Jump to content
Not connected, Your IP: 3.145.180.152
pfSense_fan

How To Set Up pfSense 2.3 for AirVPN

Recommended Posts

 

i searched this thread and i couldnt find much but

 

  1. VPN
  2. OpenVPN
  3. Clients
  4. Edit

     

    america.vpn.airdns.org sometimes doesnt work, i had this problem before and had to put in the server manually, but i want it to be able to reconnect

     

    what is the correct host name now?

I tried a couple different ones and wasn't able to get pfsense to work with any of them.  I just ended up putting several server IPs into the advanced box under clients.  This made more sense to me anyway because I can hand pick which servers I want in the list and still offer redundancy.

Share this post


Link to post

I have set up as per the instructions, and it all works OK.

 

However how do a change the LAN setting to be PPPOE, as I want to use a UTM downstream that will handle to the PPPOE negociation.

 

In fact do I need to set LAN as PPPOE, is there a PPPOE Relay setting like there is in DD-WRT?

Share this post


Link to post

I just did a fresh installation of pfSense 2.4.2 and applied this tutorial. Worked like a charm. Some tiny things are different tho (mainly labels). However, it's not a big deal.

Share this post


Link to post

I've been using this setup fine for a long time, but I have always had packet loss.  It's usually low, at 2-3%, but sometimes it's 10%.  Changing servers doesn't fix it.  The WAN side connection shows no packet loss.  

 

These errors show up in the log. Could it be related? 

 

Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
 

Share this post


Link to post

 

I've been using this setup fine for a long time, but I have always had packet loss.  It's usually low, at 2-3%, but sometimes it's 10%.  Changing servers doesn't fix it.  The WAN side connection shows no packet loss.  

 

These errors show up in the log. Could it be related? 

 

Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
 

 

 

no, those errors wouldn't result in packet loss.  those "errors" are the result of settings of the openvpn client that help us use it with pfsense as we want to.

 

What IP address are you using for gateway monitoring that's showing packet loss through the VPN tunnel?

Share this post


Link to post

The monitor IP is 10.4.0.1

Doesn't work with AirVPN. You need to use public DNS servers for now as a workaround

Share this post


Link to post

 

The monitor IP is 10.4.0.1

Doesn't work with AirVPN. You need to use public DNS servers for now as a workaround

 

 

10.4.0.1 doesn't work consistently as a monitor IP with pfsense 2.4.x but does absolutely work as a DNS.

 

For monitor IP I've been using the alternate entry IP of the server to which I'm connected at the time.

Share this post


Link to post

 

 

The monitor IP is 10.4.0.1

Doesn't work with AirVPN. You need to use public DNS servers for now as a workaround

 

 

10.4.0.1 doesn't work consistently as a monitor IP with pfsense 2.4.x but does absolutely work as a DNS.

 

For monitor IP I've been using the alternate entry IP of the server to which I'm connected at the time.

Yes. I meant as IP monitor for dpinger

Share this post


Link to post

bla bla bla ..

 

If you read this, can you please let us know whether you're still using AirVPN?

I'd use your referral when I need to resub, but only if you're still using it.

 

Thanks!

Share this post


Link to post

Hi all,

I would greatly appreciate any and all help on this. This problem has had me battering my metaphorical head against my actual pfsense box.

My aim is to open a few ports on my NAS, which by policy routing, is going through a VPN (AirVPN). For example, Plex needs an open port to be open in and outbound. My NAS therefore is on the VPN gateway/interface.

I have opened the port in AirVPN (28125 for testing), and using the website test and curl ifconfig.co/port/28125 via linux terminal both fail. So then for testing, a changed it to forward to a non VPN client on my WAN. Still nothing via canyouseeme.org. Plex on both machines also listed as closed.

So I have gone to the extreme with rules just for testing (see attached), and opened the 28125 port on my LAN, WAN, VPN, OpenVPN and STILL nothing either on the NAS or my PC as above.

Images of my setup/rules:

https://imgur.com/a/ZLT2vRf

What in theory I thought I would need only was;

  1. Port forward rule; From interface VPN, no source/port address, dest address ther VPN address, Dest and NAT ports 28125, with NAT IP my lan client
  2. The associated firewall rule at the top; source/port *, Destination my LAN client IP, port 28125, Gateway VPN interface

Completely flummoxed as to why if this port is completely wide open it is still not connecting? Any tips how to troubleshoot this further? I am fairly new (few months) to PFsense, so aware that I am might be missing something blindingly obvious....!

Share this post


Link to post

Hi All

 

I have just completed an install using this excellent guide but have a concern that I hope someone can help with.

My setup is that pfsense is installed in a virtualbox vm with em0 bridged to my nic in windows 7 pro & em1 on intnet with a unbuntu vm connecting to the internet with no issues through the pfsense vm via the intnet.

 

My problem is that when I use https://ipleak.net/ to check my vpn connection, the webrtc dectection ip address shown (if media.peerconnection is enabled in firefox) is the Ubuntu vm private rfc1918 address (192.168.2.11 - assigned by the pfsense em1 interface).

The main ip address & dns servers show AirVPN addresses like they should.

 

Can someone shed light on why/how this is happening & what to do about it?

 

Thanks in advance.

Share this post


Link to post

As AirVPN officially is rolling out IPv6 since June 15th, will there be an adaptation/refresh of this guide? During the setup IPv6 is strictly disabled and I don't know which toggles to switch on again to be on the save side but get IPv6 connectivity. It would really be great to have IPv6 connectivity through an IPv4 tunnel on my pfSense box.

 

My initial 5 minute workaround is a second tunnel from my computer through the first pfSense tunnel which allows me to get IPv6 connectivity. This solution is not ideal because it increases the transmitted data volume immensely and I always have to look out for my local firewall.

 

 

Share this post


Link to post

As AirVPN officially is rolling out IPv6 since June 15th, will there be an adaptation/refresh of this guide? During the setup IPv6 is strictly disabled and I don't know which toggles to switch on again to be on the save side but get IPv6 connectivity. It would really be great to have IPv6 connectivity through an IPv4 tunnel on my pfSense box.

 

My initial 5 minute workaround is a second tunnel from my computer through the first pfSense tunnel which allows me to get IPv6 connectivity. This solution is not ideal because it increases the transmitted data volume immensely and I always have to look out for my local firewall.

 

 

I wouldn't expect an update.  The writer of this guide hasn't been around for 1.5 years now.

Share this post


Link to post
Posted ... (edited)

 

 

The monitor IP is 10.4.0.1

Doesn't work with AirVPN. You need to use public DNS servers for now as a workaround

 

 

10.4.0.1 doesn't work consistently as a monitor IP with pfsense 2.4.x but does absolutely work as a DNS.

 

For monitor IP I've been using the alternate entry IP of the server to which I'm connected at the time.

 

 

I have noticed that, i used https://nguvu.org/ guide and he/she sets that as the monitor ip,sometimes is green sometimes not.  anyhow i have bigger fish to fry my vpn vlan does not leak but its showing my isp address instead of air's ip even tho im connected to air.

 

got my problem solved needed to pay more attention

Edited ... by flat4

Share this post


Link to post

 

As AirVPN officially is rolling out IPv6 since June 15th, will there be an adaptation/refresh of this guide? During the setup IPv6 is strictly disabled and I don't know which toggles to switch on again to be on the save side but get IPv6 connectivity. It would really be great to have IPv6 connectivity through an IPv4 tunnel on my pfSense box.

 

My initial 5 minute workaround is a second tunnel from my computer through the first pfSense tunnel which allows me to get IPv6 connectivity. This solution is not ideal because it increases the transmitted data volume immensely and I always have to look out for my local firewall.

 

 

I wouldn't expect an update.  The writer of this guide hasn't been around for 1.5 years now.

And wasn't online since November 2017

Share this post


Link to post

Hi All,

Just followed this fantastic guide and I have my pfsense box connected to AirVPN all ok.

However, I currently only have one box on my pfsense LAN (a torrent box) which was the reason for setting this up.

It is running DietPi so a small install of Raspian on an old Pi.

The problem I'm having is I don't seem to be able to tell from the DietPi machine if its traffic is actually being covered by the VPN

I have resolv.conf on the Pi pointing to the inside of the pfsense box as its DNS server.

I'd also like to check for any DNS leaks.

This is all from a command line

Any help gratefully recieved

Thanks

Share this post


Link to post

I have followed the guide and i was able to have my Pfsense box and airvpn always on untill this morning when by itself the connection stopped working.

From the Client Area in air vpn i can see the pfsense router is connected with the air server but i have no Air-WAN traffic...

It seems there are issues in the rules but ibam unable ro find which one might be and what's wrong as I haven't made any change and the problem suddenly appeared.

If anyone might help, it would be great

Share this post


Link to post

I have followed the guide and i was able to have my Pfsense box and airvpn always on untill this morning when by itself the connection stopped working.

From the Client Area in air vpn i can see the pfsense router is connected with the air server but i have no Air-WAN traffic...

It seems there are issues in the rules but ibam unable ro find which one might be and what's wrong as I haven't made any change and the problem suddenly appeared.

If anyone might help, it would be great

 

Have you rebooted your pfsense box?  Is there something wrong with the AirVPN server you're trying to connect to?

Share this post


Link to post

add remote servers following this guide:    https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?do=findComment&comment=40139

my connection to pavonis dropped last night at 2am.  and automagically reconected to the next server in my configuration

 

##### TUNNEL OPTIONS #####;
### Use Multple "remote" entries with the according entry IP address of your favorite servers ###;
### other than the server entered in the "Server Host or Address" entry above and pfSense ###;
### will automatically recconnect in a round robin fashion if the server you are connected to ###;
### goes down or is having quality issues. Edit and uncomment the fake lines below or add your own. ###;
###remote XX.XX.XX.XX 443 ###AirVPN_US-Atlanta-Georgia_Kaus_UDP-443###;
###remote XXX.XX.XX.XXX 2018 ###AirVPN_US-Miami_Acamar_UDP-2018###;
###remote XXX.XX.XX.XXX 2018 ###AirVPN_US-Miami_Yildun_UDP-2018###;
###remote XX.XX.XX.XX 53 ###AirVPN_US-Miami_Cursa_UDP-53###;
###remote XXX.XX.XX.XX 443 ###AirVPN_CA-Dheneb_UDP-443###;
###remote XXX.XX.XXX.XXX 443 ###AirVPN_CA-Saiph_UDP-443###;

Share this post


Link to post

Hi Guys,

I'm just going through this guide now but have a question about disabling the IPV6.

 

Is it neccessary to disable it?

With my current pfsense config, if I disable IPV6 on my wan I get booted off my ISP.

 

Might be a dumb question, but pfsense is still fairly new to me (considering my semi-advanced setup).

 

My ISP uses fiber with vlag tagging, but for whatever reason when I disable IPV6 I go down and can't come back up!

Share this post


Link to post

Hi Guys,

I'm just going through this guide now but have a question about disabling the IPV6.

 

Is it neccessary to disable it?...

 

I don't use IPv6, but I'm pretty sure these types of guides disable it because of the difficulty of anonomyzing yourself with it.  If your system is up and running with IPv6, then give it a shot with keeping it active.  My guess is you'll have to perform steps equivalent to the IPv4 stuff on the IPv6 side, but I don't know what they'd be.

 

Also, if you want an alternative, newer how-to, take a look at the guides at:

 

https://nguvu.org/

Share this post


Link to post

 

Hi Guys,

I'm just going through this guide now but have a question about disabling the IPV6.

 

Is it neccessary to disable it?...

 

I don't use IPv6, but I'm pretty sure these types of guides disable it because of the difficulty of anonomyzing yourself with it.  If your system is up and running with IPv6, then give it a shot with keeping it active.  My guess is you'll have to perform steps equivalent to the IPv4 stuff on the IPv6 side, but I don't know what they'd be.

 

Also, if you want an alternative, newer how-to, take a look at the guides at:

 

https://nguvu.org/

 

Thanks for the info! It's appreciated! Looks like I've got an uphill battle to fight but what fun is it if it was straight forward

Share this post


Link to post

I followed the guide (using pfSense 2.4) but I cannot get any DNS resolution using 10.4.0.1. I can only get DNS resolving to work when I add an extra DNS server to general settings. I verified that the VPN was connected before running the DNS lookup tool (and checked on ipleak).

 

Following the advice on this thread I've got my DNS working. The only issue now is devices (chromecast etc.) where Google DNS is hardcoded. I thought that pfSense would capture and divert all DNS requests, though I'm still getting issues from Netflix for example. Any ideas how to fix this?

 

Previously I had simply blocked 8.8.8.8 and 8.8.4.4 on my router but I don't know how to do this with pfSense, any ideas? Thanks.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...