Connecting AR-150 OpenVPN to home pfSense OpenVPN server

I received my GL-AR150 yesterday and am pleased with it. Right now, I’m getting to know 2.25 firmware. Yesterday I loaded DD-WRT and was a little disappointed with it. Client - repeater mode is not supported on this version, hence, I could not use it to bypass hotel captive portal with certainty. OpenVPN looked full featured, though.

Reloading GL firmware went smoothly after I learned the hard reset method where I waited for the 5 blinks.

The GL-AR150 came almost pre-configured for client - repeater mode. I just had to change some connection settings and it powered up well. Later I will use mac address spoofing, if needed, to bypass captive portal in hotel rooms.

OpenVPN using my commercial service, VPN Unlimited, fired up nicely. They provided the config files. Flawless.

My problem … I can’t get my home pfSense site to site configuration working with it. DD-WRT works well on another router. The shared key download uploaded but errored out saying something about only one tls-key or secret needed. The normal client / server configurations didn’t work either.

My question: How to configure pfSense, either site to site or normal server / client mode, to work with this implementation of OpenVPN. It’s probably only 1 or two lines in the config file. pfSense has a nice configuration downloader that works perfectly on windows and android for client/server mode. It also has a shared secret downloader for that type of server … it worked well with DD-WRT as a client.

What should the GL-AR150 config file look like and which server should it connect to … site to site or normal server/client?


I do have feedback that pfSense is working.

Can you just post the content of you ovpn here?

Which one? The site to site or the normal client/server ovpn?

The site-to-site uses a shared secret (a file that holds a large encryption). The ovpn can be downloaded as inline or two separate files.

The client/server use an ovpn and a couple of certificate files. pfSense has a client download package that creates the proper ovpn depending on whether you want inline or separate files. Windows uses the three file package. Android uses an inline package. It also creates a Viscosity package, although I don’t use that one.

I think VPNInlimited uses an inline ovpn with three certificates.


you can post both. If we cannot work out, maybe you can send me a test account so I can try directly.

here’s both. The client/server prompts for user id and both passwords fine but won’t connect.

The site to site offers an error message that makes it look like it’s getting contradictory keywords.

pfSense created the files with their client download package. It works fine with windows and android. The site to site worked with DD-WRT.

(edit a few minutes later: just noticed no space between ‘client’ and ‘dev tun’ in site to site I will fix this and try again later today to see if it makes a difference)

2nd edit: didn’t work with edited ovpn. changing it below to match as it is now. Here’s the error message with site to site:

OpenVpn is not started

Last log Options error: specify only one of --tls-server, --tls-client, or --secret Use --help for more information.

3rd edit: correction: windows client/server zip file uploaded fine. Gave same error message as site to site. text below changed to match)

4th edit: Figured it out. Solution below in comment after next one. Details of ovpn files deleted from this post because they were not at fault. They were different files for different client implementations.



For point to point:
I just google for your log and come with this:

the error says it all: you're specifying both
  secret static.key
in your config file. you're not supposed to do that : 'client' is for
client/server style configs, 'secret' is for "old-style" point-to-point
links. what are you trying to achieve ?

The router will always add “client” as one line even you don’t have. So it is not designed for point to point. But you can manually remove the “client” line in the ovpn file after you upload to the router and try again.

For inline-server ovpn file, you said it provided the same error. Maybe the error is only for your last point to point one. If you reboot the error will go away. Apparently there is no “secret” in this ovpn.

The following two line may not be supported in the firmware v2.25. Try remove them and try. You cannot just simply remove them, you need to change your server settings and regenerate ovpn without this settings. Please try.

verify-x509-name “openvpn_routed” name

pkcs12 client1.p12



Thanks, but pfSense had it right all along. I did not download the correct client files using their wizard.

The correct file to import into the Gl-AR150 is the Inline Installer - Other.

I used a normal tun server and created client certificates in pfSense for this router. I downloaded this client configuration using the the pfSense client download wizard. It fired right up. Other selections provided by the download wizard did not work. They were probably tuned for different client implementations. pfSense provides several different file downloads for different OpenVPN client devices.

It’s not a site to site server. It’s a normal, everyday, tun client/server ovpn file.

Also, nice feature to allow multiple server connections in the drop box. I have several sites from my commercial provider loaded in also. From time to time I may want to hide my actual ip and location. This feature makes it easy.

Thanks. This is a wonderful router.

So the correct solution of pfSense is :

The correct file to import into the Gl-AR150 is the Inline Installer – Other.

Is this still the case? So there is no simple way to configure site to site connections using a static key? Thx.

‘remove the “client” line in the ovpn file’ I used ssh to access the MT300N after uploading my ovpn file.
I see:
root@GL-MT300N:/# find -iname embed1

I edited both files to remove the “client” line. That helped; now on to newer set of logfile errors.

1 Like

Seem the VPN client on AR-150 and GL-MT300N-V2 have the same issue. Also I need the “force all traffic over VPN” option back on the V1.