• Create a CA
• Create a OpenVPN-server certificate with the wizard
  • For connections from an Android devise, set Local Port on 1195 (1194 makes troubles)
  • Replace SHA1 trough SHA256 for algorithme de hachage d'authentification.
  • Into Firewall ⇒ Rules adapt the position of the entry of OpenVPN in order that the traffic won't get blocked by the firewall.

• Create a user with a “user certificate”
• Install openvpn-client-export
• Export the ovpn-file

Import the ovpn-file to setup the config of the client machine. Works without afterwards settings on Android + Fedora.
See https://www.adrienfuret.fr/2016/08/04/pfsense-openvpn/ for example.

When the previous certificate reaches its end of live.

• system ⇒ users management ⇒ modify the user
• certificates ⇒ add
• give a new descriptive name and a new common name, set the life time as you need
• VPN ⇒ OpenVPN ⇒ client export
• download the configuration you need

From Android:

• import the ovpn-file for creating a new VPN connection
• it should run in this state, even if connecting can be slow.
• to speedup the connection procedure:
  • go to IP and DNS and tick replace the DNS, give your domain.tld as a suffix and the LAN-IP of the pfSense as a DNS server
  • under routing, tick redirect all trafic to VPN connection