How To Set Up pfSense 2.3 for AirVPN

[Casper31 73]

Installed PfblockerNG on 2.3 .Everthing seems to work oke.

I noticed that the url`s from iblocklist can take a lot of resources .

​Question about the configuration :if you mark openvpn on the general page ,how does it work with openvpn client.

​Because i do not see any firewall rule appear.

Don`t know if make sense to make use of a floating rule.

Any ideas ​?

​Gr,casper

​

[pfSense_fan 181]

Hello, pfSense_fan,

I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile.

 

I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has.

 

Thanks again.

 

 

Thank you, it means lot to read such a wonderful compliment. I am so glad it has helped you. For anyone interested, updating the guide from the original to the new 2.3 took over 100 hours of research and and editing. The original guide took well over a few thousand hours including learning/upgrading it between iterations. I rushed this one out to have it ready for 2.3. There will be small edits over time to explain in more detail what and why settings are recommended the way they are. For now I need a break from it. There will also be some additional optional steps added.

 

I hope it lasts as long too, and i really hope, as I always have, that discussion will pick up in this thread among users and together we can evolve the discussion to make this better for everyone.

[Voodoo1965 0]

Hi, I followed this guide through (nice guide btw)..have rechecked and afaik all settings are correct but I can't access any DNS servers, the openvpn log says can't resolve host address

 

Prior to this setup I had been connecting through the pfsense router
using the airvpn "eddie" and was connecting without issue.

The only real difference to the guideline setup is this pfsense router
(192.168.3.1) is behind a NAT ISP router (192.168.1.1) so I was
replacing the 192.168.1.1 entries in the guide with 192.168.3.1

 

I'm not too experienced with this stuff but have included DNS resolver log -

 

Apr 26 21:00:30     unbound     91287:3     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:30     unbound     91287:3     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:30     unbound     91287:2     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:30     unbound     91287:2     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:30     unbound     91287:2     debug: cache memory msg=77683 rrset=66072 infra=3130 val=66280
Apr 26 21:00:30     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:30     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:30     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 0.000000 0.000001 659
Apr 26 21:00:30     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:30     unbound     91287:2     info: [25%]=2.52656e-07 median[50%]=5.05311e-07 [75%]=7.57967e-07
Apr 26 21:00:30     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:30     unbound     91287:2     info: average recursion processing time 0.391632 sec
Apr 26 21:00:30     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 666 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:30     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:30     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:30     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:30     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:30     unbound     91287:2     info: validator operate: query db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:30     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:30     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:30     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:30     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:30     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:30     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:30     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:30     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:30     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:30     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:30     unbound     91287:2     info: processQueryTargets: db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:30     unbound     91287:2     debug: forwarding request
Apr 26 21:00:30     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:30     unbound     91287:2     info: resolving db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:30     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:30     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:30     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:30     unbound     91287:2     info: validator operate: query db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: start
Apr 26 21:00:30     unbound     91287:2     debug: udp request from ip4 127.0.0.1 port 37143 (len 16)
Apr 26 21:00:30     unbound     91287:2     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:29     unbound     91287:0     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:29     unbound     91287:0     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:29     unbound     91287:3     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:29     unbound     91287:3     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:2     debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280
Apr 26 21:00:28     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:28     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:28     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 0.000000 0.000001 658
Apr 26 21:00:28     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:28     unbound     91287:2     info: [25%]=2.5266e-07 median[50%]=5.05319e-07 [75%]=7.57979e-07
Apr 26 21:00:28     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:28     unbound     91287:2     info: average recursion processing time 0.392221 sec
Apr 26 21:00:28     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 665 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:28     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:28     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:28     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:28     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:28     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:28     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:28     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:28     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:28     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:28     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:28     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:28     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:28     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:28     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:28     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:28     unbound     91287:2     info: processQueryTargets: 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:28     unbound     91287:2     debug: forwarding request
Apr 26 21:00:28     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:28     unbound     91287:2     info: resolving 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:28     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:28     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:28     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:28     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: start
Apr 26 21:00:28     unbound     91287:2     debug: udp request from ip4 127.0.0.1 port 60673 (len 16)
Apr 26 21:00:28     unbound     91287:2     debug: answer from the cache failed
Apr 26 21:00:28     unbound     91287:2     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:0     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:0     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:3     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:28     unbound     91287:3     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:2     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:2     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:2     debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280
Apr 26 21:00:27     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:27     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:27     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 0.000000 0.000001 657
Apr 26 21:00:27     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:27     unbound     91287:2     info: [25%]=2.52664e-07 median[50%]=5.05327e-07 [75%]=7.57991e-07
Apr 26 21:00:27     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:27     unbound     91287:2     info: average recursion processing time 0.392812 sec
Apr 26 21:00:27     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 664 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:27     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:27     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:27     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:27     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:27     unbound     91287:2     info: validator operate: query nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:27     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:27     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:27     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:27     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:27     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:27     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:27     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:27     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:27     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:27     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:27     unbound     91287:2     info: processQueryTargets: nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:27     unbound     91287:2     debug: forwarding request
Apr 26 21:00:27     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:27     unbound     91287:2     info: resolving nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:27     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:27     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:27     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:27     unbound     91287:2     info: validator operate: query nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: start
Apr 26 21:00:27     unbound     91287:2     debug: udp request from ip4 127.0.0.1 port 1665 (len 16)
Apr 26 21:00:27     unbound     91287:2     debug: answer from the cache failed
Apr 26 21:00:27     unbound     91287:2     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:27     unbound     91287:3     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:3     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:26     unbound     91287:0     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:26     unbound     91287:0     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:26     unbound     91287:2     debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280
Apr 26 21:00:26     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:26     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:26     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 0.000000 0.000001 656
Apr 26 21:00:26     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:26     unbound     91287:2     info: [25%]=2.52668e-07 median[50%]=5.05335e-07 [75%]=7.58003e-07
Apr 26 21:00:26     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:26     unbound     91287:2     info: average recursion processing time 0.393404 sec
Apr 26 21:00:26     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 663 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:26     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:26     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:26     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:26     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:26     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:26     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. A IN
Apr 26 21:00:26     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:26     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:26     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:26     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:26     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:26     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:26     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:26     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:26     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:26     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:26     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:26     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:26     unbound     91287:2     info: processQueryTargets: 2.pool.ntp.org. A IN
Apr 26 21:00:26     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:26     unbound     91287:2     debug: forwarding request
Apr 26 21:00:26     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:26     unbound     91287:2     info: resolving 2.pool.ntp.org. A IN
Apr 26 21:00:26     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:26     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:26     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:26     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:26     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:26     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. A IN

[bama 0]

pfSense_fan,hope you are well,quick question,I have all settings in properly I believe and I have Internet access as well as vpn connection to air but when I try to run a dns leak test I can't get any result also in my tablet my router 192.168.1.1 is the same as my dns any chance you can help me find error by the way I used 10.4.0.1 as dns on general set up page.and thanks for your time.

[LazyLizard14 11]

Great work pfSense_fan! I see there are some changes in the custom options / advanced configuration of the VPN client compared to the older guide. You noticed some changes in performance of the VPN connection compared to the old ones?

[bama 0]

Can anyone who has used the 2.3 to do a fresh install help me out,I'm noticing since I set it up that I my the router and dns fields in my iPad now display the same number my Vpn connection is to air servers seem to be working,but my dns seems to be off I can't run dnsleaktest the airvpn speed test no longer works,I have checked and rechecked settings all seem ok unless I just missed something.thanks for any help you can give,I know I'm not being specific but I'm describing what's happening.

[jds_uniphase 0]

Great guide!

 

i followed the instructions and everything seems to be working.

except i can't ping python.org.

i can do it from the diagnostics, but not from the console.

 

any suggestions?

[isengar 1]

have a question in

Step 4-A: Assigning the OpenVPN Interface

 

i followed the setup, but it will not allow me to save at this point. I get this error

 

The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.

 

but under IPv4 Configuration Type set to none.

ame as ip6 

 

i have checked the dhcp server it only active on my lan.

i have stop DHCP and rebooted. it still gives me the error 

but my internet feed from cogeco is set to dhcp (do not have a static ip from them )

[isengar 1]

thanks for the guide,

solved my interface save problem

Bill

[MrConducter 11]

 

Hello, pfSense_fan,

I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile.

 

I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has.

 

Thanks again.

 

 

Thank you, it means lot to read such a wonderful compliment. I am so glad it has helped you. For anyone interested, updating the guide from the original to the new 2.3 took over 100 hours of research and and editing. The original guide took well over a few thousand hours including learning/upgrading it between iterations. I rushed this one out to have it ready for 2.3. There will be small edits over time to explain in more detail what and why settings are recommended the way they are. For now I need a break from it. There will also be some additional optional steps added.

 

I hope it lasts as long too, and i really hope, as I always have, that discussion will pick up in this thread among users and together we can evolve the discussion to make this better for everyone.

 

Great work dude I really am impressed. It took me 4 hours to get through it and then I messed something up so it didn't work anyways lol! There is no way in hell I would have the time/patience/knowledge to make something like this. It's invaluable to noobs like me. I'm still working through it...and I thought setting up DD-WRT was hard haha

[cliff.peeples 0]

Like many others, I appreciate your guide Followed your previous guide (Multiple NIC interfaces) and had zero issues getting everything going properly.

 

Now, however, with the upgrade to 2.3... Your multiple interfaces guide isn't yet available. Any timeframe when you may be done with it? I followed everything with this guide and ensured I was still paying attention to IP configurations so as to utilize the other NIC for the VPN routing, and my LAN/WAN traffic for AIRVPN is non-existent. 

 

Connecting my devices to the wireless access point utilized for VPN connectivity reports as "no Internet access available"

[dssguy11 4]

yes i have the multi nic using 2.2.6 and want to move to the 2.3 new version but need the multi version as well.  Thanks so much for all the time you put into this.

[MrConducter 11]

Wait...multiple NIC interface guide? I thought pfsense required multiple NICS?? Like a router?

[dssguy11 4]

Pfsense normally uses two NICs.  One for the internet, and one for your LAN.  In the last guide, PFsense_fan wrote a guide the had an additional NIC just for AirVPN.  So basically I had two Cisco switches, each connected to a different NIC.  Anything I plugged into the one switch would be on the VPN, anything I plugged into the other switch would use the regular internet and bypass the VPN.

[MrConducter 11]

Ah that's pretty cool. If I don't want to do that though I don't have to worry about it right? I just have the internet NIC and then the LAN is going to my wireless router I am trying to setup as an AP. 

[dssguy11 4]

you will need 2 NICs though.. one you plug into the internet, the other plugs into a switch or your wireless router (in AP mode)..  You should turn off all DHCP and such on the wireless router and just like you said, put it in AP mode.

[MrConducter 11]

Yup that's exactly what I'm trying to do. I bought a mini-pc thing for this and it has 2 NICS, so I'm good there. It's just a matter of correctly configuring everything. I'm soooooooooooo close!

[dssguy11 4]

be patient, PFsense is VERY confusing.. one wrong tick somewhere and your fuxxed

[cliff.peeples 0]

Dssguy11 nailed it. My previous setup involved an AP for "clearnet", and an AP for VPN in the states (we live in Seoul, Korea). The wife and kids connect to the VPN in order to watch shows and surf content more easily. Keeping the networks "physically" segregated made the most sense to me, as it keeps me from having to explain things to the family.

 

"Just connect to the VPN or VPN5g wireless, dear"

 

Sent from my Nexus 6P using Tapatalk

[MrConducter 11]

be patient, PFsense is VERY confusing.. one wrong tick somewhere and your fuxxed

 

Thank you, I need the encouragement. If it weren't for this thread I would be fuxxed lol 

[pfSense_fan 181]

For those asking about the clearnet interface, I don't have a timetable other than to say eventually.

 

If you used the original guide, you should be ale to extrapolate how to accomplish this.

 

First create and name a new interface. All settings on the interface page are the same are the AirVPN_LAN interface EXCEPT the name and IP address of the subnet you choose.

 

Under dhcp server for the new interface, replace the 192.168.1.100 - 192.168.1.199 with 192.168.123.100 - 192.168.123.199 (or whatever subnet you chose)

 

For the rest of the interface settings, simply replace AirVPN_LAN in the rules for Clear_LAN (or whatever you name it) and AirVPN_WAN with WAN.

 

On the outbound rule, select WAN for the gateway.

 

There is not much different, you are just telling the traffic where to go. I highly encourage you all to take ther time to understand how this works, the information is there in the guide. If not, I will eventually open up the text editor and add it, right now I am backed up with work and cannot.

[cliff.peeples 0]

For those asking about the clearnet interface, I don't have a timetable other than to say eventually.

 

If you used the original guide, you should be ale to extrapolate how to accomplish this.

 

First create and name a new interface. All settings on the interface page are the same are the AirVPN_LAN interface EXCEPT the name and IP address of the subnet you choose.

 

Under dhcp server for the new interface, replace the 192.168.1.100 - 192.168.1.199 with 192.168.123.100 - 192.168.123.199 (or whatever subnet you chose)

 

For the rest of the interface settings, simply replace AirVPN_LAN in the rules for Clear_LAN (or whatever you name it) and AirVPN_WAN with WAN.

 

On the outbound rule, select WAN for the gateway.

 

There is not much different, you are just telling the traffic where to go. I highly encourage you all to take ther time to understand how this works, the information is there in the guide. If not, I will eventually open up the text editor and add it, right now I am backed up with work and cannot.

Thank you for the response. I'll go back and double check my configs again. I'm not entirely sure if it was related to the upgrade and not a clean install, borking my routes. I'll redo my config from scratch and see where that takes me. I know there were a few server changes (one of which I used as a primary exit point), so that complicated things a bit. Once I started tracing my steps, I realized the VPN connection kept terminating. Maybe I should change the log level and look again for specifics.

[cliff.peeples 0]

Not exactly sure why, but the configuration for 2.3 you have above would NOT function properly with multiple (3) interfaces. Ended up wiping the configuration and creating one from your 2.1 guide, and it worked fine. Not sure why the upgrade killed the configuration either, but at least I'm up and running again.

[dssguy11 4]

Cliff, so just to confirm.  You are now running 2.3 with multiple network cards but you used the old guide to get it working? 

[pfSense_fan 181]

Not exactly sure why, but the configuration for 2.3 you have above would NOT function properly with multiple (3) interfaces. Ended up wiping the configuration and creating one from your 2.1 guide, and it worked fine. Not sure why the upgrade killed the configuration either, but at least I'm up and running again.

 

It does work.

 

Unlike the old guide, the 2.3 guide is very close to how I actually use my appliance.  It works for me and is tested and working for others.  There is no hidden magic to adding a clear interface.... you create a new interface and through all of the SAME STEPS, tell the traffic to route out WAN instead of AirVPN_WAN.

 

If you tried and it failed you missed something. It's normal, there are a lot of steps/settings and it is easy to overlook one or more. The most common mistake is the outbound NAT settings and not defining the correct gateway on the outbound firewall rule.

 

I changed this guide to create the AirVPN_LAN interface first due to the high demand. Adding a second interface for clearnet works the same way in principal as the old guide.... but the old guide should not be used. here are too many settings that have changed.