VPN is now ready for use on all your Apple devices.

    Connect to pfSense WireGuard VPN on Mac      

Using VPN Tracker Team Features for WireGuard

WireGuard configurations often generate multiple individual files when setting up VPN access for your team. With VPN Tracker, you can streamline this process by importing all the files at once. In VPN Tracker for Mac, go to Connections, select + Create Connection > Import Connection, and drag and drop your WireGuard configuration files directly into VPN Tracker.

Drop in Wireguard Connections to connect to pfSense VPN on Mac
Rolling out these connections to team members is quick and secure. Select a WireGuard connection, go to Configure > Access, then search for the team member and check the box to assign it. Each team member instantly gets their own personalized WireGuard connection, without having to manually handle configuration files.

Share individualised WireGuard VPN connections with team members

For example, if your IT team is setting up secure remote access for ten consultants, you can import all ten WireGuard configs in one step and assign each consultant their own connection. This ensures they have secure access to your network while keeping management simple and scalable.

Learn more about sharing WireGuard VPN connections with your team →

Why Use VPN Tracker to Connect to pfSense on Mac?

VPN Tracker is the best secure remote access solution for Mac, iPhone and iPad and is compatible with the most popular VPN gateways, including Netgate pfSense, UniFi, TP Link, Draytek, and many more.

Your VPN Tracker benefits

  • Securely connect with your home and office networks
  • Use your own gateway
  • Preconfigured profiles for 300+ VPN devices
  • Expert productivity features for teams
  • For Mac, iPhone, iPad
  • Explore all features
connect to IPsec vpn on iOS

Leave a Reply

Privacy-Settings / Datenschutz-Einstellungen