Jump to content
Not connected, Your IP: 3.142.98.111
pfSense_fan

How To Set Up pfSense 2.1 for AirVPN

Recommended Posts

Hi,

 

Same with everyone else...thank you very much for your time and effort.  After 2 pfsense resets I managed to get it to work from my desktop direct connected to pfsense server (with two ports) and out via airvpn.  

 

Next step is to remove my desktop and put my Asus RT-N66U router in it's place and run a 10.0.0.0 network for my internal LAN.  Therefore I've tried to set up pfsense server thus:

 
desktop (served dhcp address) ->pfsense LAN (dhcpd server on 192.168.1.1) -> pfsense WAN -> virgin cable (modem only mode)
 
pfsense server has two nics. one serves a LAN (dhcp enabled) and the other WAN. The openvpn client (airvpn) works fine, i've managed to get to the internet from the desktop. 
 
However, in this configuration:
 
desktop->N66U->pfsense->virgin 
 
It doesnt work. 
 
I was hoping to use the dhcp server on the n66u to serve my household connections on 10.0.0.x. With the WAN connection on the N66U plugged into the LAN on the pfsense, with static IP set up with 192.168.1.2 and .1 respectively.
 
Not happening. In fact the router goes nuts. At first I can reach the http front end, then it dies. I'm not sure why this is happening though as the web front end crashes.  The LAN from pfsense is plugged into the WAN port.
 
One of the problems I had which I fixed was the step involving dhcp server on the pfsense LAN port with the DNS server set to 10.4.0.1.  Out of interest, why is this address important?  
 
Ideally when i cable the LAN to the WAN port on the router I'd like to give them static ips and let the router's DHCP server dish out 10.0.0.0 addresses.  Would this work? If I can do this, where should i put the 10.4.0.1 address?
 
nearly there....please help.
Justin

Share this post


Link to post

Ive edited this after re-reading your post.

 

10.4.0.1 is airvpn DNS

Im not understanding why you want to use the N66 like that - if its a wifi access point for the LAN then you should just put it into its wireless access point mode, don't let it NAT etc. 

pfSense has a DHCP server built in and it would be most likely better to use that for all your subnets.  

 

You say your pfsense box has two NICs, one=LAN, one=WAN and OpenVPN works ok, which interface is this running on?

Share this post


Link to post

Interestingly enough, i spoke with a network guy today who also suggested flattening the network.  I would prefer to keep the pfsense as a pipe to AirVPN from my LAN that I hang things off (in this case my N66).  Other than simplicity, why would it be better to use pfsense as my dhcp server?

 

In answer to your question, it runs on the en1 (LAN).  I hung my desktop off that LAN.  Bear in mind I had DHCP enabled during that testing.  That is actually where my last hurdle was in getting it work.

Share this post


Link to post

when it comes to networking my experience is KISS - keep it simple silly! The more stuff you introduce the more difficult troubleshooting, maintenance and security becomes.

 

The DHCP server in pfSense is more than capable of resolving hundreds of devices in corporate environments, it will cope fine with your limited means. Your N66 is also likely to introduce a bottleneck in performance as well as its obviously a far less capable box than your PC. If you go the effort of installing pfSense it makes no sense to bypass it for LAN access. 

 

Why do you want to configure it this way with the N66 - is ti just because you have it?

Share this post


Link to post

I dont think that the n66 would be a bottle neck.  The speed it can push data through is more than enough.  The pfsense airvpn throughput was at 137Mb/s (just from one test) when I tested it.  I dont see any reason that should reduce because of the n66 as it is a more than capable router.

 

The reason I'd like to configure it with the n66 wan port is because i'd like to keep the 4th port available.  I dont really want to buy another switch and occasionally I use that 4th port.  That added complexity would be worth it for me.

Share this post


Link to post
I followed this guide months ago and everything is working well.  Except for my PS3. 

 

(Let me tag this Playstation and Playstation3, because PS3 is too short to be searchable.)  

 

I tried to join an online race on Gran Turismo and could not connect to the race.  I could connect to some races, and not to others.  I have what the Playstation network calls NAT Type 3, which is the most restrictive and "may lead to decreased functionality."

 

So I added some rules to make my PS3 skip using the VPN. Now I get NAT Type 2, which is fine for online play. 

Share this post


Link to post

This is a great write up I have and old PC with three nic that I will have to follow this guide.

 

I assuming that the dhcp range is only suggestion and a 10.x.1.1 can be used.

 

Does any have a good visual on what cables got connected to what.

 

I.e DSL modem to of box what port(nic) wireless to what port and wired lan what port

 

This would be great for people that need pictures

Share this post


Link to post

If you are unsure your best bet would be to follow prescriptively and once working backup and then tweak for your local needs.

No reason why you can't use different subnets but you do need an idea of how the different sections rely on each other, ie firewall, nat etc. If you don't know how to cable this up you should definitely not deviate from the above.

 

Modem -> wan |. Pfsense. | lan -> network or wifi

|. Box. | vpn_lan -> network or wifi

Share this post


Link to post

Stay away from Realtek NICs seems to be general expert consensus although some do use them with good results. 

Onboard NICs on motherboards like the Supermicro A1SRM-2758f have excellent NICs (i.e Intel i354s). 

If you can be more specific about your hardware etc then perhaps we can provide some more useful info. 

Share this post


Link to post

Hello and good day to everyone. I am one of the forum trolls from PIA and I finally decided to come look around over here.

 

This guide is perfect. I always liked AirVPN since they are the only VPN I know of that does not resort to low blows against competitors. I wonder if anyone would mind if I linked this thread into the PIA forums where people have been asking how to configure pfSense?

 

Also does anyone happen to know if a Raspberry Pi 2 (The new quad core version.) can handle pfSense as a limited but vastly potent router? Since it is an ARM 7 cortex CPU I doubt it will be easy and I am all but certain no-one has compiled pfSense for it yet. But the possibilities are great. Imagine a ~$40 headless PC running all your VPN needs without so much as a fan to cool it? (I guess that would be around €25 or so at current market exchange rates?)

 

Anyway, I cannot reply since I just made the account and have to wait until tomorrow to reply. But I am going to watch here with anticipation. Be well everyone.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I have two Intel desktop adapters add in cards I will have to check onboard

all intel cards, loaded pfsense its been working out of the box and just purchase my year and now I go off to setup the box.

 

One question, can OpenVPN server be run at the same time pfsense is setup to be connected to airvpn all of the time?

Share this post


Link to post

you mean to permit of on a DMZ setup? no harder than any other inbound traffic...

I wasn't very happy with OwnCloud performance when I tried it late last year though...even on a meaty e5 xeon box it chugged a bit too much for my liking. I'm using spider oak for encrypted cloud space currently but watching ownCloud hopefully still. 

Share this post


Link to post

ah, I don't need much space so its not an issue for me. ownCloud is worth looking at then. You could set it up on a VPS or dedicated if you home connection is limiting in throughput. Let us know how you get on. 

Share this post


Link to post

ah, I don't need much space so its not an issue for me. ownCloud is worth looking at then. You could set it up on a VPS or dedicated if you home connection is limiting in throughput. Let us know how you get on. 

 

That is what im going to do, I planned to setup my pfsense box with a dedicated connection to airvpn following the guide and then nat/dmz or whatever the ownCloud VM,  so devices such as my daughters laptop can back up from outside my network.

 

 I Will keep you posted.

Share this post


Link to post

I have gone through this guide a couple of times and have ran into a couple of issues.  The first issue is the last set of steps in particularl under the firewall rules.  Step #7 D1 "BLOCK ALL ELSE LAN" my interface has AirVPN_WAN not AirVPN_LAN.  Also once I add all the rules the "BLOCK ALL ELSE LAN" goes under my AirVPN_WAN tab and the other two fall under the LAN tab and my connect does not pass through the VPN.

Share this post


Link to post

I'm clearly not understanding something and figured to try and save the rest of the day one of you guys might be able to help. 

Setup my box pretty much as per this guide, attempted to forward a port but the inbound traffic is showing on my WAN interface and not my VPN_WAN which I expected. What do I need to twiddle to make this right?

Everything else seems to be working fine, including no DNS leaks etc. 

Share this post


Link to post

Hmm not sure mate try have you checked under firewall>nat and then made sure interface is set to VPN_WAN ?

Share this post


Link to post

thx refresh,....hmmm.....seems to be something to do with my OpenVPN client config getting confused when I added a OpenVPN server for my road trips.... (the interfaces seem to have mixed themselves up in a way I don't understand just yet.....)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...