Jump to content
Not connected, Your IP: 18.191.129.241
pfSense_fan

How To Set Up pfSense 2.1 for AirVPN

Recommended Posts





 

PLEASE NOTE: MAIN GUIDE HAS BEEN AMENDED!!!

NO MAJOR UPDATES TO FUNCTIONALITY WERE MADE

SOME STEPS CLARIFIED, SOME STEPS HAVE BEEN CONSOLIDATED

STEP TO INTERNALLY CHECK FOR DNS LEAKS/HIJACKING ADDED (STEP 8)

PLEASE REVIEW:

PREFACE - ON THE SUBJECT OF DNS LEAKS

STEP 6 - DNS FORWARDER

STEP 8 - AirVPN_LAN (CONSOLIDATED FIREWALL RULES)

STEP 8 - AirVPN_LAN (ADDED STEP TO TEST DNS LEAKS)





 

 

 

Functionally everything is the same. I was able to create one less firewall rule on the AirVPN_LAN interface and achieve the exact same function by using the "NOT" inverse feature. There are now three firewall rules instead of four. I also added a small section for novices on how to verify the DNS resolver is working at the end of the DNS Forwarder section. I have not had time to make the same updates to the dual (2) NIC addition, but will soon.

 

I also added a proof of concept and How-To on internally testing for DNS LEAKS / HIJACKING. Some forum members could not see the point of the firewall rules I listed in my guide for "BLOCKING DNS LEAKS" and went on to poo-poo the idea of using them. The point always was that malware or an adversary could hijack your DNS request and potentially expose a VPN user without such rules in place. So for those of you that indeed want to be as secure as possible, you will want to continue using them or start using them if you are not. I no longer consider this a redundancy. Test for yourself and decide for yourself.

 





 

 

 

Verifying Our BLOCK_DNS Rule is Functioning

(Optional - For Windows and WINE Users)

 

For this step we will need to download a program called “DNSBench”. This step is meant as a proof of concept to show that without the BLOCK_DNS firewall rules, a malicious program could indeed hijack your DNS requests. This program is a safe program, and one that I otherwise find very useful in finding low latency DNS servers. We will not however be using it as it is intended, but it is the best program I have found to simulate a program sending out DNS requests not received from the DHCP settings.

 

Go to:

https://www.grc.com/dns/benchmark.htm (click on the picture of the program to download it.)

 



 

 

 

1.) When you open it it will say:

• • •

 

Verifying Internet Access

 

• • •

 

 



 

 

2.) Then, if up to this point it is working it will then say:

 

Internet DNS Access Trouble

 

 



 

 

3.) Find and click the button toward the top that says [ Ignore Test Failure ]

 

 



 

 

4.) Then it will show:

 

DNS Benchmark

Domain Name System Benchmark Utility

 

 



 

 

5.) Find and click the "Nameservers" tab toward the top. If the DNS Blocking rules are enabled, entered correctly and functioning you should see this:

 



 

d2643e90c5928db1e5949b5e8c1657d2.jpg



 

 

Only the 10.4.0.1 entry should be green (signifying it can be contacted). All other entries should be red. If you view your firewall logs on pfSense now, it should have quite a few blocks triggered by destination port 53 on the AirVPN_LAN interface. If any other DNS servers are contacted and show up as Green, review the firewall settings and correct any discrepancies you find. If you find none and otherwise cannot correct the leak, feel free to ask for help by posting to this thread.

 

For those of you that wish to verify the proof of concept, feel free to temporarily disable the BLOCK_DNS rule and verify this yourself (You have to close and re-open DNSBench, don't worry, testing this is quite safe). You will see that had this been a malicious program it could indeed hijack your browser. Be sure to re-enable the firewall rule after!

 

 





 


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

This is great, thanks again. On the subject of specifically blocking DNS, its definitely worthwhile. I actually discovered an wifi access point used to gain coverage in a remote part of my home had hardcoded google DNS lookups which were overriding the DHCP ones. Without the firewall picking them up and being flagged in the logs, I would never had known. I also expect that besides catching malware, it could catch a user that overrides their local settings too. Nothing wrong with a belt and braces approach to preventing DNS leaks IMHO. 

Share this post


Link to post

Perhaps someone would explain why they believe there is a problem.

 

If a system uses a non AirVPN DNS such as Google over the AirVPN connection the connection is still anonymous. T

 

AIUI the case we are trying to avoid, referred to as a DNS leak, is where a  DNS request from a VPN protected process over a Non VPN route. This can easily happen if using the pfSense DNS forwarder to a non AirVPN DNS server.

 

However I don't see why a VPN protected process making a request to a third party DNS server over the VPN tunnel is any more of a risk than a VPN process making a request to any other port over the VPN tunnel.

 

As I see it the rule blocking all VPN DNS requests not to AirVPN serves no useful purpose and moreover it  actually prevents the case where it is useful to use a hard coded thirdparty DNS server such as google when one wants to sometimes run a computer behind a VPN tunnel and sometimes not VPN without re-configuring DNS servers.

Share this post


Link to post

Personally for me, I don't want anyone tracking what and when I access web sites. I'm not doing anything illegal here just trying to reduce the amount companies know about my household & business so prefer to use anonymous, non-logging DNS servers. Im sure people who hack have other reasons to care but then they probably don't need this guide in the first place

 

I think (and Im no expert) that the way pfsensefan set it up is that the OpenNIC servers are used outside the VPN and Air's DNS servers used within the pipe. If you are happy to still allow traffic to flow outside the VPN then it should just work if you disable the blocking rules. I don't know why you would want to use Googles servers if you have your VPN line up though?

Share this post


Link to post

I think this bit is wrong, it needs to be a single address, not Any

 

Under Block DNS Leaks VPN

 

Destination = [✔] Not (CHECKED!!!!!!!!)
                     Type: [ Any ▼]
                     Address: [10.4.0.1]

Share this post


Link to post

Perhaps someone would explain why they believe there is a problem.

 

If a system uses a non AirVPN DNS such as Google over the AirVPN connection the connection is still anonymous. T

 

AIUI the case we are trying to avoid, referred to as a DNS leak, is where a  DNS request from a VPN protected process over a Non VPN route. This can easily happen if using the pfSense DNS forwarder to a non AirVPN DNS server.

 

However I don't see why a VPN protected process making a request to a third party DNS server over the VPN tunnel is any more of a risk than a VPN process making a request to any other port over the VPN tunnel.

 

As I see it the rule blocking all VPN DNS requests not to AirVPN serves no useful purpose and moreover it  actually prevents the case where it is useful to use a hard coded thirdparty DNS server such as google when one wants to sometimes run a computer behind a VPN tunnel and sometimes not VPN without re-configuring DNS servers.

 

 

You are correct that if a request goes out, it is still going out through the VPN Tunnel and is therefor "anonymized".

 

However.... and it is a big "however".

 

It does not stop a malicious attack from hijacking your browser.

 

Imagine for a moment an adversary wants to expose VPN users. They can see that a very popular destination for VPN users is a message board for animated cat gifs. So this adversary posts some pictures at lolcatgifs-com, but with his link he inserts some malicious javascript which directs your browser to his servers dns. He now serves you up false version of lolcatgifs-com, and subsequently has control now what dns you use. This attacker watrches your web browsing and see you visit airvpn's web page. He now serves you up a false front page where you enter and submit your username and pass, possibly multiple times trying to get it to work. But for a time period it doesn't allow you to log in. In the coming days you log into your email as well as your bank and credit card to pay your bills. Same thing, it doesn't work for short period.

 

Then one day you can't come online because all of your identity has been stolen. Or if you are a whistle-blower a high level adversary has targeted your home. These scenarios may be far fetched in the eyes of some, but they are possible.

 

EDIT: Had you blocked all other avenues for dns other than the one you intended, it would block the attempt. You would receive errors and pages wouldn't load, and when you investigate your logs you would see why.

 

Read up on DNS Hijacking and DNS Rebinding attacks. Not just at Wikipedia... search it out.

 

In the end of all things, if you decide to trust another DNS that is on you, but you should still use the firewall rule, just with your DNS of choice. Most will want to use AirDNS for the anti geo-blocking. You can make an alias if you need to enter more than one address.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

I think this bit is wrong, it needs to be a single address, not Any

 

Under Block DNS Leaks VPN

 

Destination = [✔] Not (CHECKED!!!!!!!!)

                     Type: [ Any ▼] [ Single host or alias ▼]

                     Address: [10.4.0.1]

 

 

Fixed, thank you for that. Yesterday was a long day. Sorry I missed that important detail.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hi pfSense_fan

 

Yes I can see that the firewall rule could stop an attack similar to DNSChanger. However this is not a DNS Leak and isn't really related to the AirVPN VPN tunnel. In the general case it seems rather arbitrary to have a firewall rule that only blocks unknown DNS servers for the VPN tunneled connections and not the Non VPN connections. Forgive me if I have misinterpreted what you are doing (and please correct me).

 

My own view is that I prefer guides to be focused on the concern they are addressing. in this case setting up an AirVPN tunnel. 

 

I think it better if other more general views on network security are given separately or are at least flagged as being non-essential so that people can decide if they are required in their own particular circumstances.

 

Please don't see this as a negative comment, I think it is a wonderful guide and wish it had been available when I struggled to figure out how to set up pfSense with AirVPN.

Share this post


Link to post

Hi pfSense_fan

 

Yes I can see that the firewall rule could stop an attack similar to DNSChanger. However this is not a DNS Leak and isn't really related to the AirVPN VPN tunnel. In the general case it seems rather arbitrary to have a firewall rule that only blocks unknown DNS servers for the VPN tunneled connections and not the Non VPN connections. Forgive me if I have misinterpreted what you are doing (and please correct me).

 

Considering the nature of how and why people use a VPN, myself and others consider such a simple step a necessity. This guide is meant for those who do not know what they are doing, and that is something they should know. It is simply a matter of perspective. Perhaps you see it as arbitrary, but I simply have not had time to update the entire guide.That rule will be added to the non VPN side too, but is not a priority. I explain in the preface that this is not a "leak" like is so often talked about on these forums. I always have.

 

My own view is that I prefer guides to be focused on the concern they are addressing. in this case setting up an AirVPN tunnel. 

 

In time this guide will encompass writing the image to a USB, How to install, thoughts and considerations on hardware selection and a much more in depth look at other settings to set on the operating system as well as other OpenVPN options.

 

I think it better if other more general views on network security are given separately or are at least flagged as being non-essential so that people can decide if they are required in their own particular circumstances.

 

We disagree on the necessity of that rule. People who would make such decisions will not need my guide. The same rule is in place on the Comodo guide for windows, and I would posit it should be used by anyone using any method. The addition of that layer, as well as the "Block All" rule was a choice I made to add to the guide because I believe security is part of a guide covering how to use a VPN. I wouldn't set this up for a friend or neighbor without such rules, and I would not teach a newb anything else. The point of a system such as pfSense is to strictly not allow ANY traffic we do no explicitly allow. Just teaching someone how to connect and not teaching them the basics of securing that connection is irresponsible in my opinion.

 

Please don't see this as a negative comment, I think it is a wonderful guide and wish it had been available when I struggled to figure out how to set up pfSense with AirVPN.

 

I don't. I just hope it does not cause confusion amongst those who don't know the first thing about security. Those who become more acclimated, like yourself, certainly can choose for themselves later on, how to secure their system best. For beginners though, jumping to pfSense from consumer software and equipment can be a daunting jump.  There is little documentation out there on how to set up the basics, let alone how to set up a VPN. What info I did find never explained why to set things the way they did. I choose to take an educational approach to my guide. I put a disclaimer in the preface that each individual should do their own research and decide if this is for them or not.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hello, just setting-up everything on PfSense with this great guide but there are a few things unclear to me.

 

 

-Step5:Point2 AirVPN_WAN_VPN4 (IPv4) and AirVPN_WAN_VPN6 (IPv6) I can't delete these 2 options that where automatically created, the remove/delete option is only available for the one that is created manually and not these other 2

any idea?

 

-Step6:Point1 DNS Server –- Use gateway
[✎ 208.67.222.222 ] [ WAN_DHCP ▼]   From where does the option WAN_DHCP comming from? This not the same as configurated in Step5, "AirVPN_WAN"? Because i can't see any WAN_DHCP in my settings.

 

-Step7-D:Point3 Source = [_] Not (UNCHECKED) Type: [ LAN Subnet ▼]

I have only the options "LAN net" and LAN address, i assume that "LAN net" okay and the same as LAN Subnet?

 

-Step7-E The Anti-Lockout Rule is set to port 80 & 443 in my settings, is this okay or how can i fix this?

 

 

Share this post


Link to post

Hello, just setting-up everything on PfSense with this great guide but there are a few things unclear to me.

 

 

-Step5:Point2 AirVPN_WAN_VPN4 (IPv4) and AirVPN_WAN_VPN6 (IPv6) I can't delete these 2 options that where automatically created, the remove/delete option is only available for the one that is created manually and not these other 2

any idea?

 

First, you clicked on the wrong [+]. I know this because it would have automatically deleted the AirVPN_WAN_VPN4. If you want to not see the ipv6 one you have to disable ipv6 entirely out of your system. I don't have the time at this monet to explain that.

 

-Step6:Point1 DNS Server –- Use gateway

[✎ 208.67.222.222 ] [ WAN_DHCP ▼]   From where does the option WAN_DHCP comming from? This not the same as configurated in Step5, "AirVPN_WAN"? Because i can't see any WAN_DHCP in my settings.

 

Again, you clicked on the wrong [+] and it therefor automatically deleted your WAN.. You will likely have to start over with a re-install. Pay close attention to exactly which [+] I scpecify. Mouse over them to see what they are titled. They are different.

 

You are the second person to do this, I will have to clarify this section.

 

-Step7-D:Point3 Source = [_] Not (UNCHECKED) Type: [ LAN Subnet ▼]

I have only the options "LAN net" and LAN address, i assume that "LAN net" okay and the same as LAN Subnet?

 

Subnet and net are the same. I wrote this when the current version was 2.1, for whatever reason they changed this for 2.1.2

 

-Step7-E The Anti-Lockout Rule is set to port 80 & 443 in my settings, is this okay or how can i fix this?

 

 

Leave the anti lockout rule alone. It is gray for a reason.Back in 2.1 it did not allow you to modify this, now they linked it t where you can. I also need to clarify this.

 

 

I suggest you re-install and pay PRECISE attention to everything you click considering what I told you here.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post





 

 

pfSense 2.1.3 RELEASE Now Available!!!

 

 

 

 

pfSense release 2.1.3 follows very shortly after pfSense release 2.1.2

pfSense 2.1.3 is primarily a security release.

 

 

 

 Various other fixes. Of note:

 

- Fix more potential places for interface looping in OpenVPN and with normal interfaces

 

Which could very well fix the issue many were having with interface looping (Which appears in the OpenVPN logs as "write UDPv4: No buffer space available (code=55)"). It remains to be see if it does indeed fix it, however it seems promising.

 

 

 Back up your settings and update ASAP!!!

 

 





 


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

hi,

 

i followed the instructions and was able to get my system with 3 nics working.

but my port forwarding now doesn't work. when i do the tcp check it says "not reachable on server ip over the external port xxxx."

 

also, when i followed the previous instructions to set up the openvpn on pfsense i was able to use select routing to have some clients connect through the vpn and others not.

i just had to leave the default gateway as is and then issue a "route-nopull" instruction instead of a "redirect-gateway def1."

that way nothing was routed through the vpn except the ip addresses of the ones i wanted with the appropriate firewall rules.

unfortunately that doesn't seem to work either now.

 

any suggestions for either??

Share this post


Link to post

hi,

 

i followed the instructions and was able to get my system with 3 nics working.

but my port forwarding now doesn't work. when i do the tcp check it says "not reachable on server ip over the external port xxxx."

 

Before I came here to comment I went and verified a port forward was working on my end and it was. I'm not sure what has changed from your previous settings.

 

also, when i followed the previous instructions to set up the openvpn on pfsense i was able to use select routing to have some clients connect through the vpn and others not.

i just had to leave the default gateway as is and then issue a "route-nopull" instruction instead of a "redirect-gateway def1."

that way nothing was routed through the vpn except the ip addresses of the ones i wanted with the appropriate firewall rules.

unfortunately that doesn't seem to work either now.

 

Select routing as in a split subnet or specific url's? You can still do that but you would have to set different rules for outbound NAT and the firewall than my guide. You would also need to create an alias for your url's. My guide is only one way to set it up, and it has in mind completely separating VPN and clear-net connected devices from each other. At the time of writing I felt this type of setup (selective routing) would cause too much confusion amongst beginners, which this guide is aimed at.

 

Although I use "route-nopull;" it is for different reasons. All of the settings the the server tries to push - the gateway, DNS and route are set manually by us, and according to my logs those push settings are never successful and cause errors. I have been testing "route-nopull;" for some time now and have considered adding it to the settings I list in the guide for this reason. That is to say; nothing goes through the vpn without the appropriate rules anyway. That's just how it is set up on pfSense.

 

any suggestions for either??

 

 

For your port forward... do you have:

Interface = AirVPN_WAN

Filter rule association = Create new associated filter rule?

 

Do you have the redirect targeted to a static ip for your device?


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Morning pfsense users,

I have a lan and an airvpn_lan,like pfsense_fan has.

Now i want to install snort on ,my dual core d525.For me the question is on which interface(s) I have to bind snort,because i red somewere  that snort can not " look " into the crypted airvpn_wan stream or can`t recognize anything.And that make sense to me.

 

I used the dns-benchmark and no leaks,thanks for the tip pfsense_fan.

 

Tip Steve Gibson,is also doing the podcast securitynow (twit.tv)

 

Gr,Linze

Share this post


Link to post

Morning pfsense users,

I have a lan and an airvpn_lan,like pfsense_fan has.

Now i want to install snort on ,my dual core d525.For me the question is on which interface(s) I have to bind snort,because i red somewere  that snort can not " look " into the crypted airvpn_wan stream or can`t recognize anything.And that make sense to me.

 

I used the dns-benchmark and no leaks,thanks for the tip pfsense_fan.

 

Tip Steve Gibson,is also doing the podcast securitynow (twit.tv)

 

Gr,Linze

 

 

You at the very least want to run it on both your WAN_DHCP and AirVPN_WAN gateways. I don't know where you read that, but it's not true.  I run it just fine like that, snort sees it inside pfSense before/after encryption/decryption. Unfortunately I have no advice further then that, Snort is far to involved for me to get into teaching others.

 

The only thing I will say is that the AC-NQ setting, from what i have read, is the only setting that actually stops bad connections BEFORE they enter your system. Good luck!

 

Also, thank you, it's good to know that step has proved useful!


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

hi,

still can't get it to work.
i have a static ip address set for my pc through pfsense.
i followed the steps here:

https://airvpn.org/topic/10214-how-to-port-forward-pfsense-using-airvpn/?hl=%2Bport+%2Bforward

for port forward settings  . . .
i have the interface set to airvpn_wan and i used create new associated filter rule.
but it's not too clear for the outbound rules . . .

it mentions "redirect target ip section" but i don't see that.
what are the correct settings for the outbound rules for the interface and destination address? it mentions the router ip address. does it matter if that's 192.168.1.1 or 192.168.123.1? or is the destination address that of the pc? i take it that all port entries should be the same?
should i be enabling upnp or does that make a difference?

Share this post


Link to post

hi,

 

still can't get it to work.

i have a static ip address set for my pc through pfsense.

i followed the steps here:

 

https://airvpn.org/topic/10214-how-to-port-forward-pfsense-using-airvpn/?hl=+port++forward

 

for port forward settings  . . .

i have the interface set to airvpn_wan and i used create new associated filter rule.

but it's not too clear for the outbound rules . . .

 

it mentions "redirect target ip section" but i don't see that.

what are the correct settings for the outbound rules for the interface and destination address? it mentions the router ip address. does it matter if that's 192.168.1.1 or 192.168.123.1? or is the destination address that of the pc? i take it that all port entries should be the same?

should i be enabling upnp or does that make a difference?

 

 

You should not have to do anything to the outbound NAT for a port forward. Our outbound settings were taken care of in the guide. No further mods are necessary unless you are doing some other sorts of selective routing to a different gateway.. I whipped together a port forward guide, but have not had anyone test it yet. You can try it if you like.

 

If you don't see the redirect target ip, you may be in the wrong section. As far as the "router" ip address, those settings are "drop down" menus. Pick the one listed in my guide, EXACTLY. Aside from your redirect to your internal computer, tick for tick exactly as stated.

 

 



 

 

 

VPN Port Forwarding

 

The following is a basic guide on how to port forward on your AirVPN connection to a service running on your network. This will work for those of you using bittorrent, as I know how much you all like to download and share your favorite Linux and BSD distributions...

 

1.) The first thing we need to do is log into airvpn.org and forward our port or ports.

 

2.) Next we need to navigate to Firewall > NAT > Port Forward

 

Go To:

http://192.168.1.1/firewall_nat.php
-or-
https://192.168.1.1/firewall_nat.php

 

3.) Set as follows:

 

Disabled = [_] (unchecked)

No RDR (NOT) = [_] (unchecked)

Interface = [ AirVPN_WAN ▼]

Protocol = [ TCP/UDP ▼] (TCP, UDP or TCP/UDP depending on your uses)

Source = [_] not (unchecked)

              Type: [ any ▼]

              Address: [______]/[ 31 ▼](Blank/Greyed out)

Source port Range = from: [ Any ▼]

                                   to: [ Any ▼]

Destination = [_] Not (UNCHECKED)

                     Type: [ AirVPN_WAN address ▼]

                     Address: [______]/[ 31 ▼](Blank/Greyed out)

Destination port Range = from: [ (other) ▼] [ NOTE *1]

                                          to: [ (other) ▼] [ NOTE *2 ]

*1: Port, first port of a range or Alias of ports you forwarded at AirVPN.org

*2: Same port as above or ending port of a range you forwarded at AirVPN.org

Redirect target IP = [ NOTE *3 ]

*3: IP of your target pc/device. This is best if you have your device assigned to a static IP

Redirect target port = [ (other) ▼] [ NOTE *4 ]

*4: Same port as “Destination port Range = from:” as entered above (Note 1)

Description = [✎ WHATEVER NAME YOU CHOOSE ]

No XMLRPC Sync = [_] (unchecked)

NAT reflection = [ Use system default ▼]

Filter rule association = [ Create new associated rule ▼]

 

4.) Click [ Save ]

 

5.) Click [ Apply Changes ]

 

MORE INFO AT PFSENSE DOCS

 

 



 

 

 

EDIT: Also, after setting the port forward, go over to your AirVPN_WAN firewall rules and make sure the associated rule is above/on top any other rules you may have, if any.

 

EDIT 2: Also consider you need to have the ports you forwarded on pfSense also opened on the firewall of the pc you have, if it has a firewall.

 

Edit 3: You also need to set the external AirVPN IP address (as shown on the overview page when you log into the client area on airvpn.org) in you bittorrent, FTP program etc or else it does not broadcast the proper return address.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

wow . . . thanks pfsense fan.

 

i can confirm that it indeed is working after following your setup instructions.

by the way, as per my previous post, the confusing part was with the outbound nat section. i didn't realize the rules weren't needed anymore.

 

bravo !

Share this post


Link to post

wow . . . thanks pfsense fan.

 

i can confirm that it indeed is working after following your setup instructions.

by the way, as per my previous post, the confusing part was with the outbound nat section. i didn't realize the rules weren't needed anymore.

 

bravo !

 

 

 

As per the other guide, I couldn't have said, I never looked at it.

 

Was this for bittorrent? If so did you use the tool to check your bittorrent address?


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

tested it and the port forwarding is working fine, just remember when you test Air port forwarding here:

 

https://airvpn.org/ports/

 

And click the tcp test check button one has to have the actual p2p program running for it to work, the tcp button should go green if its forwarding the ports.

 

you can also if using ipleak website you can click activate and add the magnet link and it will display your IP and also port number.

Share this post


Link to post

yes, it was for bit torrent. it took a bit of time before i realized that the p2p program had to be running for the test to be valid.

i assume i just have to use the same rules to set up my outside ip camera for cell phone access.

Share this post


Link to post

yes, it was for bit torrent. it took a bit of time before i realized that the p2p program had to be running for the test to be valid.

i assume i just have to use the same rules to set up my outside ip camera for cell phone access.

 

 

Correct, just input the appropriate ports and ip for that device.

 

As soon as I get a little free time I plan to add this section to the guide. I need to clarify a few things first.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hi pfsense-fan,

as a complete newbie, your guide was a life saver! I followed it as written and I am up and running with no problems.

 

As a newb to this, when I downloaded the certificate and opened it in Notepad or Notepad++ the certificate part doesn't look like your example at all so being new I thought I was doing something wrong and downloaded it a few times and opened it with other programs. I believe it's because of the 4096 encryption the cert part is now just about 30 lines of encrypted data, nothing readable like your example.

 

The other part I am wondering about is this;

 

 

2.) The order of the rules we just created is important!
They should appear in this following order when viewed:
BLOCK DNS LEAKS LAN
ALLOW LAN OUTBOUND
BLOCK ALL ELSE LAN

 
ENSURE THE RULES ARE IN THIS PRECISE ORDER, IF THEY ARE NOT, ORGANIZE THEM AS NECCESSARY!
 
    
45ca4d1bf4f5abf0be1563366d1260b6.jpg
 
    
 You have the three rules listed that we created but in the screen shot the first rule isn't in your list and I don't have that.
 

My pfsense box is a

 

Lenovo thinkserver

70A4001LUX 5U

ts140

Xeon E3-1225 v3 3.2 ghz

4gb 1600mhz ram

500gb hd

 

I installed a 4 port intel NIC

motherboard ethernet port is WAN

port 1 of intel card is AirVPN with a four port netgear switch running a PC/Roku/wifi router

Port 2 gaming pc

port 3 wifi router through isp

port 4 voip

 

My internet is only 45Mbps down and with this box and AirVPN I notice no slow down in speed what so ever. Needless to say I am ecstatic!

 

Once again I am very grateful you took the time to write this guide for the uninitiated. 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...