Jump to content
Not connected, Your IP: 3.129.247.250
pfSense_fan

How To Set Up pfSense 2.1 for AirVPN

Recommended Posts

Disregard question 2 about the firewall rules. I was looking at Firewall: NAT: Outbound which only show the 3 rules instead of Firewall: Rules were it shows all 4 rules. Face palm!

Share this post


Link to post

Hi pfsense-fan,

as a complete newbie, your guide was a life saver! I followed it as written and I am up and running with no problems.

 

Thank you! The feedback is much apprciated. I'm glad it helped.

 

As a newb to this, when I downloaded the certificate and opened it in Notepad or Notepad++ the certificate part doesn't look like your example at all so being new I thought I was doing something wrong and downloaded it a few times and opened it with other programs. I believe it's because of the 4096 encryption the cert part is now just about 30 lines of encrypted data, nothing readable like your example.

 

I noticed this recently too. I downloaded my certs after the 4096 bit upgrade and they still had that chain of data. I then downloaded a new server the other day and it looked different. Checked more and they all looked different. I don't know why, have not asked staff yet, but i will have to just edit that part. It is still everything in between the place setters noted though.

 

 

My pfsense box is a

 

Lenovo thinkserver

70A4001LUX 5U

ts140

Xeon E3-1225 v3 3.2 ghz

4gb 1600mhz ram

500gb hd

 

I installed a 4 port intel NIC

motherboard ethernet port is WAN

port 1 of intel card is AirVPN with a four port netgear switch running a PC/Roku/wifi router

Port 2 gaming pc

port 3 wifi router through isp

port 4 voip

 

Nice setup! I found it very useful to set the VOIP on it's own subnet, I have very strict firewall rules on that interface that only allow connections to IP addresses used by the service provider. Very useful as there are malicious attempts to connect through the same ports as used by VOIP. If you use Snort even better, it isolates those specific attempts. You probably need more memory to use snort though.

Same with my gaming subnet. Easy to maintain specific firewall rules.

 

My internet is only 45Mbps down and with this box and AirVPN I notice no slow down in speed what so ever. Needless to say I am ecstatic!

 

Welcome to the big leagues! It's nice to have equipment that does what you expect of it, is it not? Be sure to have a proper burial for your old equipment after you take years of frustration out on it!

 

Once again I am very grateful you took the time to write this guide for the uninitiated. 

 

Again you are most welcome! It was my hope in writing this that it would empower others to understand their hardware and software so as a community we can all learn together and share what we learn as we all go along! There are additions to the guide coming soon, and for you with such a powerful machine there are many tweaks to do!

 

First thing you should do is disable hyperthreading in your bios! There are a few reasons for this on a firewall, security the first, latency the second. For the rest stay tuned and keep us informed of your adventures in pfSense!


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

I've been reading through this thread though haven't committed to trying to configure AirVPN on my new pfSense box yet. I can't afford the downtime and reinstallation time if it goes wrong... No, not a business, just a family who would go mental at me without wifi access haha I need to wait until I have a spare night when they're all asleep and I can have it all working for sure by morning.

 

Quick question before I dive in. I have a dual port Intel Pro 1000PT NIC for WAN and LAN (my only ethernet device is a desktop PC right next to the pfSense box). I also have a new 450Mbps wireless N card installed (on pfSense 2.2 alpha, which supports it) and this card acts as a WAP for the family devices.

 

When I add AirVPN to the router (finally all our devcies can share the AirVPN connection!), what steps will I need to take for the wifi opt interface so that it works and shares the VPN also? I'm assuming I can treat it basically like another LAN card as far as your setup guide goes? I also don't care about having WAN access if/when the VPN goes down. I'd rather the net be dead until the connection re-establishes, but that's another question lol.

 

Thanks in advance.

Share this post


Link to post

I've been reading through this thread though haven't committed to trying to configure AirVPN on my new pfSense box yet. I can't afford the downtime and reinstallation time if it goes wrong... No, not a business, just a family who would go mental at me without wifi access haha I need to wait until I have a spare night when they're all asleep and I can have it all working for sure by morning.

 

Quick question before I dive in. I have a dual port Intel Pro 1000PT NIC for WAN and LAN (my only ethernet device is a desktop PC right next to the pfSense box). I also have a new 450Mbps wireless N card installed (on pfSense 2.2 alpha, which supports it) and this card acts as a WAP for the family devices.

 

As far as I know, 2.2 alpha has not been patched for heartbleed. You may want to look into that. I have 2.2 installed on another hard drive... quite buggy still. You have been warned haha.

 

When I add AirVPN to the router (finally all our devcies can share the AirVPN connection!), what steps will I need to take for the wifi opt interface so that it works and shares the VPN also? I'm assuming I can treat it basically like another LAN card as far as your setup guide goes?

I've never bothered with wifi on the box, I just use a wireless router in AP mode. That being said, you should just set it up as any other interface. You Intel nics will show up as em0 and em1, the wificard will have a different name, thats all.

 

I also don't care about having WAN access if/when the VPN goes down. I'd rather the net be dead until the connection re-establishes, but that's another question lol.

 

It will be dead with my method, but pfsense will remain connected so you can at least investigate why. Any VPN connected interface simply gets cut off. The firewall should have clear net access. There are reasons for this... a number of reasons. Functional and security reasons.

 

But if you still prefer it to all together disconnect it can be done. I don't recommend it. If air were to go down extended you would be forced to change settings, having to change settings is not good policy, this is how mistakes end up happening. Just my opinion! You also can't use any url based air entry addresses such as country or continent entry addresses. Ip based only.

 

Thanks in advance.

Absolutely.

Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hello,

I just got a pfSense box set up (running v 2.1.3 32-bit)and was trying to use it with your service following this thread.

However, I experienced an issue when pasting in one of the certificates.

Here's what I did.
1. Setup and installed pfSense to a hard drive (also configured the NICs).
2. Logged into the pfSense webUI and followed the awesome directions given in this thread.
3. Went to the generator and selected an individual server. I checked the box for UDP-443 (did not check the boxes for Advanced Options) and checked the two agreement tick boxes and clicked Generate. It gave me a single .ovpn file, which I downloaded and opened in Gedit.
4. When it came to "Step 2: Entering our AirVPN certificate and key", I noticed there was an issue.
My .ovpn file did not include anything other than the information between "---Begin Certificate---" and "---End Certificate---".

There were no other fields between <cert> and </cert>
If you examine Step 2, it shows information I do not see in the .ovpn file I downloaded.


I thought this was no problem, so I pasted it into pfSense, which gave me an error:
"The following input errors were detected: This certificate does not appear to be valid."

How can we resolve this? I'd like to get this set up on my pfSense box as soon as possible.
I can add screenshots or other info if you need.

Thank you!

Regards,

anonym

Share this post


Link to post

The easiest way is probably to go back to you AirVPn client page and reexport the UDP-443 keys but tick advanced and click the option to export as individual files in a zip. You'll find all the bits and pieces nicely labelled for you in the zip file which will make things a bit easier to understand Im sure. 

Share this post


Link to post

The easiest way is probably to go back to you AirVPn client page and reexport the UDP-443 keys but tick advanced and click the option to export as individual files in a zip. You'll find all the bits and pieces nicely labelled for you in the zip file which will make things a bit easier to understand Im sure. 

 

 

To each their own, I found it easier having just one file haha. Keep in mind I dowloaded the windows file. The OVPN files for linux etc look different, have different options we don't need.

 

I don't know the issue here though. You still enter everything between the placeholders noted, even though the certs look different now. I just have not got around to editing the guide, probably wont have the time for a month yet.

 

@anonym, make sure there are no blank lines/spaces etc before/above the cert or at the end of the cert you paste


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hi everyone,

 

I got my issue I mentioned earlier resolved, thankfully.

Now my (cheap) pfSense box has enabled me to use Air without running a separate client on each computer.

 

I really appreciate the guide you wrote, pfSense_fan.

It must have taken you quite a while to document, as it took me (total newbie) a few hours to get everything right. I couldn't have done it without your guide, which I printed and put in my binder.

 

 

 

All the advice everyone gave (especially pfSense_fan) in this thread really helped me. pfSense_fan, I noticed a couple typos in the documentation. If you'd like to PM me, I can tell you what they are so the guide can be even better than it already is!

Just let me know.

 

Best Regards,

 

anonym

Share this post


Link to post

Hi everyone,

 

I got my issue I mentioned earlier resolved, thankfully.

Now my (cheap) pfSense box has enabled me to use Air without running a separate client on each computer.

 

Excellent! Welcome aboard!

 

I really appreciate the guide you wrote, pfSense_fan.

It must have taken you quite a while to document, as it took me (total newbie) a few hours to get everything right. I couldn't have done it without your guide, which I printed and put in my binder.

 

It's funny really, I wrote the guide in only a few hours, but spent free time over months learning BBCODE and getting it to look good and organized on a forum. I now have blank formatted documents for things like firewall rules and NAT rules etc for quick additions and editing.

 

I'm glad you printed it, it's why I wrote my guide in text rather than pictures. What good are pictures if you don't have internet while setting this up! You made use of it as i pictured it should be, glad it worked out that way.

 

All the advice everyone gave (especially pfSense_fan) in this thread really helped me. pfSense_fan, I noticed a couple typos in the documentation. If you'd like to PM me, I can tell you what they are so the guide can be even better than it already is!

Just let me know.

 

I would love to hear any and all feedback! SOme things such as subnet/net are not typos though... some things are simply changes from 2.1 to 2.1.3. Any feedback will help me update such things!

 

Best Regards,

 

anonym


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

This thread should me made into a sticky. Super easy to follow and it is very beneficial for anyone using this service to setup in the home.

 

I just wanted to say thank you. I followed (I assume your guide) a guide in the past but I updated pFsense one day and the VPN part quit working. Luckily I found your instructions, followed the steps, and things were working in no time at all.

 

If I can get my computer lab set up, I want to experiment more with pFsense and networking. I'm a complete noob but I do want to learn.

 

I would shake your hand if I could see you in person, very appreciate what you have done. Thanks

Share this post


Link to post

This thread should me made into a sticky. Super easy to follow and it is very beneficial for anyone using this service to setup in the home.

 

It is!

https://airvpn.org/pfsense/

 

I just wanted to say thank you. I followed (I assume your guide) a guide in the past but I updated pFsense one day and the VPN part quit working. Luckily I found your instructions, followed the steps, and things were working in no time at all.

 

The old guide was Knickers, which I expanded upon.

 

If I can get my computer lab set up, I want to experiment more with pFsense and networking. I'm a complete noob but I do want to learn.

 

As you should! pfSense is quite powerful and capable, it is worth researching to secure yourself. Remain active here and join us as we all learn more about methods to do so! A group of us are looking into how to create a secure and reliable means of chat/communication so we can have open discussions on such topics.

 

I would shake your hand if I could see you in person, very appreciate what you have done. Thanks

 

 


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hi pfSense_fan,

 

I couldn't PM you so here are my suggestions.

1.  Under "things to consider before following this guide", on the second to last line on the first paragraph, therefore is misspelled.

2. As I believe was previously mentioned, the certificate data before the actual certificate is no longer contained in the files Air provides (this is also under Step 2).

3. Under "Step 8: Setting up the AirVPN_LAN Interface" part E, the rule "Allow_AirVPN_DNS" was not mentioned in the steps A-D under step 8. I didn't create any such rule.

4. This thread should actually be moved to the How-To section of the forum.

 

Also, completely unrelated to my suggestions, I need a bit of help.

 

I was able to setup my pfSense box following your tutorial and successfully established a VPN connection to Air, which I'm using now. However, the LAN connection (without VPN) won't let me access the Internet at all. I have a dual-port Dell 9213p PCI card I'm using for the LAN (which shows up as two Intel cards), and I use a Broadcom WAN card built into the motherboard.

 

Which steps should I check to make sure I've followed everything correctly in order to get the LAN working? I did backup my settings.

 

 

Again, I really appreciate the help!

 

Sincerely,

 

anonym

Share this post


Link to post

Hi pfSense_fan,

 

I couldn't PM you so here are my suggestions.

1.  Under "things to consider before following this guide", on the second to last line on the first paragraph, therefore is misspelled.

 

I will look into it next time I update the guide which will likely be in june, this is a busy time of the year for me.

 

2. As I believe was previously mentioned, the certificate data before the actual certificate is no longer contained in the files Air provides (this is also under Step 2).

 

I fixed one section already, will fix the other soon

 

3. Under "Step 8: Setting up the AirVPN_LAN Interface" part E, the rule "Allow_AirVPN_DNS" was not mentioned in the steps A-D under step 8. I didn't create any such rule.

 

... will look into it

 

4. This thread should actually be moved to the How-To section of the forum.

 

Agreed as long as it is not locked!

 

Also, completely unrelated to my suggestions, I need a bit of help.

 

I was able to setup my pfSense box following your tutorial and successfully established a VPN connection to Air, which I'm using now. However, the LAN connection (without VPN) won't let me access the Internet at all. I have a dual-port Dell 9213p PCI card I'm using for the LAN (which shows up as two Intel cards), and I use a Broadcom WAN card built into the motherboard.

 

Which steps should I check to make sure I've followed everything correctly in order to get the LAN working? I did backup my settings.

 

 

Again, I really appreciate the help!

 

Sincerely,

 

anonym

 

First step, hop on a computer connected to the LAN and see if you can access a website by direct IP, such as airvpn.org

 

 

https://95.211.138.143/

 

If not that (a dns issue), we will need to dig into it.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hello Im New

 

got started on sunday, looked at the site and found out about pfSense (Awesome software!!!)

 

I liked your guide by the way, i used it to the letter the first time and then began to tweak it up a little to suit my network better.

 

I am running a DC and exchange at home, the interesting thing with that is I MUST use the DC's DNS otherwise the whole thing falls apart.

Solution was actually pretty easy, since exchange is in a virtual machine that was easy to configure to go to the net directly through the modem (and port forwards for email related things straight to the exchange server as usual)

 

The main server and my PC use the VPN, everything else doesn't (DHCP gives them the modem for gateway) But because everything uses the server for DNS all DNS goes to air dns

 

DNS is fully leak proof for the server and my PC (where the privacy and anti censorship is required) because pfSense is setup according to the guide regarding DNS and fire walling and the server's DNS configuration has root hints disabled.

 

The next thing i wanted to mention and this is important, if you visualize pfSense in ESXI "DO NOT" enter a MAC address or click the enter my MAC button, when you apply changes ESXI totally chucks a wobbly and even the vSphere client cannot connect. you will need to either use the console screen to reboot or pull the plug. After ESXI has rebooted once pfSense loads back up it crashes over again. you would need to start over from scratch with a new pfSense VM.

Share this post


Link to post

 

Hi pfSense_fan,

 

I couldn't PM you so here are my suggestions.

1.  Under "things to consider before following this guide", on the second to last line on the first paragraph, therefore is misspelled.

I will look into it next time I update the guide which will likely be in june, this is a busy time of the year for me.

 

2. As I believe was previously mentioned, the certificate data before the actual certificate is no longer contained in the files Air provides (this is also under Step 2).

 

I fixed one section already, will fix the other soon

 

>3. Under "Step 8: Setting up the AirVPN_LAN Interface" part E, the rule "Allow_AirVPN_DNS" was not mentioned in the steps A-D under step 8. I didn't create any such rule.

 

... will look into it

 

4. This thread should actually be moved to the How-To section of the forum.

 

Agreed as long as it is not locked!

 

Also, completely unrelated to my suggestions, I need a bit of help.

 

I was able to setup my pfSense box following your tutorial and successfully established a VPN connection to Air, which I'm using now. However, the LAN connection (without VPN) won't let me access the Internet at all. I have a dual-port Dell 9213p PCI card I'm using for the LAN (which shows up as two Intel cards), and I use a Broadcom WAN card built into the motherboard.

 

Which steps should I check to make sure I've followed everything correctly in order to get the LAN working? I did backup my settings.

 

 

Again, I really appreciate the help!

 

Sincerely,

 

anonym

 

First step, hop on a computer connected to the LAN and see if you can access a website by direct IP, such as airvpn.org

 

 

https://95.211.138.143/

 

If not that (a dns issue), we will need to dig into it.

 

Hi pfSense_fan,

 

I tried to resolve 95.211.138.43 using a computer attached to the LAN and it didn't work.

The page didn't load.

I could however connect to the pfSense Web UI from the computer attached to the LAN.

I then went (in the Web UI) to Diagnostics -> DNS Resolver and checked for airvpn.org and was shown the proper IP for airVPN.

 

What should I try next?

 

Thank you,

 

anonym

Share this post


Link to post

I keep having problems with my pfsense router disconnecting quite frequently I do not know what is going on. It does the same thing on the regular Lan side.Here is what my logs say.

 

 

check_reload_status: Reloading filter
May 25 00:15:25  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:15:42  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:15:42  check_reload_status: Restarting ipsec tunnels
May 25 00:15:42  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:15:42  check_reload_status: Reloading filter
May 25 00:15:38  lighttpd[29054]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
May 25 00:15:44  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:15:45  lighttpd[29054]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
May 25 00:15:45  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:15:45  check_reload_status: Restarting ipsec tunnels
May 25 00:15:45  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:15:45  check_reload_status: Reloading filter
May 25 00:15:48  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:16:04  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:16:04  check_reload_status: Restarting ipsec tunnels
May 25 00:16:04  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:16:04  check_reload_status: Reloading filter
May 25 00:16:06  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:16:08  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:16:08  check_reload_status: Restarting ipsec tunnels
May 25 00:16:08  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:16:08  check_reload_status: Reloading filter
May 25 00:16:10  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:16:26  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:16:26  check_reload_status: Restarting ipsec tunnels
May 25 00:16:26  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:16:26  check_reload_status: Reloading filter
May 25 00:16:28  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:16:46  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:16:46  check_reload_status: Restarting ipsec tunnels
May 25 00:16:46  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:16:46  check_reload_status: Reloading filter
May 25 00:16:49  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:17:11  lighttpd[29054]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
May 25 00:17:15  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:17:15  check_reload_status: Restarting ipsec tunnels
May 25 00:17:15  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:17:15  check_reload_status: Reloading filter
May 25 00:17:17  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:17:29  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:17:29  check_reload_status: Restarting ipsec tunnels
May 25 00:17:29  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:17:29  check_reload_status: Reloading filter
May 25 00:17:31  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.
May 25 00:17:48  check_reload_status: updating dyndns AirVPN_WAN
May 25 00:17:48  check_reload_status: Restarting ipsec tunnels
May 25 00:17:48  check_reload_status: Restarting OpenVPN tunnels/interfaces
May 25 00:17:48  check_reload_status: Reloading filter
May 25 00:17:50  php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN.

 

Share this post


Link to post

I am trying to follow your guide to install AirVPN on pfsense running in a virtual machine on Ubuntu 14.04 (IP 192.168.1.140).  The virtual machine is working fine and is accessing the network a expected.

 

I set up a new pfsense installation with two ethernet NIC adapters (eth0 and eth1), a wireless adapter (wlan0) and a fourth internal adapter (intnet).  Eth0, eth1 and wlan0 are set as bridged adapters.

 

I assigned a WAN interface to 192.168.1.200 on em0 (I do not understand why eth0 which is listed as en0 on my machine has to become em0 on pfsense?).

 

I did not set up LAN or VLAN interfaces.

 

I was able to access the web configurator from both the host Ubuntu machine and my remote Mac (using a NoMachine.com connection).

 

Only one ethernet adapter is connected to the network at the moment but the wireless is acting as the second NIC for test installation purposes they have adresses .140 and .130 respectively.  All three are set as bridged adapters with only one (eth0) set to the Wan as em0 and I have also set up a fourth internal adapter as "intnet".

 

I followed your guide up to step 3 but my AirVPN configuration file did not have a static key so I have left "Automatically generate a shared TLS authentication key" ticked.  I could still see and access the web configurator.

 

I then followed step 4 and set up the OpenVPN interface.  I applied the changes and then tried to find the Settings:Gateways but they are not listed in the web configurator and I then realised that although the menu was working I had lost the connection to the web configurator.

 

​From both Ubuntu and my Mac I can ping .20, .130 and .140 but not .200 which returns

"PING 192.168.1.200 (192.168.1.200): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Request timeout for icmp_seq 4

Request timeout for icmp_seq 5

Request timeout for icmp_seq 6

^C"

 

However, from the pfsense VM I can ping .20, .130, .140 and .200 so pfsense is looking out at the network but I cannot look into it form outside and cannot see the web configurator.  I can still access the pfsense option menu so can make necessary changes there but I am not an expert in networking and do not know what I need to change!

 

​Can you see what I have done wrong?  I did read that the WAN should be set to 0.0.0.0 and then I presume the pfsense server would run on the LAN connection but when I tried this it still did not work.

 

​Hope you or someone else can help me.

 

Geoff

Share this post


Link to post

Fixed the problem with pfsense_fan doing all the hard work. My MBUF usage was maxed out at 100%. I have the rangely board with 4 nics and apparently the MBUF needs tweaked if running that many integrated nics.  It was keeping me of having a steady connection with the pfsense GUI and keeping my internet connection from working properly. Well seems like the MBUF tweak worked. Now to configure everything else. Thanks pfsense_fan your the man.

Share this post


Link to post

Glad to hear its resolved. Let us have some feedback on running pfSense on that Rangeley board please...I'm thinking of ordering one next week. 

Share this post


Link to post

If you get the Rangely you will definately tweak the MBUF setting, also you may want to purchase a fan mine runs a bit warm in a small Mini-itx Habley case from newegg. My build had 8 gigs of crucial ram. I still have to configure the packages and add some firewall rules. Pfsense_fan really helped me make the right choices for the hardware and fixing the MBUF problem.

Share this post


Link to post

I am trying to follow your guide to install AirVPN on pfsense running in a virtual machine on Ubuntu 14.04 (IP 192.168.1.140).  The virtual machine is working fine and is accessing the network a expected.

 

I set up a new pfsense installation with two ethernet NIC adapters (eth0 and eth1), a wireless adapter (wlan0) and a fourth internal adapter (intnet).  Eth0, eth1 and wlan0 are set as bridged adapters.

 

I assigned a WAN interface to 192.168.1.200 on em0 (I do not understand why eth0 which is listed as en0 on my machine has to become em0 on pfsense?).

 

Mind you, I don't use VM's, but it is my understanding that this is a compatibility thing with VM's since most physical NIC's cannot directly communicate with the VM. For instancem, when I have run virtualbox with a guest OS, it creates virtual Intel NIC's that use the EM driver. So if it uses the same method, pfSense would see them as Intel NIC's.

 

I did not set up LAN or VLAN interfaces.

 

I was able to access the web configurator from both the host Ubuntu machine and my remote Mac (using a NoMachine.com connection).

 

Only one ethernet adapter is connected to the network at the moment but the wireless is acting as the second NIC for test installation purposes they have adresses .140 and .130 respectively.  All three are set as bridged adapters with only one (eth0) set to the Wan as em0 and I have also set up a fourth internal adapter as "intnet".

 

I followed your guide up to step 3 but my AirVPN configuration file did not have a static key so I have left "Automatically generate a shared TLS authentication key" ticked.  I could still see and access the web configurator.

 

You either generated your certs incorrectly or some other misunderstanding. Just download a cert for Windows. You will see the key in that config file. If not, you need to open a ticket with Air. You need that key. Do not generate your own.

 

I then followed step 4 and set up the OpenVPN interface.  I applied the changes and then tried to find the Settings:Gateways but they are not listed in the web configurator and I then realised that although the menu was working I had lost the connection to the web configurator.

 

You need to be on the lan port during setup, or else you can create a static mapping for your computer on the AirVPN_LAN dhcp server page. You could also create an GUI anti lockout firewall rule for your AirVPN_LAN interface.

 

​From both Ubuntu and my Mac I can ping .20, .130 and .140 but not .200 which returns

"PING 192.168.1.200 (192.168.1.200): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Request timeout for icmp_seq 4

Request timeout for icmp_seq 5

Request timeout for icmp_seq 6

^C"

 

However, from the pfsense VM I can ping .20, .130, .140 and .200 so pfsense is looking out at the network but I cannot look into it form outside and cannot see the web configurator.  I can still access the pfsense option menu so can make necessary changes there but I am not an expert in networking and do not know what I need to change!

 

It's a FIREWALL mate! Why on earth would you be able to see into it from the WAN port?!?! It's doing it's job!

 

Here's also a secret, I'm not an expert either. This guide is a learning experince for me as well! I have just been sharing what I learn as i go. You lose me at virtual machines. I would never put pfSense in a VM as a personal preference, so I won't be much more help unfortunately.

 

​Can you see what I have done wrong?  I did read that the WAN should be set to 0.0.0.0 and then I presume the pfsense server would run on the LAN connection but when I tried this it still did not work.

 

No idea here mate. You should head on over to the pfSense forums and ask the community there.

 

​Hope you or someone else can help me.

 

Geoff


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Fixed the problem with pfsense_fan doing all the hard work. My MBUF usage was maxed out at 100%. I have the rangely board with 4 nics and apparently the MBUF needs tweaked if running that many integrated nics.  It was keeping me of having a steady connection with the pfsense GUI and keeping my internet connection from working properly. Well seems like the MBUF tweak worked. Now to configure everything else. Thanks pfsense_fan your the man.

 

 

 

Glad that worked out! There's still many tweaks to do!


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hello thank you for THE guide!

 

What Advanced configuration would be needed to get the ovpn-client working on the TCP-protocol?

 

I get all the time these errors: Service not running? Unable to contact daemon

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...