AirVPN and pfsense

[447di3894 0]

For the life of me, I can't get this working.  I've tried following the lengthy guide for setting up AirVPN on pfsense, but after setting up the client it never seems to get an IP address.  Here's the log entries I see for the OpenVPN client:

 

Nov 21 02:43:34 	openvpn[84236]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 02:43:34 	openvpn[84236]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Nov 21 02:43:34 	openvpn[84236]: UDPv4 link local (bound): [AF_INET]192.168.1.101
Nov 21 02:43:34 	openvpn[84236]: UDPv4 link remote: [AF_INET]46.19.137.114:443
Nov 21 02:44:24 	openvpn[18824]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Nov 21 02:44:24 	openvpn[18824]: TCP/UDP: Closing socket
Nov 21 02:44:24 	openvpn[18824]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 21 02:44:24 	openvpn[18824]: Restart pause, 2 second(s)
Nov 21 02:44:26 	openvpn[18824]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 02:44:26 	openvpn[18824]: Re-using SSL/TLS context
Nov 21 02:44:26 	openvpn[18824]: LZO compression initialized
Nov 21 02:44:26 	openvpn[18824]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Nov 21 02:44:26 	openvpn[18824]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Nov 21 02:44:26 	openvpn[18824]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 21 02:44:26 	openvpn[18824]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Nov 21 02:44:26 	openvpn[18824]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Nov 21 02:44:26 	openvpn[18824]: Local Options hash (VER=V4): '9e7066d2'
Nov 21 02:44:26 	openvpn[18824]: Expected Remote Options hash (VER=V4): '162b04de'
Nov 21 02:44:26 	openvpn[18824]: UDPv4 link local (bound): [AF_INET]192.168.1.101
Nov 21 02:44:26 	openvpn[18824]: UDPv4 link remote: [AF_INET]46.19.137.114:443
Nov 21 02:44:34 	openvpn[84236]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Nov 21 02:44:34 	openvpn[84236]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 21 02:44:34 	openvpn[84236]: Restart pause, 2 second(s)
Nov 21 02:44:36 	openvpn[84236]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 02:44:36 	openvpn[84236]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Nov 21 02:44:36 	openvpn[84236]: UDPv4 link local (bound): [AF_INET]192.168.1.101
Nov 21 02:44:36 	openvpn[84236]: UDPv4 link remote: [AF_INET]46.19.137.114:443
Nov 21 02:45:26 	openvpn[18824]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Nov 21 02:45:26 	openvpn[18824]: TCP/UDP: Closing socket
Nov 21 02:45:26 	openvpn[18824]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 21 02:45:26 	openvpn[18824]: Restart pause, 2 second(s)
Nov 21 02:45:28 	openvpn[18824]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 02:45:28 	openvpn[18824]: Re-using SSL/TLS context
Nov 21 02:45:28 	openvpn[18824]: LZO compression initialized
Nov 21 02:45:28 	openvpn[18824]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Nov 21 02:45:28 	openvpn[18824]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Nov 21 02:45:28 	openvpn[18824]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 21 02:45:28 	openvpn[18824]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Nov 21 02:45:28 	openvpn[18824]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Nov 21 02:45:28 	openvpn[18824]: Local Options hash (VER=V4): '9e7066d2'
Nov 21 02:45:28 	openvpn[18824]: Expected Remote Options hash (VER=V4): '162b04de'
Nov 21 02:45:28 	openvpn[18824]: UDPv4 link local (bound): [AF_INET]192.168.1.101
Nov 21 02:45:28 	openvpn[18824]: UDPv4 link remote: [AF_INET]46.19.137.114:443
Nov 21 02:45:36 	openvpn[84236]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Nov 21 02:45:36 	openvpn[84236]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 21 02:45:36 	openvpn[84236]: Restart pause, 2 second(s)
Nov 21 02:45:38 	openvpn[84236]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 02:45:38 	openvpn[84236]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Nov 21 02:45:38 	openvpn[84236]: UDPv4 link local (bound): [AF_INET]192.168.1.101
Nov 21 02:45:38 	openvpn[84236]: UDPv4 link remote: [AF_INET]46.19.137.114:443

Any ideas?  I don't even know where to begin with debugging this.

[Wolf666 17]

I have airvpn working on pfSense 2.2. Post screenshots of client setup I will look into it.

BTW the advanced configurations should be:

 

remote-cert-tls server;comp-lzo no;verb 4;explicit-exit-notify 5;route-nopull;key-direction 1;auth SHA1;keysize 256;key-method 2;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA;

 

 

Sent from my iPad using Tapatalk

[447di3894 0]

I have airvpn working on pfSense 2.2. Post screenshots of client setup I will look into it.

BTW the advanced configurations should be:

 

remote-cert-tls server;comp-lzo no;verb 4;explicit-exit-notify 5;route-nopull;key-direction 1;auth SHA1;keysize 256;key-method 2;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA;

 

 

Sent from my iPad using Tapatalk

Sorry for the delayed response. Heres screenshots:

 

 

 

let me know if you need anything else

[rcampbell 0]

Have you got Outbound NAT configured manually?

[Dr5GF7mKcX 1]

I've got a question that others may also be interested in.

 

if you choose 'de.airvpn.org' to connect to, you get a connection to a German server obviously - but how does the client decide which one?

 

Ideally one could use europe.airvpn.org to connect to any European server but know that the server you connect to has the lowest latency from your location and is also the least busy (as regards the number of users).

 

Is the desired functionality above what actually happens? I ask as when I used europe.airvpn.org I would find myself connected to Ukrainian servers despite being physically in Switzerland; it seems unlikely that those boxes will be lower latency than a server in Germany, Switzerland, or France.

[Staff 9771]

Hello!

 

.airvpn.org resolves into all the possible entry-IP addresses of VPN servers on that country, so the choice is random and performed by your OS.

 

For a more accurate selection you can use .vpn.airdns.org (for example "de.vpn.airdns.org") which resolves into one IP address, i.e. the IP address of the VPN server with the best rating in that country.

 

For the most accurate selection according to latency our client Eddie is recommended, or you should look at the real time servers monitor on our web site (click "Status" from the upper menu of our web site).

 

About the rating method please see here (the last part of the post):

https://airvpn.org/topic/12671-upgrades-for-eddie/?do=findComment&comment=21663

 

Kind regards

[Lee47 23]

Was going to suggest trying the Airs server directly instead of the server host you are currently using, head over to client section>config generator and pick your desired air server once its downloaded you can open the ovpn file via notepad and copy n paste the server should look a bit like this:

remote 198.144.158.11 443

 

Try entering that and see if it connects, the air pfsense guide is working fine for the majority the only time I ever got it wrong was when I did not enter the details correctly or wanted to do something else ie add another network or network device, otherwise a pc with 2 nics or 4 nics should work fine. Sometimes its worth going over the entire guide again just one tick or setting incorrect and it won't work.