Lee47 23 Posted ... Hi just wondered does Air servers do this ? I ask since I have an ongoing issue with my pfsense router, where the following morning the connection to air server is deadif I download a large file overnight or use internet in general it stays active the connection. But if its idle for few hours feels like the Air server kicks me off or throttles the connection somehow.... reason why I say this is when I attempt to send a packet or browse or download after a few minutes the connection picks up and the connection comes back to life. Quote Share this post Link to post
pfSense_fan 181 Posted ... No, they do not drop when not in use. I do not have this issue. I have noticed you seem to have a number of issues with your setup. I do not have any of the issues you state. They are are not normal. I have not responded before because it is not the fault of pfSense or AirVPN. You either have an issue with your ISP, choice of equipment, or human error in your install. Do you monitor your AirVPN gateway? What is the packet loss? 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... Hi thanks for the confirmation, yes I have just this one major issue which only really occurs the following morning when I switch on the pc and attempt to connect to the net, it just takes few minutes before it jump starts once it gets going its 100% fine.I have recently attempted to redo the pfsense guide but with just lan/wan (2 ports) and keep it as simple and 100% same as illustrated on the guide but still no joy during the following morning, inbetween that time like now it works flawless.Yeah I agree it feels like wrong setting but very hard to track down when you followed the guide tick for tick and many times.Do you leave your pfsense pc on 24/7 and it has no such issues the following morning? Do you also use AirVPN dns 10.4.0.1/10.5.0.1 DNS settings ?I do monitor the openvpn logs and yeah I see some errors time to time.. but nothing that has prevented it working during the day.How do I go about checking packet loss ? thanks Quote Share this post Link to post
pfSense_fan 181 Posted ... Hi thanks for the confirmation, yes I have just this one major issue which only really occurs the following morning when I switch on the pc and attempt to connect to the net, it just takes few minutes before it jump starts once it gets going its 100% fine. I have recently attempted to redo the pfsense guide but with just lan/wan (2 ports) and keep it as simple and 100% same as illustrated on the guide but still no joy during the following morning, inbetween that time like now it works flawless. Yeah I agree it feels like wrong setting but very hard to track down when you followed the guide tick for tick and many times. Do you leave your pfsense pc on 24/7 and it has no such issues the following morning? Do you also use AirVPN dns 10.4.0.1/10.5.0.1 DNS settings ? I do monitor the openvpn logs and yeah I see some errors time to time.. but nothing that has prevented it working during the day. How do I go about checking packet loss ? thanks Yes, I leave pfSense running 24/7... that is it's intended use. It is the firewall and router for my entire network and must be on at all times. To monitor packet loss on the AirVPN gateway you must enter a monitoring IP. I simply use 10.4.0.1 and it works well enough. Go to System > RoutingThe Gateways tab is already selected, so go to your AirVPN gateway on the page and find and select [e] edit button on the right.Find Monitor IP and enter your monitor IP of choice. 10.4.0.1 works.You will now be able to monitor packet loss on that gateway both under Status > Gateways and Status > RRD Graphs > QualityThe RRD Graphs may give you some insight into why you are disconnecting. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Staff 9973 Posted ... @refresh In order to discern whether the problem lies in pfSense or not, try a connection from one of your computer and check whether the same thing occurs. If so, might it be that your ISP "leases" your IP address for a definite time frame (and therefore DHCP-re-assigns it every x hours or at some fixed time of the day)? Just speculation but it's worth a check. If it happens, your OpenVPN connection needs necessarily to be re-established, because of course the OpenVPN server has no way to know "your" new IP address until the client re-contacts. To answer to the thread topic question: no, the Air servers keep the connection alive even when this connection is "inactive". Kind regards 1 Lee47 reacted to this Quote Share this post Link to post
Lee47 23 Posted ... thanks for suggestions both: pfsense fan: thanks I have added that monitor ip and can see logs coming now. It is a very strange issue I have had and been unable to fix past month, tricky to describe since the issue only occurs in the morning upon the pc being switched on. If I left something downloading for 2-3 days the connection wont drop(i tried it) Only once I have switched on the pc the next morning and waited 5 minutes the connection is solid and perfect, even rebooting the pfsense box wont stop or drop the connection again.... if I try and reboot the pfsense while the connection has dropped it still remains dropped on the laptop and pc untill 5 minutes passes. So its like I have 5 minutes to test the and fix the issue ! cos once it starts its golden. I have reinstalled all os on laptop and desktop with no av/firewalls to make sure, made sure all settings are defaulted. Tried playing around with different DNS addresses on pfsense and on the windows with no joy but for now just left it on defaults using openic dns address. I tried it with a different Air VPN server/Certs also just in case but same error. My pfsense openvpn logs show the airvpn as green and currently up, no errors in the logs (its just empty) yet no connection only after 5 minutes waiting again then it works. It doubt its my isp dropping or resetting me since its the same IP address I have noticed always.. + would not explain why I can download for 3 days straight. Other laptop also shows same issue... I also have Infinitely resolve server ticked on, I have another idea which I will try... take a week test via another provider and see if it gives the same issue, perhaps worth a shot. Quote Share this post Link to post
pfSense_fan 181 Posted ... refresh, I have a few questions for you that may help me help you with this issue. When you first come back from being away: 1.) Does your computer have an assigned IP address from pfSense? 2.) Are you able to log into pfSense? If yes, does Status > Gateways show a "online" connection to AirVPN or is it down? If you cannot log in what does the RRD Graph show for that time period? It will tell you if you have been disconnected or if the connection has remained. Also, are you running DHCP or static IP on your computer? 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... Hi pfsense thanks for getting back to me: I am not sure about the assigned ip address, pfsense does give me a Wan (em0) my isp ip address, and lan (em1) is given a pfsense 192.168.1.1 which always works fine even if the internet is not working it still logs in to pfsense dashboard/web gui. And Airvpn (opt1) is assigned a address looks like one assigned from pfsense which starts with 10.x.x.x., not sure if that is what you mean ? I am running DHCP on the desktop pc and same on pfsense, Air interface is IPv4 Configuration Type : none as per guide. I checked the logs yesterday and again this morning and noticed the same 5 minute wait problem, so logged into pfsense while internet was down and checked under gateway and it showed as Wan_dhcp as green and online. Also Airvpn as green and online I got 2% loss on wan yet no ability to pull websites untill the 5 minute wait issue. I have no issues logging into pfsense web gui screen and accessing it even when the internet is down, logging into the main pfsense dashboard shows all green up arrows on wan/lan/air. I did note however under openvpn status it says AirVPN UDP down. But webpages still load after that 5 minute wait and it still reports as down even sometimes it says its up and webpages don't load untill the 5 minute wait of course... Any ideas are still welcome at this point Quote Share this post Link to post
lydianajihah82 1 Posted ... My pfsense 2.1 running without an issue and been running 1w 3d 19h ago (except some electrical disconnection of my electrical provider last week.) What are your advance configuration on your openvpn client? best regards 1 Lee47 reacted to this Quote Share this post Link to post
Lee47 23 Posted ... hi lydianajihah82 I followed the Air pfsense guide tick for tick here: https://airvpn.org/topic/10213-installing-a-pfsense-box-with-airvpn/ No advanced configuration options are shown in the guide so I left mine empty.... Quote Share this post Link to post
pfSense_fan 181 Posted ... Hi pfsense thanks for getting back to me: I am not sure about the assigned ip address, pfsense does give me a Wan (em0) my isp ip address, and lan (em1) is given a pfsense 192.168.1.1 which always works fine even if the internet is not working it still logs in to pfsense dashboard/web gui. And Airvpn (opt1) is assigned a address looks like one assigned from pfsense which starts with 10.x.x.x., not sure if that is what you mean ? I am running DHCP on the desktop pc and same on pfsense, Air interface is IPv4 Configuration Type : none as per guide. I checked the logs yesterday and again this morning and noticed the same 5 minute wait problem, so logged into pfsense while internet was down and checked under gateway and it showed as Wan_dhcp as green and online. Also Airvpn as green and online I got 2% loss on wan yet no ability to pull websites untill the 5 minute wait issue. I have no issues logging into pfsense web gui screen and accessing it even when the internet is down, logging into the main pfsense dashboard shows all green up arrows on wan/lan/air. I did note however under openvpn status it says AirVPN UDP down. But webpages still load after that 5 minute wait and it still reports as down even sometimes it says its up and webpages don't load untill the 5 minute wait of course... Any ideas are still welcome at this point What I am asking about the assigned IP is this: If you go to your network settings (I'll assume you are using Windows, so "Network and Sharing Center) on your computer, double click on your NIC, and select "Details", what information is provided. It is important we know what it says when it is malfunctioning. It may also be useful to have a snapshot from when it is working. You can highlight the text and use ctrl+c to copy the text. As you can see from this snapshot, DHCP is enabled and pfSense has served me an IP adress. Further, pfSense has served me the correct DNS srvers as well. This is what it should look like when functioning. Connection-specific DNS Suffix: XXXXXXXXXXXDescription: XXX PCIe GBE ControllerPhysical Address: XX-XX-XX-XX-XX-XXDHCP Enabled: YesIPv4 Address: 192.168.XXX.XXXIPv4 Subnet Mask: 255.255.255.0Lease Obtained: Saturday, January 25, 2014 12:15:37 AMLease Expires: Sunday, January 26, 2014 1:15:45 PMIPv4 Default Gateway: 192.168.XXX.1IPv4 DHCP Server: 192.168.XXX.1IPv4 DNS Servers: 10.4.0.1, 10.5.0.1IPv4 WINS Server:NetBIOS over Tcpip Enabled: No From what you have noted about the gateway statuses, everything there seems to be OK there, which leaves us to seek out other issues. The connection is up so it is not pfSense, AirVPN or your ISP. I suspect it is an issue with the DHCP server and/or the DNS Forwarder, with an emphasis on the DNS Forwarder (This would explain why you CAN log into pfSense and yet have no internet access.. If this is the case, it should be easy to correct with a bit of troubleshooting. In the mean time, next time you have this 5 minute delay, can you please enter https://95.211.138.143/ into your web browser? It is the direct IP address for airvpn.org. If this loads, we know it is a DNS Forwarder issue. I too was going to ask you about the advanced section. I do not think it has to do with your problem, but everyone should have a few entries there, at the very least to match the settings in the .OVPN files provided to us by AirVPN. Further then that, you can use this area to tweak settings towards your use once you become familiar with the options such as the "verb" setting. This setting controls how much info is shown in the logs. Default is 3, I use 4. The range is 1-5. Here is what I use, you may copy and paste this following string into yours if you wish: ns-cert-type server; verb 4; tun-mtu 1500; mssfix 1400; explicit-exit-notify 5; mute-replay-warnings; mute 20; But this brings me to another question, what hardware do you have pfSense installed on... what CPU are you using? I see you use intel NICs which is good. Any serious pfSense install should use intel NICs due to the support they have for BSD. I hope we can sort you out soon, after I post this, I am going to install Untangle on a separate hard drive to evaluate it compared to pfSense for my needs. I likely need to switch to Untangle mostly for it's ability to filter ads. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... thanks pfsense for the detailed info, I have copied and pasted my desktop nics details: Connection-specific DNS Suffix: (xxxxxx)Description: (xxxxxx) PCIe GBE Family ControllerPhysical Address: (xxxxxx)DHCP Enabled: YesIPv4 Address: 192.168.(xxxxxx)IPv4 Subnet Mask: 255.255.255.0Lease Obtained: Sunday, January 26, 2014 1:41:23 PMLease Expires: Sunday, January 26, 2014 8:41:23 PMIPv4 Default Gateway: 192.(xxxxxx)IPv4 DHCP Server: 192.(xxxxxx)IPv4 DNS Servers: 10.4.0.1, 10.5.0.1IPv4 WINS Server:NetBIOS over Tcpip Enabled: YesLink-local IPv6 Address: (xxxxxx)IPv6 Default Gateway:IPv6 DNS Server: This is under windows 7 while internet is up and running where I have put xxxx I do have valid ips. I think I understand what you are suggesting to see what these details says when its working and not working ? Ill have a immediate look when its not working and see if an IP and or DNS servers are showing. I will try that website you suggested when it is down I have actually tried airvpn main website and ip leak which never work when connection is down but not tried that 95.111.138.143 website although looks same. It works obviously after 5 minutes wait. I think you are correct its an issue to do with DNS or perhaps DHCP, id rather think it was down to the DNS and openvpn entries under pfsense show net and air as green and up but websites not loading.... usually this is DNS entries gone wrong somewhere. I thought I fixed it once when I tried adding air vpn 10.4.0.1 dns entries in my windows nic settings which suddenly connected straight away and web pages worked when the issue was there... but it only worked a few times most days its still the 5 minute wait so now I leave tcp/IPv4 IP/DNS entries to automatic get them. Then again I have stuck to what the pfsense guide showed me only... also added these extra DNS settings as shown here:https://airvpn.org/topic/10222-how-to-prevent-dns-leaks-in-pfsense/its routed to my airvpn gateway to prevent DNS leaks...guides done by the same guy and for that same pfsense guide My pfsense build is an Acer mini itx pc with an an AMD A4-5000 1.5ghz cpu with intel 4 nic network card NC365 (only wan/lan currently) onboard nic is disabled in bios since pfsense dont support it just in case. 30gig SSD for pfsense with 4gig DDR3. Quote Share this post Link to post
pfSense_fan 181 Posted ... thanks pfsense for the detailed info, I have copied and pasted my desktop nics details: Connection-specific DNS Suffix: (xxxxxx)Description: (xxxxxx) PCIe GBE Family ControllerPhysical Address: (xxxxxx)DHCP Enabled: YesIPv4 Address: 192.168.(xxxxxx)IPv4 Subnet Mask: 255.255.255.0Lease Obtained: Sunday, January 26, 2014 1:41:23 PMLease Expires: Sunday, January 26, 2014 8:41:23 PMIPv4 Default Gateway: 192.(xxxxxx)IPv4 DHCP Server: 192.(xxxxxx)IPv4 DNS Servers: 10.4.0.1, 10.5.0.1IPv4 WINS Server:NetBIOS over Tcpip Enabled: YesLink-local IPv6 Address: (xxxxxx)IPv6 Default Gateway:IPv6 DNS Server: This is under windows 7 while internet is up and running where I have put xxxx I do have valid ips. I think I understand what you are suggesting to see what these details says when its working and not working ? Ill have a immediate look when its not working and see if an IP and or DNS servers are showing. Excellent. Looking at that snapshot, might I suggest disabling IPv6 on that interface... and perhaps QoS, File and printer sharing (unless you actually share this from this computer), link layer topology discovery responder (lets other computers on your lan discover your computer) and netbios from the IPv4 Properties > General> Advanced > WINS. I suggest this because I assume you are not using features that use this on a computer connected to a VPN. Perhaps you are... but these things can always be reversed. I will try that website you suggested when it is down I have actually tried airvpn main website and ip leak which never work when connection is down but not tried that 95.111.138.143 website although looks same. It works obviously after 5 minutes wait. That website is the exact IP address of airvpn.org. This is the address a DNS would retrieve for your computer if you typed in the name "www.airdns.org". If We are directly accessing this because this does not require the use of a DNS. If you are able to access this during a down time it will verify where our problem is. I think you are correct its an issue to do with DNS or perhaps DHCP, id rather think it was down to the DNS and openvpn entries under pfsense show net and air as green and up but websites not loading.... usually this is DNS entries gone wrong somewhere. I thought I fixed it once when I tried adding air vpn 10.4.0.1 dns entries in my windows nic settings which suddenly connected straight away and web pages worked when the issue was there... but it only worked a few times most days its still the 5 minute wait so now I leave tcp/IPv4 IP/DNS entries to automatic get them. Hopefully now your IP and DNS setting in windows are set to obtain addresses automatically. If pfSense is configured correctly these will be served to any device connected to a NIC directed to do so. Then again I have stuck to what the pfsense guide showed me only... also added these extra DNS settings as shown here:https://airvpn.org/topic/10222-how-to-prevent-dns-leaks-in-pfsense/its routed to my airvpn gateway to prevent DNS leaks...guides done by the same guy and for that same pfsense guide No offense meant to Knicker, he has been a great help to the community and his guide is appreciated by many, but I find it to be a bit incomplete as well as disagreeing with the methods in a few sections. This is one I disagree with. pfSense is not like Windows at all. Windows is designed to try to keep it's users connected by all means possible... for the lay person mostly. It will circumvent some rules to keep connected. pfSense on the other hand is based off freebsd. It is much more secure in that it will not do or allow anything that you do not explicitly tell it to do. No, for our uses and more correct would be to disable the DNS Forwarder on VPN interfaces and set the DNS servers on each NIC's DHCP Server page. This combined with checking the "Skip rules when gateway is down" box found at System > Advanced > Miscellaneous. From the description: "By default, when a rule has a specific gateway set, and this gateway is down, rule is created and traffic is sent to default gateway. This option overrides that behavior and the rule is not created when gateway is down", so by default we are/were telling pfSense to fall back to another Gateway. By checking this check box, which is correct for our uses, pfSense simply will not fail over a down VPN connection to another gateway. For the paranoid, four firewall entries on a VPN facing NIC will both block all possible DNS leaks as well as guarantee the connection itself does not leak, even if someone tries. This is how I have mine set, and would like for you to try. My pfsense build is an Acer mini itx pc with an an AMD A4-5000 1.5ghz cpu with intel 4 nic network card NC365 (only wan/lan currently) onboard nic is disabled in bios since pfsense dont support it just in case. 30gig SSD for pfsense with 4gig DDR3. Fantastic! You have extra NIC's for us to use. This will help us as well as teach you how to use the extras. The guide I began to post in another thread will greatly help you. I am going to copy that post I made as well as add to it here so you can enable another interface. But first we have to undo your settings for your current LAN interface and set it correctly. I hope you will try this, I am just going to work on the tutorial right after posting this since I have the time tonight. Please start by following the step I posted above and checking that check box. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
pfSense_fan 181 Posted ... Ok here is a tutorial for you to follow to best set up pfSense for AirVPN seeing that you have four NIC's to work with. We are going to leave one interface, the default LAN interface that is created during pfSense install, facing the clear-net and your ISP. This will give you the choice to use the regular internet for any needs you may have or if the VPN goes down by simply moving your network cable from one interface to the other. I am going to skip the OpenVPN setup since you already have it connected and focus on the setup of your interfaces, subnets, firewall rules and NAT. Ready? Here we go! First of all because you are using high quality Intel server NIC's, lets start by making sure we are utilizing the power of them and offload as much as we can from that AMD Processor. 1.) Go to System > Advanced > Networking (https://192.168.1.1/system_advanced_network.php)2.) Under the section titled Network Interfaces, Find the check box for Enable device polling and check [√] the box to enable it.3.) Now find the check boxes right below this for Disable hardware checksum offload, Disable hardware TCP segmentation offload, and Disable hardware large receive offload. Make sure these three boxes ARE NOT CHECKED. Uncheck [ ] them if they are checked by default. 4.) Click [ SAVE ]5.) Click [ Apply Changes ] 6.) Now go to Diagnostics > Reboot (https://192.168.1.1/reboot.php).Go ahead and reboot the system for these to take effect. The Intel drivers are the most developed and supported drivers for pfSense/freeBSD. You can benefit from these options and offload quite a bit from your cpu and improve overall performance. We can verify these are working by going to https://192.168.1.1/status.php (or replace 192.168.1.1 with whatever your GUI login is) and looking among the lines under the interfaces section you should see "polling" as well as the other options for offloading listed amongst the interfaces. Here is a line from mine: options=407fb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,POLLING,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO> Your results may vary depending if the card you have supports all of this. Keep an eye for any that do not show up, and disable as necessary. Keep a keen eye for "LRO" which is Large Recieve Offload. If that does not show up as enabled, go back and check that box and reboot. Now that we have that set we need to enable a third NIC and undo any settings you may have now from the other tutorial you followed that are not compatible. Before that I want to set a few parameters for the purposes of this tutorial. You may change these as you wish but I will refer to them as such throughout the tutorial and it may be easier for you to name them the same for later reference: WAN (likely em0 interface) = ISP Gateway = WAN_DHCP (default) - This will remain the default gateway set up with my method, we likely have to "undo" this for you.LAN (likely em1 interface) = 192.168.1.1/24 = Clear-Net facing NICAirVPN_WAN (likely ovpn1 interface) = AirVPN GatewayAirVPN_LAN (likely em2 interface)= 192.168.123.1 / 24 = VPN facing NICOpt1 = the interface we will program/assign to be our AirVPN_LAN Before we "start" lets set a few things so you do not lose internet connectivity during setting this up while concurrently setting up our WAN and LAN Interfaces the way we need it. ################################################################################################################################################################## Let's make sure the WAN interface is our default gateway.1.) Go to System > Routing (https://192.168.1.1/system_gateways.php)2.) On the "Gateways" tab and on the "WAN_DHCP" line select the [e] edit button on the right.3.) Set as Follows:Interface = [ WAN ]Address Family = [ IPv4 ]Default Gateway = [√] checked Click [sAVE]Click [ Apply Changes ] ################################################################################################################################################################## Let's set up the primary DNS servers which will be used by the LAN interface.Go to System > General Setup: DNS servers (https://192.168.1.1/system.php)We are going to set two of the DNS servers to OpenDNS and leave the other two blank. Set as Follows: DNS Server Use gateway[ 208.67.222.222 ] [ WAN_DHCP ][ 208.67.220.220 ] [ WAN_DHCP ][ (empty) ] [ none ][ (empty) ] [ none ] [ ] Allow DNS server list to be overwritten by DHCP/PPP on WAN = UNCHECKED[ ] Do not use the DNS Forwarder as a DNS server for the firewall = UNCHECKED Click [sAVE] ################################################################################################################################################################## Let's set up the LAN interface:Go to Interfaces > LAN (https://192.168.1.1/interfaces.php?if=lan) Set it as follows: General configurationEnable = [√]Description = LANIPv4 Configuration Type = Static IPv4IPv6 Configuration Type = noneMAC address = (empty)MTU = (empty)MSS = (empty)Speed and duplex = Advanced > AutoselectStatic IPv4 configuration IPv4 address = 192.168.1.1 / 24Gateway = nonePrivate networksBoth options here are left UNCHECKED / NOT CHECKED Click [sAVE]Click [ Apply Changes ] (NOTE: if you get locked out of the GUI here, give your pc a static ip in the 192.168.1.1/24 range and your DNS to 192.168.1.1 until we finish. 192.168.1.50 should suffice.) ################################################################################################################################################################## Let's set the DHCP Server for the LAN interface.1.) Go to Services > DHCP server (https://192.168.1.1/services_dhcp.php) 2.) Ensure the "LAN" tab is selected3.)Set it as follows (Only options we will change are listed, leave the rest as they were by default):Enable DHCP server on LAN interface = [√] (checked)Range = [ 192.168.1.100 ] to [ 192.168.1.200 ] Click [sAVE]Click [ Apply Changes ] ################################################################################################################################################################## Let's set up the outgoing NAT for the LAN interface.1.) Go to Firewall > NAT > Outbound (https://192.168.1.1/firewall_nat_out.php)2.) Ensure Manual Outbound NAT rule generation - (AON - Advanced Outbound NAT) is selected.3.) Click [ SAVE ]4.) Click [ Apply Changes ]5.) If there is already a rule for your LAN interface, select the [e] button to the right of it. If there is not a rule for your LAN, you will need to create one by selecting the [+] at the top right and creating a new one.6.) Set as follows:Do not NAT = [ ] (unchecked)Interface = WANProtocol = AnySource = Type: [ Network ] Address: [ 192.168.1.0 ] / [ 24 ] Source port: [ ] (empty/blank)Destination: Type = [ Any ]Translation: Address = [ Interface Address ]Description = [ LAN -> WAN ] Click [ SAVE ]Click [ Apply Changes ] ################################################################################################################################################################## Now we must set a few firewall rules for the LAN Interface to enforce the policy based routing and redundantly block leaks.We will set these in "reverse" order so that they should end up in the order we need them. This is assuming the only rule you have is the Anti-lockout rule. If you have advanced rules for your other needs you will just have to move these rules into place. There are two necessary rules for the LAN interface. The first is a "Block Everything rule, this MUST be at the very bottom of the list.1.) Go to Firewall > Rules and select your "LAN" interface.Click the [+] on the right to "Add New Rule" and create a rule we will title "BLOCK ALL ELSE LAN"Action = [block]Interface = [LAN]TCP/IP Version = [iPv4]Protocol = [Any]Source = [ Any ]Destination = [ Any ]Log packets that are handled by this rule = [√] (checked, enable this to be able to diagnose when you potentially block yourself )Description = BLOCK ALL ELSE LAN*** For this rule we will NOT set the advanced setting for gateway, it should be left as default 2.) Click [ SAVE ]3.) Click [ Apply Changes ] 4.) The second is the rule that will force traffic from the LAN interface to only exit via the WAN interface. This rule should be second from the bottom, right above the Block All ruleGo to Firewall > Rules and Select your "LAN" interface.Click the [+] on the right to "Add New Rule" and create a rule we will title "Allow LAN to any rule" (Note: There may already be a rule titled "Default allow LAN to any" or similar. You certainly can just edit that entry to these settings, or delete and create this..)Action = [ Pass ]Interface = [ LAN ]TCP/IP Version = [ IPv4 ]Protocol = [ Any ]Source = [ LAN Subnet ]Destination = [ Any ]Description = Default allow LAN to any ruleIMPORTANT STEP --> ADVANCED FEATURES > GATEWAY = WAN_DHCP ################################################################################################################################################################## OK, let's enable that third NIC.1.) Go to Interfaces > Assign (https://192.168.1.1/interfaces_assign.php)Here you will find your assigned interfaces. If you assigned them during original install you will see all four and should likely have a WAN, LAN, opt1 and opt2 (as well as ovpn1). If you did not assign them you will have to click the [+] button at the bottom right to assign another. Once it is assigned, click save. 2.) Now we need to select an "opt" interface and give it settings.Select one from the Interfaces drop down menu (likely Opt1). Set it as follows: General configurationEnable = [√]Description = AirVPN_LANIPv4 Configuration Type = Static IPv4IPv6 Configuration Type = noneMAC address = (empty)MTU = (empty)MSS = (empty)Speed and duplex = Advanced > AutoselectStatic IPv4 configuration IPv4 address = 192.168.123.1 / 24Gateway = nonePrivate networksBoth options here are left UNCHECKED / NOT CHECKED 3.) Click [sAVE]4.) Click [ Apply Changes ] ################################################################################################################################################################## Now we need to set up the DHCP Server for the AirVPN_LAN interface. 1.) Go to Services > DHCP server (https://192.168.1.1/services_dhcp.php)2.)Select the Tab / Drop Down for AirVPN_LAN3.) Set it as follows (Only options we will change are listed, leave the rest as they were by default):Enable DHCP server on AIRVPN_LAN_1 interface = [√]Range = [ 192.168.123.100 ] to [ 192.168.123.200 ]DNS servers = [ 10.4.0.1 ], [ 10.5.0.1 ] 4.) Click [ SAVE ]5.) Click [ Apply Changes ] ################################################################################################################################################################## Let's set up the outgoing NAT for the AirVPN_LAN interface. 1.) Go to Firewall > NAT > Outbound (https://192.168.1.1/firewall_nat_out.php)2.) Ensure Manual Outbound NAT rule generation - (AON - Advanced Outbound NAT) is selected. (It should be from earlier)3.) You will need to select the [+] at the top right and creat a new one.4.) Set as follows:Do not NAT = [ ] (unchecked)Interface = AirVPN WANProtocol = AnySource = Type: [ Network ] Address: [ 192.168.123.0 ] / [ 24 ] Source port: [ ] (empty/blank)Destination: Type = [ Any ]Translation: Address = [ Interface Address ]Description = [ AirVPN_LAN -> AirVPN_WAN ]5.) Click [sAVE]6.) Move this rule to the top of the list7.) Click [ Apply Changes ] ################################################################################################################################################################## Now we must create FOUR Firewall rules for the AirVPN_LAN Interface to enforce the policy based routing and redundantly block leaks. There will be two rules exactly the same as for the LAN interface, as well as two rules to redundantly ensure no possibility of a DNS leak. You should have no firewall rules here since this is a new interface. If there are any rules, just delete them. We will again make them in "Reverse" order so that they should end up in the order that is neccesary. The first is a "Block Everything rule, this MUST be at the very bottom of the list.1.) Go to Firewall > Rules and select your "AirVPN LAN" interface.Click the [+] on the right to "Add New Rule" and create a rule we will title "BLOCK ALL ELSE AirVPN_LAN"Action = [ Block ]Interface = [ AirVPN_LAN ]TCP/IP Version = [ IPv4 ]Protocol = [ Any ]Source = [ Any ]Destination = [ Any ]Log packets that are handled by this rule = [√] (checked, enable this to be able to diagnose when you potentially block yourself )Description = BLOCK ALL ELSE AirVPN_LAN*** For this rule we will NOT set the advanced setting for gateway, it should be left as default. This will block connections to any and all gateways this interface tries to connect to that we have not explicitly allowed. 2.) Click [ SAVE ]3.) Click [ Apply Changes ] 4.) The second is the rule that will force traffic from the AirVPN_LAN interface to only exit via the AirVPN_WAN interface. This rule should be second from the bottom, right above the Block All ruleGo to Firewall > Rules and Select your "AirVPN_LAN" interface.Click the [+] on the right to "Add New Rule" and create a rule we will title "Allow AirVPN_LAN to any rule"Action = [ Pass ]Interface = [ AirVPN_LAN ]TCP/IP Version = [ IPv4 ]Protocol = [ Any ]Source = [ AirVPN_LAN Subnet ]Destination = [ Any ]Description = Allow AirVPN_LAN to anyIMPORTANT STEP --> ADVANCED FEATURES > GATEWAY = AirVPN_WAN 5.) The third rule we will will block all DNS requests that we do not explicitly allow.Go to Firewall > Rules and Select your "AirVPN_LAN" interface.Click the [+] on the right to "Add New Rule" and create a rule we will title "BLOCK_DNS_LEAKS"Action = [ Block ]Interface = [ AirVPN_LAN ]TCP/IP Version = [ IPv4 ]Protocol = [ UDP ]Source = [ Any ]Destination = [ Any ]Destination port range = [ DNS ] (Select from the drop down)Log = [√] (checkedDescription = BLOCK_DNS_LEAKS*** For this rule we will NOT set the advanced setting for gateway 6.) Before we create our last rule, we must create an alias for our AirVPN DNS servers.Go to Firewall > Aliases: IP (https://192.168.1.1/firewall_aliases.php?tab=ip)Click the [+] to "Add a new Alias"Name = AirVPN_DNS_ServersDescription = AirVPN_DNS_ServersType = HostsUnder the "Hosts" section, using the [+] near the bottom create new entries and enter two or more of the following AirVPN DNS Servers: 10.4.0.1, 10.5.0.1, 10.6.0.1, 10.7.0.1, 10.8.0.1, 10.9.0.1, 10.30.0.1, 10.50.0.1Click "Save" 5.) Go to Firewall > Rules and Select your "AirVPN_LAN" interface.Click the [+] on the right to "Add New Rule" and create a rule we will title "ALLOW_AirVPN_DNS"Action = PassInterface = AirVPN_LANTCP/IP Version = IPv4Protocol = UDPSource = AnyDestination = (Single host or Alias) AirVPN_DNS_ServersDestination port range = DNSDescription = ALLOW_AirVPN_DNSIMPORTANT STEP --> ADVANCED FEATURES > GATEWAY = AirVPN_WAN The order of the rules we just created is important!They should appear in this following order when viewed:ALLOW_AirVPN_DNSBLOCK_DNS_LEAKSAllow AirVPN_LAN to anyBLOCK ALL ELSE AirVPN_LAN ################################################################################################################################################################## The last thing we must do (unless I have forgot something, which I will just go back and edit if I have) is to properly set up our DNS Forwarder for our uses. 1.) Go to Services > DNS Forwarder (https://192.168.1.1/services_dnsmasq.php)2.) Find the section titled "Interfaces".By default all interfaces are selected. Using the Ctrl key, select only the interface/s you wish to face your ISP, which for this tutorial, let's only select LAN and possibly Localhost (Be aware if you do choose to highlight localhost that if you do a dns lookup within pfsense (for instance from the firewall logs) this may be a potential privacy leak as this will use the ISP facing DNS servers you set under System > General Setup > DNS Servers. For my uses since I am not a whistleblower and this is not critical, I choose to have localhost highlighted. Not highlighting only affects these lookups and is not critical to the functionality of your firewall. There are a number of websites that can do this for you once you are accessing through the vpn if you need it.) 2.) Under this there is a check box titled "Strict Interface Binding". Check this box to enable it,3.) Click [ SAVE ]4.) Click [ Apply Changes ] #################################################################################################################################################################################################################################################################################################################################### That's it! You should be off and running with a basic setup for multiple NIC's. Remember our LAN interface faces the clear-net, and AirVPN_LAN will face the VPN. You can now add your fourth interface and set it up either exactly like the LAN, or exactly like the AirVPN_LAN.depending on how you intend to use it. Just give it an individual name and set the rules accordingly. Do not forget to disable the DNS forwarder for any additional interface. I hope this works for you! Good luck, let me know if you need assistance. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... pfsense_fan: Thank you for that very detailed guide it is very much appreciated, before you could post I was about to suggest it would be far easier and simpler if you gave your own version of a pfsense guide from scratch and with just the basics rather then use knickers guide, this way settings from another guide and then your guide won't get confused or end up incorrect also to only use 2 ports ie wan/lan since most folk would have just 2. Once the basics and stability are secure and working then I could play with it Its clear though from your guide above other DNS and dhcp settings are required to get pfsense air to work fully my gut still tells me its to do with dns forwarding/servers and dhcp. I did however go through your guide but got no connection with the new 3rd nic or 4th, only the lan 2nd port had clear net. I noticed some of the other settings left over from knickers guide hence I was thinking the above is easier and simpler approach of a revised or fresh pfsense guide from scratch perhaps literally from the point of going through the pfsense wizard at beginning of settings dns and dns options etc...this way no one could go wrong! I switched on my pc this morning and found the same yellow triangle on the network icon (bottom right hand corner) and tried your air numbered website but no joy on loading. The nic details were same as what I posted above, ip/dns/dhcp servers were all showing and assigned. Pfsense was able to log in fine and openvpn was up, all green arrows up. I just had to wait 5 minutes again before the yellow triangle vanishes and then it works... which is why I suspect your right it is the DNS forwarding or DNS/DHCP settings. I have disabled qos/ipv6/netbios/topology settings so will see how that goes for now....and will try your suggestions about DNS forwarding and DNS servers under the nics settings though and get some ideas from your guide above ill let you know how it goes, thanks. Quote Share this post Link to post
pfSense_fan 181 Posted ... Did you reboot the system after my guide? You should always reboot after major changes... Also, those older Intel 4 port cards have issues if installed into a PCIe 3.0 slot. Not sure what your motherboard has, but if they are 3.0 you may want to check the bios and set it back to 2.0 compatability. If that does not work, are you opposed to starting from a fresh install? It may be the best option at this point. If you can input your certificates,Besides the certs, this is how I set mine up. I have had sixteen NICs running successfully at one point, no leaks, internet cuts out on VPN facing NIC's if the VPN fails. I do plan to make an entire guide... what I wrote here will be nearly exactly what I write so none of this is a waste. I have been writing a guide that more clearly shows how to enter certificates, but although Knicker's guide is hard to follow, it is correct there .It is however time consuming, and i do not get much free time latel so I do not know when I will complete a full guide. Just a thought...How many rules do you have for Outbound Nat? There should be one for each NIC and no more. If there are other rules, delete them. Edit: I will not however make a guide for only two interfaces, regardless of the interest in it. I do not consider it safe and/or a proper use of pfSense: there is too much room for error. One can acquire a third enterprise class NIC for $15-$20 or a dual NIC card for $25-$35. Brand new (old stock) four port adapters can be found for $50-$75. I can even skip buying extra NIC's in the first place with proper system planning and buy a Server motherboard that has 4 NIC's built in as well as integrated vga. I don't and won't encourage skimping on something that should be the centerpiece of a network, especially one with a VPN. If I make a guide it will be safe to use by those who are in critical need of strong privacy but also need to use the clear -net for things such as VOIP or gaming. I Strongly recommend Server class equipment throughout. I run a server board with four onboard intel NIC's, a XEON E3 1270 v3 and 16 gigs of ECC memory (8 would have been fine, the most I have used is 6, but it was only $50 more for 16). I take privacy serious and will only make a tutorial which reflects this. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... Hi, I did reboot after the entire set up I think I may just have to go through it again I noticed a few of knickers previous settings in place so was trying to delete them to kinda merge your guide into it, but perhaps did not get it 100%. Perhaps like you suggest start from fresh if I install the Certs which takes a minute and then continue from your guide ? I was unsure which point to resume That is very interesting what you mentioned about the pci 3.0 slot I do have my intel nic card inside that long 16x pci express slot. Not quite sure if its 2.0 or 3.0 however. Manufacturers website does not mention what it is since it only offers basic info ie cpu/ram in fact it does not even mention the slots or mobo.I will have to do some investigating but will check the bios and further research this mobo sadly it only has 1x16x slot and 1x1x express slot. I did consider a hp or dell workstation but my idea originally was to look for a very low powerered system, my AMD 1.5x quad cpu supports AES so I dont see no more then 15-20% cpu usage during maxed out downloading the whole system consumes 35watts with no noise and is a tiny mini itx system which I can hide out the way. I do agree with you regarding the extra nics, this was why I originally brought 4 nics and spent the extra bit of money over a 2 port intel nic.... I just feel if I can get 1 port to work it would be a miracle at this point Yesterday afternoon I applied some of your settings and suggestions of disabling both VPN interfaces with control key for DNS forwarding and also I tried openics dns instead of air dns under the dhcp server settings and general setup, this morning I got the little triangle and upon opening browser but it vanshed and loaded the website fully. This is looking positive however as I mentioned sometimes I do get instant access....and no 5 minute wait, the true test would be testing it successfully every day for 4-5 days! But hopefully a step in the right direction. In fact I maybe able to work out if it maybe fixed, when you first switch on your pc or laptop do you notice your network icon in bottom right to still have a yellow triangle which quickly goes once windows is fully loaded ? Still thank you very much for the guides and future ones I think once I have got the basic setup working I can dabble with more, and I look forward to your other guides. Quote Share this post Link to post
pfSense_fan 181 Posted ... Hi, I did reboot after the entire set up I think I may just have to go through it again I noticed a few of knickers previous settings in place so was trying to delete them to kinda merge your guide into it, but perhaps did not get it 100%. Perhaps like you suggest start from fresh if I install the Certs which takes a minute and then continue from your guide ? I was unsure which point to resume If you start from scratch, the WAN will already be your default gateway and stays that way as long as you do NOT set the AirVPN_WAN as default when you enable it. If you install your certs, set up your openvpn client, enable the ovpn1 interface, add the new gateway... you can follow my guide from there. That is very interesting what you mentioned about the pci 3.0 slot I do have my intel nic card inside that long 16x pci express slot. Not quite sure if its 2.0 or 3.0 however. Manufacturers website does not mention what it is since it only offers basic info ie cpu/ram in fact it does not even mention the slots or mobo.I will have to do some investigating but will check the bios and further research this mobo sadly it only has 1x16x slot and 1x1x express slot. I know this because I have used those cards before and had ports dropping out, After researching it, I found there was an issue with the PCIe compatibility, Some of the older cards need PCIe 1.0 compatibility, Search through your bios and see if there is an option for this. My bios does have the option and I have them set to 2.0 I did consider a hp or dell workstation but my idea originally was to look for a very low powerered system, my AMD 1.5x quad cpu supports AES so I dont see no more then 15-20% cpu usage during maxed out downloading the whole system consumes 35watts with no noise and is a tiny mini itx system which I can hide out the way. I do agree with you regarding the extra nics, this was why I originally brought 4 nics and spent the extra bit of money over a 2 port intel nic.... I just feel if I can get 1 port to work it would be a miracle at this point No offense was meant. I just far too often see people end up spending as much as they would for a server board with four built in NICs and built in vga, 4-8 gigs of ecc memory and a XEON E3 1220 v3.. because in their efforts to save they find out the cheap stuff is not compaible. A build as I suggest can be had for $500-$700 depending on choices in hard drive, power supply and case, or if one has parts like that laying around from old builds already. Yesterday afternoon I applied some of your settings and suggestions of disabling both VPN interfaces with control key for DNS forwarding and also I tried openics dns instead of air dns under the dhcp server settings and general setup, this morning I got the little triangle and upon opening browser but it vanshed and loaded the website fully. While good in a way, we should not have to delete the AirVPN DNS. This seems to be our core problem, and we need to solve why those are being blocked. Perhaps your firewall on your pc is blocking them? Did you take a snapshot of your network setting when it was down? This is looking positive however as I mentioned sometimes I do get instant access....and no 5 minute wait, the true test would be testing it successfully every day for 4-5 days! But hopefully a step in the right direction.In fact I maybe able to work out if it maybe fixed, when you first switch on your pc or laptop do you notice your network icon in bottom right to still have a yellow triangle which quickly goes once windows is fully loaded ? Sometimes if I have rebooted pfSense, yes there is a yellow triangle. As soon as i do anything that uses internet it just goes away. One other option we have is to set a static IP for your computer within pfSense. One way or another we need to continue to sort this out! It's looking positive... I want to figure out why the AirVPN DNS don't work though. They should. Still thank you very much for the guides and future ones I think once I have got the basic setup working I can dabble with more, and I look forward to your other guides. Absolutely. Hopefully our work here will help others too. Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... Thanks I will keep those points in mind, 2nd day in a row and switched on pc and yellow triangle immediately on network icon but within 2-3 secs it vanishes and net is working OK Keeping fingers crossed if I get to day 3 (tomorrow) and I don't have this 5 minute wait issue its looking positive but I guess until day 4 and 5 I won't really know for sure if it worked or not. I would ideally like to check the pfsense pc mobo/bios settings for that pci express slot but I don't want to tempt fate while its working. You are right it is curious to know what it was causing it, I think it was the DNS forwarding issue and enabling DNS servers within the dhcp settings. It could be also I changed from air to open nic servers fully within all the pfsense options.... ill give it another 2-3 days and if its golden will change back to AirVPN dns under dhcp and general and guess will find out if it collapses again ! Quote Share this post Link to post
pfSense_fan 181 Posted ... Again, it's a step in the right direction, but if you cannot use the Air DNS, it is not quite working. You need to solve that. It leads me to believe something, your windows firewall, pfSense itself.... something is blocking the Air DNS. I would encourage you to change back to them and continue to troubleshoot until we find the actual issue. First thing we need is a snapshot of your windows NIC setting during a down time. Then also take a look at your pfsense logs and see if the firewall is blocking 10.4.0.1:53 etc.. Also, it is not safe to change all of the DNS setting to the same one, I explained the way to do it for a reason!, You are possibly sending dns requests from both the clear-net AND the VPN at the same time if you set the DNS forwarder AND the DHCP to server the same dns. DO NOT DO THAT! You can give your real identity away doing this. Unfortunately you must not understand how the dns forwarder works. I wish I had time to explain. I cannot stress enough that you need to get the Air dns working. They do work... that's all i've ever used for my AirVPN connection. Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... Oh yeah forgot you mentioned that. I do have openic dns servers under general setup and then the same ones under dhcp dns settings.... I have checked ipleak and GRC dns spoof website and both reveal no ip or isp ips or leaks, can this still give real id away then ? I will try it fresh like you suggest its just nice after 2 months of having a possibly working set up and even then I would still like to try to make it to day 3 (tomorrow) and day 4 and then save that pfsense backup if its golden ! Quote Share this post Link to post
pfSense_fan 181 Posted ... Oh yeah forgot you mentioned that. I do have openic dns servers under general setup and then the same ones under dhcp dns settings.... I have checked ipleak and GRC dns spoof website and both reveal no ip or isp ips or leaks, can this still give real id away then ? The answer to this is somewhat layered. Strictly technically speaking, if everything is set correctly you should be fine. That being said, however, if something is not set correctly or was to accidentally get changed it would be quite possible. If somehow the DNS Forwarder were to be activated, you would be sending DNS requests simultaneously from both the WAN and AirVPN_WAN. This could easily be correlated. Why I discourage it is because it is an expected redundancy, along with the firewall rules I had you make (which you are either not using or did not set correctly as those would block openic dns). Something is certainly not set correctly, so we cannot say for certain you are anonymous. This is why I keep stressing the importance of uncovering why the AirVPN dns are being blocked. I will try it fresh like you suggest its just nice after 2 months of having a possibly working set up and even then I would still like to try to make it to day 3 (tomorrow) and day 4 and then save that pfsense backup if its golden ! I still think this is the best idea. It will at the very least work like it does now, but ideally it should just work. Have I mentioned that we need to figure out what is blocking AirVPN dns? 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Lee47 23 Posted ... Pc switched on this morning and no issue again, yellow triangle vanishes within 1-2 secs and instant internet... So I considered that was good enough and working and went for the complete reset of pfsense and attempt your guide once more ! spent last 3hrs doing it since made a new mistakes along the way with forgetting certs and setting up interfaces wrong way etc... I decided to just install em0 (wan) and em1 (lan) for the start and then under pfsense wizard setup I added your opendns severs and disabled that DNS forwarding option ? Either way went ahead and input my Certs and set-up the airvpn client as normal and then resumed from following your guide. I found it best to set up the interfaces with your exact interface names and enable them with defaults for now otherwise it would get confusing later on... Got there in the end, I noticed a few times pfsense nagged me with different errors usually like "A valid IPv4 address must be specified" sometimes it really did not like your Range = [ 192.168.123.100 ] to [ 192.168.123.200 ] settings and threw up must be within range or invalid error... I was unsure so tried that old pc fixit trick of going to another menu like diagnostics then going back to dhcp server then trying the exact same cut and paste settings as before and then it went through..... maybe pfsense can be glitchy sometimes ! Otherwise no errors in your pfsense guide, so you did a stellar and accurate job with that write up. Bad news first..... clear net is working but most websites fail to load, ipleak shows my isp ip but for example amazon fails to load yet ebay does fine.... ipleak cant display or get an DNS and GRC finds zero dns. I see what you mean by checking networking details, and noticed 2 things the DNS and DHCP says:IPv4 Default Gateway: 192.168.1.1IPv4 DHCP Server: 192.168.1.1IPv4 DNS Server: 192.168.1.1 Same as my default pfsense login....so not sure is it getting those values from pfsense box incorrectly ? or something not configured 100% still this is only for clear net (which I dont use 99% of time) Good news now ! Plugging into Air (3rd port) pops straight away with connection found and network details shows 10.4.0.1 and 10.5.0.1 and dhcp assigned with ip, and it works straight away, ipleak reports same dns as my airVPN server and GRC shows 3 ips found being leaseweb/amazon/another amazon I believe these are all 3 valid airvpn dns backup servers or normal air servers and all websites load and fast with full speed showing on speedtest website Saved the pfsense backup and already backed up the back up So looking very good and promising any idea on that clear net some sites work and some don't issue? Quote Share this post Link to post
Lee47 23 Posted ... Ok next day switched on and happy to report no 5 minute wait issue anymore, first day is a success with your new updated pfsense guide! Upon Pc loading to desktop again the yellow triangle on network icon shows but 1-2 secs after it vanishes and internet is working 100%. I have just added the monitoring IP option and added your line of advanced configuration per your instructions, but noticed in the guide you did not mention about "Skip rules when gateway is down" option ? Should I still do this as your earlier mentioned its good to do ? Not too fussed with the clear net issue since I only wanted to connect to airvpn at all times but guess nice to have. If it works till Sunday morning its pretty much 100% fixed Quote Share this post Link to post
pfSense_fan 181 Posted ... Ok next day switched on and happy to report no 5 minute wait issue anymore, first day is a success with your new updated pfsense guide! Upon Pc loading to desktop again the yellow triangle on network icon shows but 1-2 secs after it vanishes and internet is working 100%. Excellent. The triangle is likely there due to power saving settings on your computer putting it to sleep. I have just added the monitoring IP option and added your line of advanced configuration per your instructions, but noticed in the guide you did not mention about "Skip rules when gateway is down" option ? Should I still do this as your earlier mentioned its good to do ? Yes, click that. Firewall rules will block it otherwise, but still check that box. Not too fussed with the clear net issue since I only wanted to connect to airvpn at all times but guess nice to have. If it works till Sunday morning its pretty much 100% fixed None the less we should work it out so nothing is configured incorrectly. I have some ides but I work long hours today and tomorrow. Sunday or Monday I will list them. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post