Jump to content
Not connected, Your IP: 52.14.234.146
AirVPN
Sign in to follow this  
Followers 0
plainzwalker

New Client on pFsense

By plainzwalker, ... in Troubleshooting and Problems

Recommended Posts

plainzwalker    0

plainzwalker
Posted ...

I am trying to switch from PIA to AirVPN due to port forwarding features. I had PIA functioning perfectly, however after the initial configuration of openvpn client for AirVPN it doesn't seem to be pulling an IP address. The only thing that I wasn't able to do during the setup was select " Client Certificate = [ AirVPN_CERT ▼]" The only option was either none (user/password) or webConfigurator.

 

Any suggestions?

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

Try to follow every step from this guide:

https://airvpn.org/pfsense/

 

You will have to import new AirVPN certificates from your config file that you download in the Client Area.

 

Many Air users got their pfSense perfectly set thanks to this tutorial.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

plainzwalker    0

plainzwalker
Posted ...

Yeah, that is what I am using. It fails to connect to the servers. I even did a factory refresh for my pfsense system and started from scratch and it still doesn't connect to the AirVPN servers.

Share this post

Link to post

plainzwalker    0

plainzwalker
Posted ...

I followed the guide, however it is not connecting. Here is a copy of the log.

 

Jan 4 02:16:47 openvpn[91144]: TCP/UDP: Closing socket Jan 4 02:16:47 openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting Jan 4 02:16:47 openvpn[91144]: Restart pause, 2 second(s) Jan 4 02:16:49 openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 4 02:16:49 openvpn[91144]: Re-using SSL/TLS context Jan 4 02:16:49 openvpn[91144]: LZO compression initialized Jan 4 02:16:49 openvpn[91144]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] Jan 4 02:16:49 openvpn[91144]: Socket Buffers: R=[42080->65536] S=[57344->65536] Jan 4 02:16:49 openvpn[91144]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Jan 4 02:16:49 openvpn[91144]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Jan 4 02:16:49 openvpn[91144]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Jan 4 02:16:49 openvpn[91144]: Local Options hash (VER=V4): '9e7066d2' Jan 4 02:16:49 openvpn[91144]: Expected Remote Options hash (VER=V4): '162b04de' Jan 4 02:16:49 openvpn[91144]: UDPv4 link local (bound): [AF_INET]x.x.x.x Jan 4 02:16:49 openvpn[91144]: UDPv4 link remote: [AF_INET]199.19.94.12:443 Jan 4 02:16:49 openvpn[91144]: TLS: Initial packet from [AF_INET]199.19.94.12:443, sid=fdae2ad2 9ea0f95d Jan 4 02:16:49 openvpn[91144]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jan 4 02:16:49 openvpn[91144]: Validating certificate key usage Jan 4 02:16:49 openvpn[91144]: ++ Certificate has key usage 00a0, expects 00a0 Jan 4 02:16:49 openvpn[91144]: VERIFY KU OK Jan 4 02:16:49 openvpn[91144]: Validating certificate extended key usage Jan 4 02:16:49 openvpn[91144]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jan 4 02:16:49 openvpn[91144]: VERIFY EKU OK Jan 4 02:16:49 openvpn[91144]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Jan 4 02:16:50 openvpn[85087]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 4 02:16:50 openvpn[85087]: TLS Error: TLS handshake failed Jan 4 02:16:50 openvpn[85087]: TCP/UDP: Closing socket Jan 4 02:16:50 openvpn[85087]: SIGUSR1[soft,tls-error] received, process restarting Jan 4 02:16:50 openvpn[85087]: Restart pause, 2 second(s) Jan 4 02:16:52 openvpn[85087]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 4 02:16:52 openvpn[85087]: Re-using SSL/TLS context Jan 4 02:16:52 openvpn[85087]: LZO compression initialized Jan 4 02:16:52 openvpn[85087]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] Jan 4 02:16:52 openvpn[85087]: Socket Buffers: R=[42080->65536] S=[57344->65536] Jan 4 02:16:52 openvpn[85087]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Jan 4 02:16:52 openvpn[85087]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Jan 4 02:16:52 openvpn[85087]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Jan 4 02:16:52 openvpn[85087]: Local Options hash (VER=V4): '9e7066d2' Jan 4 02:16:52 openvpn[85087]: Expected Remote Options hash (VER=V4): '162b04de' Jan 4 02:16:52 openvpn[85087]: UDPv4 link local (bound): [AF_INET]x.x.x.x Jan 4 02:16:52 openvpn[85087]: UDPv4 link remote: [AF_INET]199.19.94.12:443 Jan 4 02:16:52 openvpn[85087]: TLS: Initial packet from [AF_INET]199.19.94.12:443, sid=46c3282f c286aee7 Jan 4 02:16:52 openvpn[85087]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jan 4 02:16:52 openvpn[85087]: Validating certificate key usage Jan 4 02:16:52 openvpn[85087]: ++ Certificate has key usage 00a0, expects 00a0 Jan 4 02:16:52 openvpn[85087]: VERIFY KU OK Jan 4 02:16:52 openvpn[85087]: Validating certificate extended key usage Jan 4 02:16:52 openvpn[85087]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jan 4 02:16:52 openvpn[85087]: VERIFY EKU OK Jan 4 02:16:52 openvpn[85087]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org

 

Share this post

Link to post

plainzwalker    0

plainzwalker
Posted ...

I am still trying to get this to work with no luck. Here is a log from my latest attempt, to a specific server, via TCP and non-common port. I have tried 54/445 UDP/TCP and no luck. Suggestions?

 

Jan 5 21:09:51  openvpn[92719]: Restart pause, 5 second(s)
Jan 5 21:09:51  openvpn[92719]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 5 21:09:51  openvpn[92719]: Connection reset, restarting [0]
Jan 5 21:09:47  openvpn[92719]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jan 5 21:09:47  openvpn[92719]: VERIFY EKU OK
Jan 5 21:09:47  openvpn[92719]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 5 21:09:47  openvpn[92719]: Validating certificate extended key usage
Jan 5 21:09:47  openvpn[92719]: VERIFY KU OK
Jan 5 21:09:47  openvpn[92719]: ++ Certificate has key usage 00a0, expects 00a0
Jan 5 21:09:47  openvpn[92719]: Validating certificate key usage
Jan 5 21:09:47  openvpn[92719]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 5 21:09:46  openvpn[92719]: TLS: Initial packet from [AF_INET]213.152.161.9:2018, sid=e8975ab8 89691a31
Jan 5 21:09:46  openvpn[92719]: TCPv4_CLIENT link remote: [AF_INET]213.152.161.9:2018
Jan 5 21:09:46  openvpn[92719]: TCPv4_CLIENT link local (bound): [AF_INET]173.72.244.94
Jan 5 21:09:46  openvpn[92719]: TCP connection established with [AF_INET]213.152.161.9:2018
Jan 5 21:09:45  openvpn[92719]: Attempting to establish TCP connection with [AF_INET]213.152.161.9:2018 [nonblock]
Jan 5 21:09:45  openvpn[92719]: Socket Buffers: R=[65228->65536] S=[65228->65536]
Jan 5 21:09:45  openvpn[92719]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 5 21:09:40  openvpn[92719]: Restart pause, 5 second(s)
Jan 5 21:09:40  openvpn[92719]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 5 21:09:40  openvpn[92719]: Connection reset, restarting [0]
Jan 5 21:09:35  openvpn[92719]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jan 5 21:09:35  openvpn[92719]: VERIFY EKU OK
Jan 5 21:09:35  openvpn[92719]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 5 21:09:35  openvpn[92719]: Validating certificate extended key usage
Jan 5 21:09:35  openvpn[92719]: VERIFY KU OK
Jan 5 21:09:35  openvpn[92719]: ++ Certificate has key usage 00a0, expects 00a0
Jan 5 21:09:35  openvpn[92719]: Validating certificate key usage
Jan 5 21:09:35  openvpn[92719]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 5 21:09:34  openvpn[92719]: TLS: Initial packet from [AF_INET]213.152.161.9:2018, sid=fdf13c18 2b2cb4eb
Jan 5 21:09:34  openvpn[92719]: TCPv4_CLIENT link remote: [AF_INET]213.152.161.9:2018
Jan 5 21:09:34  openvpn[92719]: TCPv4_CLIENT link local (bound): [AF_INET]173.72.244.94
Jan 5 21:09:34  openvpn[92719]: TCP connection established with [AF_INET]213.152.161.9:2018
Jan 5 21:09:33  openvpn[92719]: Attempting to establish TCP connection with [AF_INET]213.152.161.9:2018 [nonblock]
Jan 5 21:09:33  openvpn[92719]: Socket Buffers: R=[65228->65536] S=[65228->65536]
Jan 5 21:09:33  openvpn[92719]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 5 21:09:28  openvpn[92719]: Restart pause, 5 second(s)
Jan 5 21:09:28  openvpn[92719]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 5 21:09:28  openvpn[92719]: Connection reset, restarting [0]
Jan 5 21:09:24  openvpn[92719]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jan 5 21:09:24  openvpn[92719]: VERIFY EKU OK
Jan 5 21:09:24  openvpn[92719]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 5 21:09:24  openvpn[92719]: Validating certificate extended key usage
Jan 5 21:09:24  openvpn[92719]: VERIFY KU OK
Jan 5 21:09:24  openvpn[92719]: ++ Certificate has key usage 00a0, expects 00a0
Jan 5 21:09:24  openvpn[92719]: Validating certificate key usage
Jan 5 21:09:24  openvpn[92719]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 5 21:09:23  openvpn[92719]: TLS: Initial packet from [AF_INET]213.152.161.9:2018, sid=6e27852a 133a76af
Jan 5 21:09:23  openvpn[92719]: TCPv4_CLIENT link remote: [AF_INET]213.152.161.9:2018
Jan 5 21:09:23  openvpn[92719]: TCPv4_CLIENT link local (bound): [AF_INET]173.72.244.94
Jan 5 21:09:23  openvpn[92719]: TCP connection established with [AF_INET]213.152.161.9:2018
Jan 5 21:09:22  openvpn[92719]: Attempting to establish TCP connection with [AF_INET]213.152.161.9:2018 [nonblock]
Jan 5 21:09:22  openvpn[92719]: Socket Buffers: R=[65228->65536] S=[65228->65536]
Jan 5 21:09:22  openvpn[92719]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 5 21:09:17  openvpn[92719]: Restart pause, 5 second(s)
Jan 5 21:09:17  openvpn[92719]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 5 21:09:17  openvpn[92719]: Connection reset, restarting [0]
Jan 5 21:09:12  openvpn[92719]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jan 5 21:09:12  openvpn[92719]: VERIFY EKU OK
Jan 5 21:09:12  openvpn[92719]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 5 21:09:12  openvpn[92719]: Validating certificate extended key usage
Jan 5 21:09:12  openvpn[92719]: VERIFY KU OK
Jan 5 21:09:12  openvpn[92719]: ++ Certificate has key usage 00a0, expects 00a0
Jan 5 21:09:12  openvpn[92719]: Validating certificate key usage
Jan 5 21:09:12  openvpn[92719]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 5 21:09:11  openvpn[92719]: TLS: Initial packet from [AF_INET]213.152.161.9:2018, sid=8c8c203f c144eb27
Jan 5 21:09:11  openvpn[92719]: TCPv4_CLIENT link remote: [AF_INET]213.152.161.9:2018
Jan 5 21:09:11  openvpn[92719]: TCPv4_CLIENT link local (bound): [AF_INET]173.72.244.94
Jan 5 21:09:11  openvpn[92719]: TCP connection established with [AF_INET]213.152.161.9:2018
Jan 5 21:09:10  openvpn[92719]: Attempting to establish TCP connection with [AF_INET]213.152.161.9:2018 [nonblock]
Jan 5 21:09:10  openvpn[92719]: Socket Buffers: R=[65228->65536] S=[65228->65536]
Jan 5 21:09:10  openvpn[92719]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 5 21:09:05  openvpn[92719]: Restart pause, 5 second(s)
Jan 5 21:09:05  openvpn[92719]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 5 21:09:05  openvpn[92719]: Connection reset, restarting [0]
Jan 5 21:09:00  openvpn[92719]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jan 5 21:09:00  openvpn[92719]: VERIFY EKU OK
Jan 5 21:09:00  openvpn[92719]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 5 21:09:00  openvpn[92719]: Validating certificate extended key usage
Jan 5 21:09:00  openvpn[92719]: VERIFY KU OK
Jan 5 21:09:00  openvpn[92719]: ++ Certificate has key usage 00a0, expects 00a0
Jan 5 21:09:00  openvpn[92719]: Validating certificate key usage
Jan 5 21:09:00  openvpn[92719]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 5 21:08:58  openvpn[92719]: TLS: Initial packet from [AF_INET]213.152.161.9:2018, sid=43fdc4fe 7ecf493e
Jan 5 21:08:58  openvpn[92719]: TCPv4_CLIENT link remote: [AF_INET]213.152.161.9:2018
Jan 5 21:08:58  openvpn[92719]: TCPv4_CLIENT link local (bound): [AF_INET]173.72.244.94
Jan 5 21:08:58  openvpn[92719]: TCP connection established with [AF_INET]213.152.161.9:2018
Jan 5 21:08:57  openvpn[92719]: Attempting to establish TCP connection with [AF_INET]213.152.161.9:2018 [nonblock]
Jan 5 21:08:57  openvpn[92719]: Socket Buffers: R=[65228->65536] S=[65228->65536]
Jan 5 21:08:57  openvpn[92719]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 5 21:08:57  openvpn[92719]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 5 21:08:57  openvpn[92719]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
Jan 5 21:08:57  openvpn[92719]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 5 21:08:57  openvpn[92719]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jan 5 21:08:57  openvpn[92627]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
Jan 5 21:08:57  openvpn[92627]: OpenVPN 2.3.8 i386-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
Jan 5 21:08:57  openvpn[86441]: SIGTERM[hard,] received, process exiting
Jan 5 21:08:57  openvpn[86441]: TLS: Initial packet from [AF_INET]213.152.161.9:2018, sid=98390feb a3dfef0b
Jan 5 21:08:56  openvpn[86441]: TCPv4_CLIENT link remote: [AF_INET]213.152.161.9:2018
Jan 5 21:08:56  openvpn[86441]: TCPv4_CLIENT link local (bound): [AF_INET]173.72.244.94

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...