Jump to content
Not connected, Your IP: 3.233.220.21
pfSense_fan

ANSWERED How To Set Up pfSense 2.3 for AirVPN

Recommended Posts

Noob pfsense question.

Connecting from Ubuntu to a Watchguard Firebox flashed w/ 2.3 using minicom. I get the usual terminal table (see attached).

However, the tutorial seems to have a different GUI/interface.

https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

How to proceed?

 

Thanx

 

just connect with your web browser to the LAN IP address of the device running pfsense. e.g. 192.168.1.1

Share this post


Link to post

 

Noob pfsense question.

Connecting from Ubuntu to a Watchguard Firebox flashed w/ 2.3 using minicom. I get the usual terminal table (see attached).

However, the tutorial seems to have a different GUI/interface.

https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

How to proceed?

 

Thanx

 

just connect with your web browser to the LAN IP address of the device running pfsense. e.g. 192.168.1.1

Connecting w/ serial cable. Hence, minicom (or putty, SSH etc).

Not on LAN

Share this post


Link to post

 

 

Noob pfsense question.

Connecting from Ubuntu to a Watchguard Firebox flashed w/ 2.3 using minicom. I get the usual terminal table (see attached).

However, the tutorial seems to have a different GUI/interface.

https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

How to proceed?

 

Thanx

 

just connect with your web browser to the LAN IP address of the device running pfsense. e.g. 192.168.1.1

Connecting w/ serial cable. Hence, minicom (or putty, SSH etc).

Not on LAN

 

I don't know what to tell you.  The guide here uses the web GUI.

Share this post


Link to post

 

 

 

Noob pfsense question.

Connecting from Ubuntu to a Watchguard Firebox flashed w/ 2.3 using minicom. I get the usual terminal table (see attached).

However, the tutorial seems to have a different GUI/interface.

https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

How to proceed?

 

Thanx

 

just connect with your web browser to the LAN IP address of the device running pfsense. e.g. 192.168.1.1

Connecting w/ serial cable. Hence, minicom (or putty, SSH etc).

Not on LAN

 

I don't know what to tell you.  The guide here uses the web GUI.

Figured it out. In the terminal interface, you assign an IP range to a LAN port.

 

Now having the problem on OpenVPN of "An IPv4 protocol was selected, but the selected interface has no IPv4 address."

 

Google suggests it is a problem w/ OpenVPN on pfsense

Share this post


Link to post

Hey pfSense_fan, just wanted to say thank you a lot for writing this comprehensive tutorial! I (as a beginner) followed all your steps meticulously and it worked perfectly!

 

Just a question: When I want to switch the VPN server, should I only edit the OpenVPN client settings? 

 

 

Edit / Update (18.06.17):

 

So I just figured it out by myself It actually is soooo easy I didn't know that, I thought like every time you generate new OpenVPN configs for the new server you want to connect to you also get new key and certificate files with changed "content". But, everything stays the same, I compared the data inside the files with the one in pfSense, nothing changed. 

So the only thing you need to do is stop the OpenVPN client, change the IP of the VPN server and start the client again. Boom! Easy. Made my day <3

Share this post


Link to post

 





 

 

Setting Up pfSense 2.3 for AirVPN

 

Step 3: Setting up the OpenVPN Client

 

 





 

 

 



 

 

Step 3-A: Setting up the OpenVPN Client

 

 

##### CLIENT OPTIONS #####;
server-poll-timeout 10   ### When polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. ###;
explicit-exit-notify 5;

##### TUNNEL OPTIONS #####;
### Use Multple "remote" entries with the according entry IP address of your favorite servers       ###;
### other than the server entered in the "Server Host or Address" entry above and pfSense           ###;
### will automatically recconnect in a round robin fashion if the server you are connected to       ###;
### goes down or is having quality issues. Edit and uncomment the fake lines below or add your own. ###;
###remote XX.XX.XX.XX 443   ###AirVPN_US-Atlanta-Georgia_Kaus_UDP-443###;
###remote XXX.XX.XX.XXX 2018   ###AirVPN_US-Miami_Acamar_UDP-2018###;
###remote XXX.XX.XX.XXX 2018   ###AirVPN_US-Miami_Yildun_UDP-2018###;
###remote XX.XX.XX.XX 53   ###AirVPN_US-Miami_Cursa_UDP-53###;
###remote XXX.XX.XX.XX 443   ###AirVPN_CA-Dheneb_UDP-443###;
###remote XXX.XX.XXX.XXX 443  ###AirVPN_CA-Saiph_UDP-443###;
###rcvbuf 262144;
###sndbuf 262144;
mlock   ### Using this option ensures that key material and tunnel data are never written to disk due to virtual memory paging operations which occur under most modern operating systems. ###;
fast-io   ### Optimize TUN/TAP/UDP I/O writes by avoiding a call to poll/epoll/select prior to the write operation. ###;
###tun-mtu 1500;
###mssfix 1450;
###keepalive 5 15;

##### DATA CHANNEL ENCRYPTION OPTIONS #####;
key-direction 1;
keysize 256   ### Size of key from cipher ###;
prng SHA512 64  ### (Pseudo-random number generator) ALG = SHA1,SHA256,SHA384,SHA512 | NONCE = 16-64 ###;
### replay-window n [t]   ### Default = replay-window 64 15 ###;
### mute-replay-warnings;

##### TLS MODE OPTIONS #####;
tls-version-min 1.2   ### set the minimum TLS version we will accept from the peer ###;
key-method 2   ### client generates a random key ###;
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384   ### Use TLS-DHE-RSA-WITH-AES-256-CBC-SHA if GCM fails. ###;
tls-timeout 2   ### Default = 2 ###;
ns-cert-type server   ### Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". ###;
remote-cert-tls server   ###Require that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules. ###;
### reneg-sec 3600;
 

Is this the latest Version ? (taken from the Page 1 Post)

Share this post


Link to post

Is this the latest Version ? (taken from the Page 1 Post)

 

 

Im pretty sure the latest version is the last one posted in this thread. 

Share this post


Link to post

For the life of me, I can not get this to open a port for my OpenVPN server.  I am missing something; I can either get local access or the internet over the VPN, not both.  I am at a loss how to get this to work with the server part.  

Share this post


Link to post

How do I configure the WAN interface as PPPOE? I have followed the guide OK, when I try and change to WAN settings, it says that there is a DCHP serviver in place?

Share this post


Link to post

I have an APU2C4

I am playing around at the moment but need to see if this will work.

MODEM - APU2C4   WAN
                             LAN1 - SWITCH - Unifi AP (using public IP)
                             OPT1 - SWITCH (Configured to use AirVPN Provider IP

That way all wireless devices are via my ISP IP address and whatever is plugged into the OPT1 switch will be under the VPN providers IP

 

Is this possible using this guide?

Share this post


Link to post

I have an APU2C4

I am playing around at the moment but need to see if this will work.

(...)

Is this possible using this guide?

Yes, of course. This guide is working very well for firewall appliances like ALIX or APU. You shouldn't run into major problems by following this guide closely.

By the way, I think the APU is a nice choice since it's open source and runs coreboot firmware.

Share this post


Link to post

 

I have an APU2C4

I am playing around at the moment but need to see if this will work.

(...)

Is this possible using this guide?

Yes, of course. This guide is working very well for firewall appliances like ALIX or APU. You shouldn't run into major problems by following this guide closely.

By the way, I think the APU is a nice choice since it's open source and runs coreboot firmware.

 

Thank you for the reply.

 

I have my LAN working fine, when i setup VPN on OPT1 following this guide i get a aconnection to the VPN but when i plug a computer into the switch (OPT1) i get invalid IP configuration.

 

Is this guide ok to follow if you have LAN (using defefault gateway) and OPT1 as (Vpn gateway), if yes what needs to be changed to allow it to work?

Share this post


Link to post

I have got it all working OK but sometimes the LAN address 192.168.1.1 is not recognised on startup, when this happens I can't acesss the GUI or access the internet

 

I have pfsense running on a dedicated PC with a X7SPA-HF motherboard

 

When this happens I have to reboot the PC, and then it works OK?

 

Also at the moment I only have 1 VPN server set up, if I add a number of servers will pfsense try to connect to a radom one or in thje order that they are listed

 

I would like to use nl.vpn.airdns.org addreess but note in the instruction s that this can't be resolved and server IP addresses have to be used instead. So can I add all NL servers with pfsense randomly choosing between them?

Share this post


Link to post

I have got it all working OK but sometimes the LAN address 192.168.1.1 is not recognised on startup, when this happens I can't acesss the GUI or access the internet

 

I have pfsense running on a dedicated PC with a X7SPA-HF motherboard

 

When this happens I have to reboot the PC, and then it works OK?

 

Also at the moment I only have 1 VPN server set up, if I add a number of servers will pfsense try to connect to a radom one or in thje order that they are listed

 

I would like to use nl.vpn.airdns.org addreess but note in the instruction s that this can't be resolved and server IP addresses have to be used instead. So can I add all NL servers with pfsense randomly choosing between them?

 

You can add many VPN client setup and it will connect to all that are enabled.  That is not the way to get a random server.

 

Getting a random server isn't the same as using nl.vpn.airdns.org.  That address gets you the least busy NL server at the time.

Share this post


Link to post

I have now found the IP address for nl.vpn.airdns.org and understand the pfsense will select one of the NL servers in connection.

 

My main issue is as per my orignal post, sometimes on starting pfsense my LAN port is not being recognised at 19.168.1.1 and then have no internet access?

Share this post


Link to post

I have now found the IP address for nl.vpn.airdns.org and understand the pfsense will select one of the NL servers in connection.

 

My main issue is as per my orignal post, sometimes on starting pfsense my LAN port is not being recognised at 19.168.1.1 and then have no internet access?

 

 

I don't know about your other problem.

 

nl.vpn.airdns.org resolves to one of the NL servers, the "best" at the time.  So, you wouldn't want to keep using that IP because it'll always point to the same server.  You need to research how to do "remote random" within pfsense.

Share this post


Link to post

I've been using this method to successfully filter my whole connection.

 

Is there an easy way to amend the setup so that only certain IP addresses go through the VPN and other IPs just go the normal WAN?

 

Thanks in advance

Share this post


Link to post

I've been using this method to successfully filter my whole connection.

 

Is there an easy way to amend the setup so that only certain IP addresses go through the VPN and other IPs just go the normal WAN?

 

Thanks in advance

 

 

Of course. This, policy routing, has been discussed plenty in this forum and in this thread in particular.  Just read the previous several pages of this thread.

Share this post


Link to post

 

I've been using this method to successfully filter my whole connection.

 

Is there an easy way to amend the setup so that only certain IP addresses go through the VPN and other IPs just go the normal WAN?

 

Thanks in advance

 

 

Of course. This, policy routing, has been discussed plenty in this forum and in this thread in particular.  Just read the previous several pages of this thread.

Thanks - to save others time, check out post 71

Share this post


Link to post

 

 

I've been using this method to successfully filter my whole connection.

 

Is there an easy way to amend the setup so that only certain IP addresses go through the VPN and other IPs just go the normal WAN?

 

Thanks in advance

 

 

Of course. This, policy routing, has been discussed plenty in this forum and in this thread in particular.  Just read the previous several pages of this thread.

Thanks - to save others time, check out post 71

Sorry, it wasn't as easy as I'd hoped.  I went to interfaces but I couldn't see how to create another LAN interface - is this because I've only got 2 NICs?  Is there a way to route non-VPN traffic with only 2 NICs?

 

Thanks

Share this post


Link to post

 

 

 

I've been using this method to successfully filter my whole connection.

 

Is there an easy way to amend the setup so that only certain IP addresses go through the VPN and other IPs just go the normal WAN?

 

Thanks in advance

 

 

Of course. This, policy routing, has been discussed plenty in this forum and in this thread in particular.  Just read the previous several pages of this thread.

Thanks - to save others time, check out post 71

Sorry, it wasn't as easy as I'd hoped.  I went to interfaces but I couldn't see how to create another LAN interface - is this because I've only got 2 NICs?  Is there a way to route non-VPN traffic with only 2 NICs?

 

Thanks

 

 

No, you don't create another interface.  See this post. https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?p=61027

Share this post


Link to post

 

 

Sorry, it wasn't as easy as I'd hoped.  I went to interfaces but I couldn't see how to create another LAN interface - is this because I've only got 2 NICs?  Is there a way to route non-VPN traffic with only 2 NICs?

 

Thanks - to save others time, check out post 71

 

Thanks

 

No, you don't create another interface.  See this post. https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?p=61027

I was just about to post how I'd managed to work it out myself..I did something similar:

 

1. created an alias with the IP addresses I wanted to bypass the VPN

2. created outbound rules so those IPs could use the WAN (put at the bottom of the list)

3. created a firewall rule on AIRVPN_LAN where for my alias to use the WAN gateway (under advanced) not the AIRVPN_WAN gateway

 

Ideally for 3 I would have preferred to use floating rules so I can traffic shape, but I couldn't get it to work with floating rules.  One for the future

Share this post


Link to post

 

 

 

Sorry, it wasn't as easy as I'd hoped.  I went to interfaces but I couldn't see how to create another LAN interface - is this because I've only got 2 NICs?  Is there a way to route non-VPN traffic with only 2 NICs?

 

Thanks - to save others time, check out post 71

 

Thanks

 

No, you don't create another interface.  See this post. https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?p=61027

I was just about to post how I'd managed to work it out myself..I did something similar:

 

1. created an alias with the IP addresses I wanted to bypass the VPN

2. created outbound rules so those IPs could use the WAN (put at the bottom of the list)

3. created a firewall rule on AIRVPN_LAN where for my alias to use the WAN gateway (under advanced) not the AIRVPN_WAN gateway

 

Ideally for 3 I would have preferred to use floating rules so I can traffic shape, but I couldn't get it to work with floating rules.  One for the future

 

 

Yep, Alias is the way to do it.  Glad you figured it out.  It's good for understanding how it all works.

Share this post


Link to post

 

 

I was just about to post how I'd managed to work it out myself..I did something similar:

 

 

Sorry, it wasn't as easy as I'd hoped.  I went to interfaces but I couldn't see how to create another LAN interface - is this because I've only got 2 NICs?  Is there a way to route non-VPN traffic with only 2 NICs?

 

Thanks - to save others time, check out post 71

 

Thanks

 

No, you don't create another interface.  See this post. https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?p=61027

 

1. created an alias with the IP addresses I wanted to bypass the VPN

2. created outbound rules so those IPs could use the WAN (put at the bottom of the list)

3. created a firewall rule on AIRVPN_LAN where for my alias to use the WAN gateway (under advanced) not the AIRVPN_WAN gateway

 

Ideally for 3 I would have preferred to use floating rules so I can traffic shape, but I couldn't get it to work with floating rules.  One for the future

 

Yep, Alias is the way to do it.  Glad you figured it out.  It's good for understanding how it all works.

where I'm stumped with though, is how to change my firewall rules to allow access to local services.  Here's an example of the problem I'm having:

 

I have plex running at 172.30.12.30 on port 32400.  I put this IP on the VPN passthrough to solve problems with remote access and all is good with remote access using the method above and a simple port forward.

 

However, when I want an internal service e.g. sonarr running on 172.30.12.2 (i.e. over the VPN) to connect to Plex it can't via 172.30.12.30:32400 but it can via the external address 31.54.xx.xx:32400.

 

Anyone help?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...