0nce-LerD@M@n! 0 Posted ... The generator only produces 2 certificates for me, how am I supposed to set this up with only 2? Quote Share this post Link to post
airvpnincongnito 1 Posted ... Hi OP! I'm a new member to AirVPN, currently testing a trial membership.However I am not new to Pfsense, I currently use it with PIA VPN. PIA service has deteriorated despite the addition of many servers... trying to pick a server with good performance during peak hours is like throwing darts in the dark... I absolutely love AirVPN network stats and transparency. Also,several large datacenters are no longer allowing BitTorrent-heavy services on PIA networks. In response, PIA is routing traffic in a few countries through a separate VPN (VPN over VPN). Making the connection speeds even worse...Thus here I am testing AirVPN after much research.... I was going to tweak my current setup to add AirVPN to Pfsense but decided to read and follow your guide... All I have to say is WOW! That is a wonderfully written guide with not only explanation to users as to what the settings do but it provides people understanding on how Pfsense works... Nicely done sir and thank you for taking the time to write such a wonderful guide. I must say, I was expecting moving from PIA 128AES to 256 in AirVPN to affect my speeds but quite the contrary, my speeds are 40% faster with higher encryption completely maximizing my download/upload ISP limits (can't wait for 1Gbps to be rolled out next year in my area). My CPU load reaches 30% max under heavy load with plenty of room to spare for when 1 Gbps arrives.... Needles to say I am impressed with AirVPN service and I will be extending the trial to a one year memberhip. Although AirVPN is more expensive than PIA, the fact that they are not US based, OpenVPN GODS!, Bitcoin, P2P support, strong privacy history and kick ass service, makes them number 1 in my book. Bye bye PIA.....Thanks again for the guide! 1 rickjames reacted to this Quote Share this post Link to post
drpaneas 1 Posted ... The whole project triggered my curiousity! I am going buy some low-end AMD hardware and start building the whole thing from sratch but first I need to know if: is it possible to wirelessly connect my wannabe pfsense router with my main router ? My main router is a german Fritzbox located at another room from the one I am going to install my custom pfsense-router, so I need to know first if the connection between these two can be done wirelessly. Is it possible for my wannabe pfsense-router to create it's own separate wlan, so devices (laptop, chromecast, ps4) to be connected into its wifi network instead of my fritzbox wlan ? Is it possible to automatically shutdown all network connectivity as soon as VPN is temporarily offline ? Is it possible to use (stunnel, like https://airvpn.org/ssl/ ) ? My ISP throttles so this is very important for me. Any links/guides would be helpful.Thanks Quote Share this post Link to post
dIecbasC 38 Posted ... don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. Quote Share this post Link to post
rickjames 106 Posted ... I don't think pfsense can do ssl+ovpn connections, just ovpn. @dIecbasCI agree @ amd, and most intel nics are really fantastic. Also might wanna make sure the chip has aes instructions. The N3150M = nice and cheap + aes. Quote Share this post Link to post
zhang888 1066 Posted ... I don't think pfsense can do ssl+ovpn connections, just ovpn. @dIecbasCI agree @ amd, and most intel nics are really fantastic. Also might wanna make sure the chip has aes instructions. The N3150M = nice and cheap + aes. pfSense does it great, with stunnel package or port installed. 2 Wolf666 and rickjames reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
rickjames 106 Posted ... I don't think pfsense can do ssl+ovpn connections, just ovpn. @dIecbasCI agree @ amd, and most intel nics are really fantastic. Also might wanna make sure the chip has aes instructions. The N3150M = nice and cheap + aes. pfSense does it great, with stunnel package or port installed. Ah good to know. I haven't used it in ages but never remembered even seeing it in that gui. Quote Share this post Link to post
Wolf666 17 Posted ... ...and let pfSense do router.... Sent from my iPad using Tapatalk 1 flat4 reacted to this Quote Hide Wolf666's signature Hide all signatures - Router/Firewall pfSense 23.01 (11th Gen Intel(R) Core(TM) i5-11320H @ 3.20GHz) - Switch Cisco SG350-10 - AP Netgear RAX200 (Stock FW) - NAS Synology DS1621+ (5 x 5TB WD Red) - ISP: Fiber 1000/300 (PPPoE) Share this post Link to post
flat4 79 Posted ... don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. I use this for my pfSense box http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. 1 rickjames reacted to this Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
rickjames 106 Posted ... don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. I use this for my pfSense box http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day Quote Share this post Link to post
Ernst89 11 Posted ... don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. I use this for my pfSense box http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day > don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. I use this for my pfSense box http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day First, I use an AMD 5350 with realtek nics, (motherboiard = extra pci-e). It is fine up to my connection limit i.e. > 70% idle at 150Mb/s using AirVPN on a 160Mb/s connection. It appears stable after three months use. The Intel J1900 doesn't have AES-NI and hence I would expect it not to be good for high connection speeds under OpenVPN, maybe 20%? the speed of the AMD 5350. The Intel n3150m or (n3700) do have AES-NI, are low power (hence no fan unlike AMD 5350) and cheap. I guess they should be good at high AirVPN speeds. Only slightly less powerful than the AMD 5350. It would be great if someone could confirm this with a real life test.. Finally does anyone know a good small mini-itx case that will accommodate a low profile pci-e nic adapter. Quote Share this post Link to post
zhang888 1066 Posted ... Finally does anyone know a good small mini-itx case that will accommodate a low profile pci-e nic adapter. SilverStone RVZ01 Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
flat4 79 Posted ... I use this for my pfSense box don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day > I use this for my pfSense box don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day First, I use an AMD 5350 with realtek nics, (motherboiard = extra pci-e). It is fine up to my connection limit i.e. > 70% idle at 150Mb/s using AirVPN on a 160Mb/s connection. It appears stable after three months use. The Intel J1900 doesn't have AES-NI and hence I would expect it not to be good for high connection speeds under OpenVPN, maybe 20%? the speed of the AMD 5350. The Intel n3150m or (n3700) do have AES-NI, are low power (hence no fan unlike AMD 5350) and cheap. I guess they should be good at high AirVPN speeds. Only slightly less powerful than the AMD 5350. It would be great if someone could confirm this with a real life test.. Finally does anyone know a good small mini-itx case that will accommodate a low profile pci-e nic adapter.Nice to know about the J1900, however for me, the most speed i can get at this time is about 30mbps so it does well. It will be eons before my rural carrier will offer gig connections. Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
rickjames 106 Posted ... I use this for my pfSense box don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day > I use this for my pfSense box don't buy AMD, stick with intel preferably with Intel NICs. Cheap hardware often causes performance issues.I don't know about the fritzbox specifically, sorry. You should be able to do everything you asked about above and you may intact being able to replace the Fritzbox altogether if you can configure the pfSense WAN port co hook up correctly to your ISP. http://www.asrock.com/mb/Intel/Q1900-ITX/ Never uses more that 30 percent CPU even under heavy downloading. They're nice little setups for sure, also makes a decent nas. Have openbsd running on the q1900m @ diskless and fanless + a couple of intel nics. I keep thinking about upgrading to the celery n3150m, some day First, I use an AMD 5350 with realtek nics, (motherboiard = extra pci-e). It is fine up to my connection limit i.e. > 70% idle at 150Mb/s using AirVPN on a 160Mb/s connection. It appears stable after three months use. The Intel J1900 doesn't have AES-NI and hence I would expect it not to be good for high connection speeds under OpenVPN, maybe 20%? the speed of the AMD 5350. The Intel n3150m or (n3700) do have AES-NI, are low power (hence no fan unlike AMD 5350) and cheap. I guess they should be good at high AirVPN speeds. Only slightly less powerful than the AMD 5350. It would be great if someone could confirm this with a real life test.. Finally does anyone know a good small mini-itx case that will accommodate a low profile pci-e nic adapter.Nice to know about the J1900, however for me, the most speed i can get at this time is about 30mbps so it does well. It will be eons before my rural carrier will offer gig connections. I pushed a solid 80Mb/s through one of my q1900m setups using ssh+openvpn + running a full linux desktop on it. I don't have a 160Mb/s connection to test on but on the q1900m setup firefox used more cpu than openvpn did. One of those AES chips 3150/3700 would steam roll it. Quote Share this post Link to post
banshee28 2 Posted ... I am considering running a pfSense for my home router and firewall. However I have been running Smoothwall for the last 8 years or so, and very happy with it. I was trying to setup Air on it, but was un-able to. Anyone here ever use a Smoothwall? I would consider pfSense, but would like to use what I have if I can get Air working on it. Quote Share this post Link to post
blacksun2015 2 Posted ... Hi all! i'm struggling with my pfsense box and this manual.I have 2x network cards and according this manual 3 interfaces: LAN, WAN and AIRVPN_WAN I configured everything; but the Alternate Step 6+7 refers to AirVPN_LAN.Is this a mistake or mispelled? Because this is only necessary with 3 or more nics right? My airvpn connection is running fine on 60mbit/sec. This is a huge improvement compared with my old asus router. Quote Share this post Link to post
flat4 79 Posted ... Hi all! i'm struggling with my pfsense box and this manual.I have 2x network cards and according this manual 3 interfaces: LAN, WAN and AIRVPN_WAN I configured everything; but the Alternate Step 6+7 refers to AirVPN_LAN.Is this a mistake or mispelled? Because this is only necessary with 3 or more nics right? My airvpn connection is running fine on 60mbit/sec. This is a huge improvement compared with my old asus router.It states the guide is for a 3 nic setup. If you read further he details for a 2 nic setup. Furthermore more he has like a 6 nic setup but he only wrote it for a 2 and 3. Sent from my SAMSUNG-SM-N920A using Tapatalk Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
blacksun2015 2 Posted ... Hi all! i'm struggling with my pfsense box and this manual.I have 2x network cards and according this manual 3 interfaces: LAN, WAN and AIRVPN_WAN I configured everything; but the Alternate Step 6+7 refers to AirVPN_LAN.Is this a mistake or mispelled? Because this is only necessary with 3 or more nics right? My airvpn connection is running fine on 60mbit/sec. This is a huge improvement compared with my old asus router.It states the guide is for a 3 nic setup. If you read further he details for a 2 nic setup. Furthermore more he has like a 6 nic setup but he only wrote it for a 2 and 3. Sent from my SAMSUNG-SM-N920A using Tapatalk Sorry; What I mean isin the block DNS leaks rule:AirVPN_LAN should be LAN(only in the 2 cards setup.) Quote Share this post Link to post
knicker 11 Posted ... Hi pfsense fan, obviously a much better guide than mine. I'm not a network specialist, but I got it working without dns leakage. I will follow your guide now... Thank you for your excellent effort here Have a good weekend, KNiCKER Quote Share this post Link to post
mazgacash 0 Posted ... Hi,I like you guide and it works fine for me, bute i need an additional network interface for guest wlan which also goes through airvpn-wan, i configureed another interface 1:1 but i cant go online with that, do you have any hints for me? regards Martin Quote Share this post Link to post
dIecbasC 38 Posted ... Hi,I like you guide and it works fine for me, bute i need an additional network interface for guest wlan which also goes through airvpn-wan, i configureed another interface 1:1 but i cant go online with that, do you have any hints for me? regards Martin Its fairly simple to add another interface. Add interface, set its IP address to another subnet, /24 etc. Add DHCP settings as appropriate.Add DNS support via resolver or forwarder as appropriate. I define an alias for my local subnets which includes 192.68.20.0/24, 192.168.30.0/24 etc which makes the next step simple.Add firewall rules to new interface, in your case you should use the VPN gatewayallow traffic to NOT your local subnetsreject traffic to local subnets (this will ensure guests only access internet, but not your servers etc)I think you will likely need to add a rule to allow guest subnet devices > guest address, i.e your pfsense box port 53 to allow DNS to work. Add a NAT rule to allow traffic from the guest network to VPN_WAN <-- this is the bit I think you are missing as its the most common failing. hope that helps, if it doesn't, let us know more details so we can help troubleshoot, i.e, can devices get a DHCP address etc, can you ping the firewall, can you DNS lookup, can you ping airvpn.org etc. Quote Share this post Link to post
dalesd 6 Posted ... 8.) Click [sAVE] I'm re-setting up my pfSense box, and this image isn't loading. http://www.anonimg.com/img/a745834f3cd5ec2e933a6640b27a16a0.jpg Is it just me, or is it down for everyone? \ What is it? Is it important? Quote Share this post Link to post
dalesd 6 Posted ... @chuck: Seems you are still running DNS forwarder. Disable it first, then set up DNS resolver.Thanks, LazyLizard. I just had this same issue. I went to Services: DNS Resolver and unchecked Enable DNS Resolver and that let me continue. Quote Share this post Link to post
mazgacash 0 Posted ... @chuck: Seems you are still running DNS forwarder. Disable it first, then set up DNS resolver.Thanks, LazyLizard. I just had this same issue. I went to Services: DNS Resolver and unchecked Enable DNS Resolver and that let me continue. I had the same issue and workaround, i think theres a problem with pfsense using the dns services on different IP/Subnets with differents servicetypes. @dIecbasC thx 4 help now it works i´ve redone erverything regards Martin Quote Share this post Link to post