Jump to content
Not connected, Your IP: 18.226.170.68
pfSense_fan

How To Set Up pfSense 2.3 for AirVPN

Recommended Posts

 

 

attachicon.gifdownload (1).png

you're still only looking at NAT outbound.

 

I told you I'm concerned about your firewall>rules>LAN      (NOT firewall>NAT>outbound.)

 

I've double-checked and I think they are right

OK.  My setup is different from the guide so I'm not familiar with what rules are suggested.

 

The rule allowing destination "private networks" and "LAN service ports" is what is allowing access to the modem already.

Appreciate you checking.

Share this post


Link to post

ok, I've run into a problem.  I've re-done the instructions a few times so it's not a keying error as I get the same result everytime, and after reading the posts in this thread other people seem to be having the same problem but I couldn't find an agreed upon solution.

 

My setup is identical to the guide except my LAN is 172.30.12.x because my firewall 192.168.1.1 is connected to my ISP router/modem 192.168.1.354 where I can't turn off DHCP.

The problem I'm having is after a while websites stop loading.  I've just changed the DNS from 10.4.0.1 to 8.8.8.8 / 8.8.4.4 and everything started working again.  

 

Is it ok for me to use Google's DNS with this setup, or should I use for example 209.222.18.222 / 209.222.18.218 from my old provider PIA?.

 

Or, is there an agreed upon fix for my DNS woes?

Share this post


Link to post

I solved my dns problem by disabling DNSSEC.

 

New problem ;-)  Whenever I use Deluge after a few mins it kills my whole WAN with all bandwidth seeming to go, even when the DL speed is nowhere near my max e.g. 10%.  Does anyone else have problems with torrents e.g. is the number of connections a problem for AirVPN?

Share this post


Link to post

I solved my dns problem by disabling DNSSEC.

 

New problem ;-)  Whenever I use Deluge after a few mins it kills my whole WAN with all bandwidth seeming to go, even when the DL speed is nowhere near my max e.g. 10%.  Does anyone else have problems with torrents e.g. is the number of connections a problem for AirVPN?

 

I had very similar problem, have you set up a custom port number in your AirVpn control panel for your torrent client, I had to do this once it was all set my client worked with no problems.

Share this post


Link to post

try increasing MBUF's - with lots of torrent connections you might be running out. 

 

Thanks - keeping an eye on my MBUF usage now, but I don't think this is the problem as it's at 1% after 30 mins

 

 

I solved my dns problem by disabling DNSSEC.

 

New problem ;-)  Whenever I use Deluge after a few mins it kills my whole WAN with all bandwidth seeming to go, even when the DL speed is nowhere near my max e.g. 10%.  Does anyone else have problems with torrents e.g. is the number of connections a problem for AirVPN?

 

I had very similar problem, have you set up a custom port number in your AirVpn control panel for your torrent client, I had to do this once it was all set my client worked with no problems.

I tried this by creating a port in client area and setting the incoming port to this in deluge.  When I click Check in AirVPN it doesn't go green, although I can see in pfsense that Deluge is using the port.  Not sure why

 

Should I put the AirVPN port for incoming and outgoing?

Share this post


Link to post

 

try increasing MBUF's - with lots of torrent connections you might be running out. 

Thanks - keeping an eye on my MBUF usage now, but I don't think this is the problem as it's at 1% after 30 mins

 

 

I solved my dns problem by disabling DNSSEC.

 

New problem ;-)  Whenever I use Deluge after a few mins it kills my whole WAN with all bandwidth seeming to go, even when the DL speed is nowhere near my max e.g. 10%.  Does anyone else have problems with torrents e.g. is the number of connections a problem for AirVPN?

 

I had very similar problem, have you set up a custom port number in your AirVpn control panel for your torrent client, I had to do this once it was all set my client worked with no problems.

I tried this by creating a port in client area and setting the incoming port to this in deluge.  When I click Check in AirVPN it doesn't go green, although I can see in pfsense that Deluge is using the port.  Not sure why

 

Should I put the AirVPN port for incoming and outgoing?

 

It can take a while to sync your new port, i remember i was able to download but my symbol did not go green until the next day, I am using Utorrent as my client and it has field for incoming port, so not sure if you can use outgoing too, but sure give both a try and see what happens.

Share this post


Link to post

sorry for the flurry of posts, but my IP is leaking on some sites.

 

I was doing speedtests to try and fix my torrents problem and I noticed on beta.speedtest.net my real IP address was showing.  This set off alarm bells so I tried some other sites.

 

dnsleaktest.com, doileak.com and whatismyip.com which are the ones  I was using were fine and showing my AirVPN IP as usual, but I tried some others and ipleak.com and ip-check.info both showed my real IP address.

 

Can other people check ipleak.com and ip-check.info to see if I have a problem please?  I've gone back into pfsense and re-enabled DNSSEC and it's screwing up site access as before, but my IP was still leaking.

Share this post


Link to post

sorry for the flurry of posts, but my IP is leaking on some sites.

 

I was doing speedtests to try and fix my torrents problem and I noticed on beta.speedtest.net my real IP address was showing.  This set off alarm bells so I tried some other sites.

 

dnsleaktest.com, doileak.com and whatismyip.com which are the ones  I was using were fine and showing my AirVPN IP as usual, but I tried some others and ipleak.com and ip-check.info both showed my real IP address.

 

Can other people check ipleak.com and ip-check.info to see if I have a problem please?  I've gone back into pfsense and re-enabled DNSSEC and it's screwing up site access as before, but my IP was still leaking.

 

are you running squid proxy?

Share this post


Link to post

 

sorry for the flurry of posts, but my IP is leaking on some sites.

 

I was doing speedtests to try and fix my torrents problem and I noticed on beta.speedtest.net my real IP address was showing.  This set off alarm bells so I tried some other sites.

 

dnsleaktest.com, doileak.com and whatismyip.com which are the ones  I was using were fine and showing my AirVPN IP as usual, but I tried some others and ipleak.com and ip-check.info both showed my real IP address.

 

Can other people check ipleak.com and ip-check.info to see if I have a problem please?  I've gone back into pfsense and re-enabled DNSSEC and it's screwing up site access as before, but my IP was still leaking.

 

are you running squid proxy?

 

Yes - turned on this morning.  Searched this thread and realised that's the problem - went away as soon as I turned it off.  Is there a way to use squid or should I leave it off?

 

 

 

 

 

Hi,

 

great guide: I followed it with my opnsense (pfsense's fork) box and all works very well.

 

I would like also to use a forward proxy (squid) on my opnsense box and force it to use vpn connections but until now I dont'be able to get (squid uses always default gateway).

 

I would like to know if you have any suggestions on this argument.

 

Thanks in advance

I had the issue with squid, it would always leak no matter what i tried on the same instance, i got around the problem by installing win server 2012 on the machine, then creating 2 X Hyper-V machines one for the VPN using this tutorial and the 2nd handles the DHCP and squid, the author himself said on the old thread of this tutorial that getting both VPN and squid to work together does not work.

Thanks for your reply Mufasa,

 

I adopted a similar solution (I used a linux virtual machine with squid proxy) but it seems very strange not being able to run squid proxy on pfsense/opnsense on the same machine: I tried with some firewall rules (both on LAN side and floating rule side) without success.

 

I will try again (I do not give up).

 

It will not work and cannot work unless you manual program static routes. The proxy is coded to exit the WAN/default gateway and there is no setting to policy route it to the VPN. Setting this up is something that is well outside the scope of what this tutorial is intended for, and something that quite literally probably no one at this forum can assist with. If you truly want squid to work, ask questions over at the pfSense forums. This guide is meant to be entry level for beginners. Setting up Squid is very involved. Even if you get it to "work", it may leak. I personally gave up on it.

 

If you were to ask me, I would tell you to look into pfblockerNG instead. I have it running and blocking roughly 600,000 known ad servers, malware servers and other junk on both a DNS and IP level. The lists auto update and reload on a schedule. But then again, I don't know what your use case is. For what it's worth, pfblockerNG is easier to use, set up and more reliable in my experience.

 

EDIT: Then I noticed you are on opnsense. Consider moving back over to pfSense for pfblockerNG... it really is the game changer.

Share this post


Link to post

Thank you for the very detailed guide!  Unfortunately I'm on OPNsense and even after going through all the steps twice (obviously things didn't quite match up between the two) at the end of the process my internet died and would not come back (got an ERR DNS type error).  played around with it a bit to see if I can get it going but at the end I just had to revert back to just before I started making the changes. I'm not exactly sure how pfblockerNG compares to Pi-Hole.

Share this post


Link to post

 

 

 

try increasing MBUF's - with lots of torrent connections you might be running out. 

Thanks - keeping an eye on my MBUF usage now, but I don't think this is the problem as it's at 1% after 30 mins

 

I tried this by creating a port in client area and setting the incoming port to this in deluge.  When I click Check in AirVPN it doesn't go green, although I can see in pfsense that Deluge is using the port.  Not sure why

 

 

I solved my dns problem by disabling DNSSEC.

 

New problem ;-)  Whenever I use Deluge after a few mins it kills my whole WAN with all bandwidth seeming to go, even when the DL speed is nowhere near my max e.g. 10%.  Does anyone else have problems with torrents e.g. is the number of connections a problem for AirVPN?

I had very similar problem, have you set up a custom port number in your AirVpn control panel for your torrent client, I had to do this once it was all set my client worked with no problems.

 

Should I put the AirVPN port for incoming and outgoing?

It can take a while to sync your new port, i remember i was able to download but my symbol did not go green until the next day, I am using Utorrent as my client and it has field for incoming port, so not sure if you can use outgoing too, but sure give both a try and see what happens.

If anyone is having similar problems, I seem to have managed to solve my Deluge problems by using the following settings for encryption:

 

 - Inbound: Enabled

- Outbound: Enabled

- Level: Either

- Encrypt Entire Stream: No

 

Whenever I ticked 'encrypt full stream' which apparently forces Level to 'Full Stream', problems started within minutes.  I've been running the settings above for a few hours with no problems.

 

Weird, but it works - either I've been really lucky and 'Either' is resulting in me getting only torrents with Handshake so far, or 'Encrypt Entire Stream' does more than tell Deluge to prefer 'Full Stream'.  

 

I think somewhere in there AiRVPN doesn't like carrying other encrypted streams.

Share this post


Link to post

I'm reading through this guide and trying to set things up in bits and pieces.  I need to minimize the disruption to my network while doing this (else the wife will indicate her displeasure).  I've finished Step 3 (Setting up the OpenVPN Client), though I've left that client disabled.  Is there a "little bit pregnant" point in these instructions (i.e., an all or nothing  point where I can't quit for a bit)?  For instance, I just left the Client disabled because I wasn't sure what would happen with it enabled but no rules set.  Are there segments of the remaining instructions that have to be done together?

 

Also, I've got a couple of questions on the Client instructions.  First, in 3-A 3.) Hardware Crypto, it talks about selecting the right method our processor supports (mine's an Intel Atom C2558 in an SG-4860).  But, according to:

 

https://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported#OpenVPN

 

 


OpenVPN

To take advantage of acceleration in OpenVPN, choose a supported cipher such as aes-128-cbc on each end of a given tunnel, then select BSD Cryptodev Engine for Hardware Crypto.

Similarly, if the system employs the VIA Padlock engine, choose an appropriate cipher and select VIA Padlock for Hardware Crypto.

Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine.

So, from what I can see in that last sentence, since these instructions are for OpenVPN (EDIT:  and the C2558 supports AES-NI CPU-based Acceleration (which is on in System/Advanced/Miscellaneous) /EDIT), Hardware Crypto should always be set to None (EDIT:  at least for my system /EDIT).  Is that correct?

 

Second, just below that in the instructions, it says:

 

Compression = [Disabled - No Compression ▼ ]

 

Is there a reason for that?  Why not compress?

 

And, finally, is it possible to try different encryption methods or levels?  For instance, AES-128-CBC instead of 256?  Or, GCM vs CBC?  Or is AES-256-CBC all AirVPN supports?

 

EDIT:  Also, in section 7-A:  System / General Setup, it says we need to use AirVPN's DNS Server (10.4.0.1).  Is there some reason for that?  Is it a security/privacy thing or is it something to do with the VPN tunnel?  Can other DNS Servers be included there?

Share this post


Link to post

I'm reading through this guide and trying to set things up in bits and pieces.  I need to minimize the disruption to my network while doing this (else the wife will indicate her displeasure).  I've finished Step 3 (Setting up the OpenVPN Client), though I've left that client disabled.  Is there a "little bit pregnant" point in these instructions (i.e., an all or nothing  point where I can't quit for a bit)?  For instance, I just left the Client disabled because I wasn't sure what would happen with it enabled but no rules set.  Are there segments of the remaining instructions that have to be done together?

 

Also, I've got a couple of questions on the Client instructions.  First, in 3-A 3.) Hardware Crypto, it talks about selecting the right method our processor supports (mine's an Intel Atom C2558 in an SG-4860).  But, according to:

 

https://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported#OpenVPN

 

OpenVPN

To take advantage of acceleration in OpenVPN, choose a supported cipher such as aes-128-cbc on each end of a given tunnel, then select BSD Cryptodev Engine for Hardware Crypto.

Similarly, if the system employs the VIA Padlock engine, choose an appropriate cipher and select VIA Padlock for Hardware Crypto.

Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine.

 

So, from what I can see in that last sentence, since these instructions are for OpenVPN, Hardware Crypto should always be set to None.  Is that correct?

 

Second, just below that in the instructions, it says:

 

Compression = [Disabled - No Compression ▼ ]

 

Is there a reason for that?  Why not compress?

 

And, finally, is it possible to try different encryption methods or levels?  For instance, AES-128-CBC instead of 256?  Or, GCM vs CBC?  Or is AES-256-CBC all AirVPN supports?

 

EDIT:  Also, in section 7-A:  System / General Setup, it says we need to use AirVPN's DNS Server (10.4.0.1).  Is there some reason for that?  Is it a security/privacy thing or is it something to do with the VPN tunnel?  Can other DNS Servers be included there?

 

when you start creating NAT rules and firewall rules for the LAN to force everything out the VPN tunnel you'll have to disable those rules or they will disrupt your wife's usage.   That is until you've got it all ready and the VPN tunnel is up.

 

I have an AMD processor that has AES-NI.  If the main pfsense settings (advanced>miscellaneous>cryptographic hardware) are set to use AES-NI then openssl AES is greatly accelerated.  There's no need to select BSD cryptodev in the openvpn client.  In fact, I read some places that say selecting that option in the openvpn client actually makes things slower.  So, it looks like the info you've found is "correct".

 

https://airvpn.org/topic/18322-how-to-quicly-test-theoretical-openvpn-throughput/?hl=%2Bopenvpn+%2Btheoretical+%2Bspeed

 

use the test method from that thread to see what your theoretical max openvpn speed is.

 

AirVPN doesn't support compression.

 

pfsense right now doesn't have openvpn 2.4.  So, currently only AES-256-CBC is supported in conjunction with Air.  I assume that when pfsense updates with openvpn 2.4 then we will be able to use AES-256-GCM with Air servers that have openvpn 2.4.  (for me GCM is much faster)

 

Using Air DNS ensures that all DNS requests go through the tunnel and it's the most private.  But, it's not required for the VPN to work.

Share this post


Link to post

Hi

 

 

Having just built up a ITX based box for pfsense I have managed to install it and get it up and running fine with my PPPoE connection through my modem. Using a dual i340T Intel LAN card all seems fine.

Then I tried to follow the guide....

 

I followed sections 1 to 4 and rebooted the router. But at that point there is no longer a working Internet connection. Prior to rebooting I check the status of the OpenVPN client....

 

 

pf_Sense.localdomain_Status_Open_VPN.png

 

and that is confirmed by AirVPN....

 

Air_Connection.png

 

for it to give me a working connection my Firewall outbound NAT rules have to be.....

 

pf_Sense.localdomain_Firewall_NAT_Outbou

 

 

without that bottom rule my connection will no longer connect and with all those rules in place and in that noted order my real IP is still showing.

 

Whilst I appreciate that there are still stages to go in the instructions, excuse my lack of understanding, but shouldn't I be at the stage (completed up to and including stage 4) where I have a working connection through the VPN service...?

 

As noted I do need a PPPoE connection to connect my pfsense box to my FTTC modem. I am also not sure why that third rule is shown in the outbound section of the NAT rules...?

 

Any help please...?

 

 

Share this post


Link to post

Hi

 

 

Having just built up a ITX based box for pfsense I have managed to install it and get it up and running fine with my PPPoE connection through my modem. Using a dual i340T Intel LAN card all seems fine.

Then I tried to follow the guide....

 

I followed sections 1 to 4 and rebooted the router. But at that point there is no longer a working Internet connection. Prior to rebooting I check the status of the OpenVPN client....

 

 

pf_Sense.localdomain_Status_Open_VPN.png

 

and that is confirmed by AirVPN....

 

Air_Connection.png

 

for it to give me a working connection my Firewall outbound NAT rules have to be.....

 

pf_Sense.localdomain_Firewall_NAT_Outbou

 

 

without that bottom rule my connection will no longer connect and with all those rules in place and in that noted order my real IP is still showing.

 

Whilst I appreciate that there are still stages to go in the instructions, excuse my lack of understanding, but shouldn't I be at the stage (completed up to and including stage 4) where I have a working connection through the VPN service...?

 

As noted I do need a PPPoE connection to connect my pfsense box to my FTTC modem. I am also not sure why that third rule is shown in the outbound section of the NAT rules...?

 

Any help please...?

 

you don't have a NAT rule for your LAN to go out via the AirVPN interface. 

Share this post


Link to post

pf_Sense.localdomain_Firewall_NAT_Outbou

 

 

 

you don't have a NAT rule for your LAN to go out via the AirVPN interface. 

 

I'm running through this process, stopped in the same place Vimes did (end of Step 4) and ended up with the exact same problem.  From your response, it looks like once we finish step 4, we have to go all the way through "Step 6: Setting up an AirVPN Routed Interface" before the router will be functional (EDIT:  Sorry, that's what you said to me in your earlier post -- I didn't think about it properly).

 

I restored my backup from just before I did step 4 and am up and running now.  But, the wife's now on the network.  I'll post back when I can get a chance to get through step 6.  Thanks.

Share this post


Link to post

 

 

 

pf_Sense.localdomain_Firewall_NAT_Outbou

 

 

 

you don't have a NAT rule for your LAN to go out via the AirVPN interface. 

I'm running through this process, stopped in the same place Vimes did (end of Step 4) and ended up with the exact same problem.  From your response, it looks like once we finish step 4, we have to go all the way through "Step 6: Setting up an AirVPN Routed Interface" before the router will be functional (EDIT:  Sorry, that's what you said to me in your earlier post -- I didn't think about it properly).

 

I restored my backup from just before I did step 4 and am up and running now.  But, the wife's now on the network.  I'll post back when I can get a chance to get through step 6.  Thanks.

 

On post 43 of this very thread it is noted.....

 

 

The short answer is this: I updated the steps for a reason.

 

Conversely, nothing in this entire guide is "required" except steps 2/3/4. AirVPN will be fully functional on pfSense with those three steps alone.

 

so with that in mind I reckoned that I should be seeing a working connection at the very end of stage 4.

 

I rebooted the pfsense box and yet it remains with a non working connection and yet the AirVPN service is reported at being UP and yet the outbound NAT rules have to include that third setting 192.168.1.0/24 for my none VPN routed connection to work. Without it being enabled and then rebooting the router nothing then works.

 

I did continue very carefully all the way through to the end of the guide doing each stage but then I just ended up with the VPN link showing down and nothing at all working.

 

I ended up doing a factory reset and now I'm back to stage 4, working but only with that third setting in the NAT rules and my own IP still showing.

 

I appreciate that this is due to my little understanding of how to configure this but if I am supposed to be able to have a running connection to AirVPN (which is showing UP) at the end of stage 4 could anyone help on how that is to be done...?

 

I am unsure of how to amend or create an outbound NAT rule with my connection to enable that.

 

I do not know if having a PPPoE connection is influencing this...?

Share this post


Link to post

Vimes,

 

After losing internet connection following Step 4, I went through Step 6.  At the end of that (well, just before the last step or two), I was back on the internet.  Everything appears to be going through the VPN and looking OK.  I'm not smart enough to really help, but besides your PPPoE, the one thing I saw that differed from my setup was that you deleted the two ISAKMP IPSEC rules in section "4-C:  Setting the Local Host Outbound NAT to Include AirVPN-WAN", step 4.).  I left those untouched in mine (I had no idea whether I needed them or not).

Share this post


Link to post

Vimes,

 

After losing internet connection following Step 4, I went through Step 6.  At the end of that (well, just before the last step or two), I was back on the internet.  Everything appears to be going through the VPN and looking OK.  I'm not smart enough to really help, but besides your PPPoE, the one thing I saw that differed from my setup was that you deleted the two ISAKMP IPSEC rules in section "4-C:  Setting the Local Host Outbound NAT to Include AirVPN-WAN", step 4.).  I left those untouched in mine (I had no idea whether I needed them or not).

 

 

Thanks for your reply.

 

I did note this from 4C....

 

The two rules that use "STATIC PORT: ✔" and with "ISAKMP" in their respective descriptions are the default rules for IPSEC passthrough. If you do not use IPSEC, those two rules can safely be deleted by clicking the trash/rubbish button to the right of that rule. Most people will not need these rules since we are using OpenVPN, so going forward in this guide further instructions will have those rules omitted as if they were deleted. If you do need them you can keep them, it will not hurt the setup.

 

 

I had tried with them deleted but prior to that had them not deleted.

 

xxxx.png

 

Great that you seem to have your connection up and going now. I have just got a little despondent as I would draw comfort if I could get my connection running from the completion of point 4 from what was written to state that it should.

 

I have gone through to the end but alas I still had nothing working.

 

Thanks for your help. 

Share this post


Link to post

xxxx.png

 

Is that your latest version of the mappings or the earlier one?  Here's mine:

 

Mappings
Interface	Source	Source Port	Destination	Destination Port	NAT Address	NAT Port	Static Port	Description	Actions
		AIRVPN_WAN	192.168.1.0/24	*	*	*	AIRVPN_WAN address	*		AirVPN_LAN to AirVPN_WAN	 
		AIRVPN_WAN	127.0.0.0/8	*	*	*	AIRVPN_WAN address	*		localhost to AirVPN_WAN	 
		WAN	127.0.0.0/8	*	*	500	WAN address	*		Auto created rule for ISAKMP - localhost to WAN	 
		WAN	127.0.0.0/8	*	*	*	WAN address	*		Auto created rule - localhost to WAN	 
		WAN	192.168.1.0/24	*	*	500	WAN address	*		Auto created rule for ISAKMP - LAN to WAN	 

Share this post


Link to post

My latest mapping....

 

vvv.png

 

I did complete the entire process and this time it works......!!!!!!

 

So for me getting to the end of point 4 does not give me a working connection BUT going somewhere to the end will allow it to start to work.

 

But and this is a biggy for me both of my Usenet clients can no longer connect to my provider. They both use either port 119 or 563 and I'm not sure how to allow for that within the Firewall...? 

Share this post


Link to post

The only problem I'm having is that I can no longer access the status page for my SB8200 cable modem (192.168.100.1).  It's off of the pfSense's WAN port (of course), so I'm assuming it's one of the firewall rules blocking it.  I assumed it was the Reject Local one:

 

IPv4 *	AIRVPN_LAN net	*	PRIVATE NETWORKS	*	*	none	 	REJECT LOCAL	   

But, when I disable it, I still can't get there.  Any ideas?

 

EDIT:  Looking that rule over, isn't it blocking everything coming from the LAN side of things going to private addresses?  Shouldn't it be blocking everything from private address arriving on the WAN port?

 

-----------------------------------------------------------------------------------------------------------------------
Edit Firewall Rule
-----------------------------------------------------------------------------------------------------------------------
Action = [ Reject ▼]
-----------------------------------------------------------------------------------------------------------------------
Disabled = [_] (UNCHECKED)
-----------------------------------------------------------------------------------------------------------------------
Interface = [ AirVPN_LAN ▼]
-----------------------------------------------------------------------------------------------------------------------
Address Family = [ IPv4 ▼]
-----------------------------------------------------------------------------------------------------------------------
Protocol = [ any ▼]
-----------------------------------------------------------------------------------------------------------------------


-----------------------------------------------------------------------------------------------------------------------
Source
-----------------------------------------------------------------------------------------------------------------------
Source = [_] Invert match. [ AirVPN_LAN net ▼] [ ]/[--- ▼]
-----------------------------------------------------------------------------------------------------------------------


-----------------------------------------------------------------------------------------------------------------------
Destination
-----------------------------------------------------------------------------------------------------------------------
Destination = [_] Invert match. [ Single host or alias ▼] [ PRIVATE_NETWORKS ]/[--- ▼]
-----------------------------------------------------------------------------------------------------------------------


-----------------------------------------------------------------------------------------------------------------------
Extra Options
-----------------------------------------------------------------------------------------------------------------------
Log = [✔] (CHECKED)
-----------------------------------------------------------------------------------------------------------------------
Description = [ REJECT LOCAL ]
-----------------------------------------------------------------------------------------------------------------------
Advanced Options = [☼ Display Advanced ]
-----------------------------------------------------------------------------------------------------------------------

Share this post


Link to post

But and this is a biggy for me both of my Usenet clients can no longer connect to my provider. They both use either port 119 or 563 and I'm not sure how to allow for that within the Firewall...? 

 

I'd take a guess that you should edit the WAN Service Ports list at Firewall / Aliases / Ports.

Share this post


Link to post

My Modem can still be reached on 192.168.1.2 But that might be because I have it also connected to a switch which happens to be in the same location as the modem. My modem has a WAN (for the router) and a LAN (for a switch) connections.

 

Thankfully that still works due to that for me Doesn't yours offer the same...?

 

Thanks for the idea about the port settings, for some reasons port 443 must be open as I can connect with that.

 

I expected more information within the firewall logs to see ports being denied and the option to allow.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...