Jump to content
Not connected, Your IP: 54.198.139.112
pfSense_fan

How To Set Up pfSense 2.3 for AirVPN

Recommended Posts

Will this guide allow me to have a normal lan and a lan dedicated to my VPN, or will all traffic be routed through the VPN connection?

Share this post


Link to post

Well. I followed this guide.

 

And all I got was this:

 

 

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 27 03:18:01 openvpn 68284 MANAGEMENT: CMD 'state 1'
Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client disconnected
Oct 27 03:18:21 openvpn 68284 SIGTERM[hard,init_instance] received, process exiting
Oct 27 03:18:22 openvpn 45695 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Oct 27 03:18:22 openvpn 45695 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Oct 27 03:18:22 openvpn 45695 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 27 03:18:22 openvpn 45966 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Oct 27 03:18:22 openvpn 45966 mlockall call succeeded
Oct 27 03:18:22 openvpn 45966 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 27 03:18:22 openvpn 45966 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication
Oct 27 03:18:22 openvpn 45966 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication
Oct 27 03:18:22 openvpn 45966 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.31:443
Oct 27 03:18:22 openvpn 45966 Socket Buffers: R=[42080->524288] S=[57344->524288]
Oct 27 03:18:22 openvpn 45966 UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Oct 27 03:18:22 openvpn 45966 UDPv4 link remote: [AF_INET]199.249.230.31:443
Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 27 03:18:27 openvpn 45966 MANAGEMENT: CMD 'state 1'
Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client disconnected

 

 

Can anyone help me?

Share this post


Link to post

Well. I followed this guide.

 

And all I got was this:

 

 

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 27 03:18:01 openvpn 68284 MANAGEMENT: CMD 'state 1'
Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client disconnected
Oct 27 03:18:21 openvpn 68284 SIGTERM[hard,init_instance] received, process exiting
Oct 27 03:18:22 openvpn 45695 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Oct 27 03:18:22 openvpn 45695 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Oct 27 03:18:22 openvpn 45695 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 27 03:18:22 openvpn 45966 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Oct 27 03:18:22 openvpn 45966 mlockall call succeeded
Oct 27 03:18:22 openvpn 45966 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 27 03:18:22 openvpn 45966 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication
Oct 27 03:18:22 openvpn 45966 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication
Oct 27 03:18:22 openvpn 45966 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.31:443
Oct 27 03:18:22 openvpn 45966 Socket Buffers: R=[42080->524288] S=[57344->524288]
Oct 27 03:18:22 openvpn 45966 UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Oct 27 03:18:22 openvpn 45966 UDPv4 link remote: [AF_INET]199.249.230.31:443
Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 27 03:18:27 openvpn 45966 MANAGEMENT: CMD 'state 1'
Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client disconnected

 

 

Can anyone help me?

 

 

Hash algorithm is SHA1 (not SHA) for tls-auth configs.

Share this post


Link to post

Hey pfSense_fan, just wanted to say thank you a lot for writing this comprehensive tutorial! I (as a beginner) followed all your steps meticulously and it worked perfectly!

 

Just a question: When I want to switch the VPN server, should I only edit the OpenVPN client settings? 

 

 

Edit / Update (18.06.17):

 

So I just figured it out by myself It actually is soooo easy I didn't know that, I thought like every time you generate new OpenVPN configs for the new server you want to connect to you also get new key and certificate files with changed "content". But, everything stays the same, I compared the data inside the files with the one in pfSense, nothing changed. 

So the only thing you need to do is stop the OpenVPN client, change the IP of the VPN server and start the client again. Boom! Easy. Made my day <3

Dude I have been pouring over this forum like mad trying to figure out a way to easily switch between servers with the pfSense... and then I read your post Simpty. "Nah, it can't be that easy can it?" I thought. Holy crap thank you!!

 

Oh and the bro who came up with this guide, you da man!

Share this post


Link to post

I am a noob about this matter.

 

As I have followed this tutorial, as I did the ones from PIA, ExpressVPN, NordVPN.

 

But I am not able to UP AirVPN using Pfsense on my AP2C2 

 

I did thrice. Always ending with a network without internet.

 

To be clear. I followed until the step 6  That should be enough.

 

I am using the latest Pfsense firmware 2.4.4

 

This is OpenVPN log

 

Nov 5 19:29:35	openvpn	36189	ifconfig_pool_start = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_end = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_filename = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_refresh_freq = 600
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_base = ::
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_netbits = 0
Nov 5 19:29:35	openvpn	36189	n_bcast_buf = 256
Nov 5 19:29:35	openvpn	36189	tcp_queue_limit = 64
Nov 5 19:29:35	openvpn	36189	real_hash_size = 256
Nov 5 19:29:35	openvpn	36189	virtual_hash_size = 256
Nov 5 19:29:35	openvpn	36189	client_connect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	learn_address_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_disconnect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_config_dir = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ccd_exclusive = DISABLED
Nov 5 19:29:35	openvpn	36189	tmp_dir = '/tmp'
Nov 5 19:29:35	openvpn	36189	push_ifconfig_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_local = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_remote_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_local = ::/0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_remote = ::
Nov 5 19:29:35	openvpn	36189	enable_c2c = DISABLED
Nov 5 19:29:35	openvpn	36189	duplicate_cn = DISABLED
Nov 5 19:29:35	openvpn	36189	cf_max = 0
Nov 5 19:29:35	openvpn	36189	cf_per = 0
Nov 5 19:29:35	openvpn	36189	max_clients = 1024
Nov 5 19:29:35	openvpn	36189	max_routes_per_client = 256
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script_via_file = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_generate = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_lifetime = 0
Nov 5 19:29:35	openvpn	36189	port_share_host = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	port_share_port = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client = ENABLED
Nov 5 19:29:35	openvpn	36189	pull = ENABLED
Nov 5 19:29:35	openvpn	36189	auth_user_pass_file = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Nov 5 19:29:35	openvpn	36189	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=1 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Nov 5 19:29:35	openvpn	36437	mlockall call succeeded
Nov 5 19:29:35	openvpn	36437	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 5 19:29:35	openvpn	36437	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=4 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	PRNG init md=SHA512 size=128
Nov 5 19:29:35	openvpn	36437	Insufficient key material or header text not found in file '/var/etc/openvpn/client1.tls-auth' (0/128/256 bytes found/min/max)
Nov 5 19:29:35	openvpn	36437	Exiting due to fatal error

Everything was running fine up to the point I had to create the NAT Outbound rules. After this first reboot, my internet went down. I am not able to access it from my laptop anymore. But from pfsense it is still connected.

 

This is my rules. It is a simple setup. I never imagined AirVPN would be so hard to set up

 

TxMfyVn.png.

 

 I don't wanna start all over again. If anyone can help please, let me know.

 

 

Thanks.

Share this post


Link to post

I am a noob about this matter.

 

As I have followed this tutorial, as I did the ones from PIA, ExpressVPN, NordVPN.

 

But I am not able to UP AirVPN using Pfsense on my AP2C2 

 

I did thrice. Always ending with a network without internet.

 

To be clear. I followed until the step 6  That should be enough.

 

I am using the latest Pfsense firmware 2.4.4

 

This is OpenVPN log

 

Nov 5 19:29:35	openvpn	36189	ifconfig_pool_start = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_end = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_filename = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_refresh_freq = 600
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_base = ::
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_netbits = 0
Nov 5 19:29:35	openvpn	36189	n_bcast_buf = 256
Nov 5 19:29:35	openvpn	36189	tcp_queue_limit = 64
Nov 5 19:29:35	openvpn	36189	real_hash_size = 256
Nov 5 19:29:35	openvpn	36189	virtual_hash_size = 256
Nov 5 19:29:35	openvpn	36189	client_connect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	learn_address_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_disconnect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_config_dir = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ccd_exclusive = DISABLED
Nov 5 19:29:35	openvpn	36189	tmp_dir = '/tmp'
Nov 5 19:29:35	openvpn	36189	push_ifconfig_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_local = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_remote_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_local = ::/0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_remote = ::
Nov 5 19:29:35	openvpn	36189	enable_c2c = DISABLED
Nov 5 19:29:35	openvpn	36189	duplicate_cn = DISABLED
Nov 5 19:29:35	openvpn	36189	cf_max = 0
Nov 5 19:29:35	openvpn	36189	cf_per = 0
Nov 5 19:29:35	openvpn	36189	max_clients = 1024
Nov 5 19:29:35	openvpn	36189	max_routes_per_client = 256
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script_via_file = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_generate = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_lifetime = 0
Nov 5 19:29:35	openvpn	36189	port_share_host = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	port_share_port = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client = ENABLED
Nov 5 19:29:35	openvpn	36189	pull = ENABLED
Nov 5 19:29:35	openvpn	36189	auth_user_pass_file = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Nov 5 19:29:35	openvpn	36189	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=1 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Nov 5 19:29:35	openvpn	36437	mlockall call succeeded
Nov 5 19:29:35	openvpn	36437	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 5 19:29:35	openvpn	36437	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=4 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	PRNG init md=SHA512 size=128
Nov 5 19:29:35	openvpn	36437	Insufficient key material or header text not found in file '/var/etc/openvpn/client1.tls-auth' (0/128/256 bytes found/min/max)
Nov 5 19:29:35	openvpn	36437	Exiting due to fatal error

Everything was running fine up to the point I had to create the NAT Outbound rules. After this first reboot, my internet went down. I am not able to access it from my laptop anymore. But from pfsense it is still connected.

 

This is my rules. It is a simple setup. I never imagined AirVPN would be so hard to set up

 

TxMfyVn.png.

 

 I don't wanna start all over again. If anyone can help please, let me know.

 

 

Thanks.

 

 

Looks like you did something wrong around the TLS key.

 

Also, is your local network really 192.168.0.0?  What is your DHCP server subnet?

Share this post


Link to post

8uKN8kx.png

 

1Ml34rH.png

 

Does that answer your question?

 

I have reentered the TLS Key.

 

OpenVPN is still down.

 

PS: I had to go with 192.168.0.1 because 192.168.1.1 was making my PfSense box unreachable.

Share this post


Link to post

I was able now to make AirVPN go UP.

 

Y77LbD5.png

 

But I am not able to access the internet from my laptop.

 

can anyone here help me?

 

I have never been so close to make AirVPN work (although without firewall rules yet) 

 

These are my NAT outbound rules.

 

TxMfyVn.png

 

 

Why am I missing?

Share this post


Link to post

I was able now to make AirVPN go UP.

 

Y77LbD5.png

 

But I am not able to access the internet from my laptop.

 

can anyone here help me?

 

I have never been so close to make AirVPN work (although without firewall rules yet) 

 

These are my NAT outbound rules.

 

TxMfyVn.png

 

 

Why am I missing?

 

 

You need to follow the guide.  Firewall rules are required.  This note is under the "i" at the bottom of the firewall rules pages - "Everything that isn't explicitly passed is blocked by default."

 

Therefore, if you don't create rules to pass traffic out the AirVPN gateway (or wherever you want it) it'll be blocked!

Share this post


Link to post

 

I was able now to make AirVPN go UP.

 

Y77LbD5.png

 

But I am not able to access the internet from my laptop.

 

can anyone here help me?

 

I have never been so close to make AirVPN work (although without firewall rules yet) 

 

These are my NAT outbound rules.

 

TxMfyVn.png

 

 

Why am I missing?

 

 

You need to follow the guide.  Firewall rules are required.  This note is under the "i" at the bottom of the firewall rules pages - "Everything that isn't explicitly passed is blocked by default."

 

Therefore, if you don't create rules to pass traffic out the AirVPN gateway (or wherever you want it) it'll be blocked!

 

 

Thank you for replying it. 

 

This is the fifth time I do that. 

 

This once I left the firewall rules to be done AFTER I actually UP'd the openvpn.

 

I will do as you told me. Hope everything will be fully working  at the end.

Share this post


Link to post

Well, I followed through and completed the tutorial.

 

Things got worse. Before I was able to nslookup within my pfSense.

 

Now, it doesn't: 

 

Host "airvpn.org" could not be resolved.

 

Share this post


Link to post

These are my firewall rules after all was done.

 

On the tutorial, it shows only one rule, the anti-lockout rule before the staring of the new firewall rules. (the first one on the image) 

 

On the image, as you see there are two more default rules that the this part of the AirVPN tutorial.

 

A7IcE6c.png

Share this post


Link to post

These are my firewall rules after all was done.

 

On the tutorial, it shows only one rule, the anti-lockout rule before the staring of the new firewall rules. (the first one on the image) 

 

On the image, as you see there are two more default rules that the this part of the AirVPN tutorial.

 

A7IcE6c.png

 

 

Those two default rules need to be deleted and it looks like you have a duplicate rule for "airvpn_lan allow outbound".

Share this post


Link to post

Thanks for replying go558a83nk

 

I have just done that. But to no avail.

 

Still, no traffic going out from pfsense.

 

 

NBUyMTZ.png

 

 

is there a way to troubleshoot this? 

 

Please, let me know.

Share this post


Link to post

Hello everyone,
 
I followed the tutorial, and I think is the best tutorial I ever found on setting Vpn on PfSense.

But I can't get to route traffic trough the VPN interface.
 
Client connects correctly:

 

 

But from the logs I get this:

 

 

And there is no way to route traffic trough, I tested several different servers and same result.

 

Anyone can help? It'd be very much apprecieted.

Share this post


Link to post

It's connected

 

Hello everyone,
 
I followed the tutorial, and I think is the best tutorial I ever found on setting Vpn on PfSense.

But I can't get to route traffic trough the VPN interface.
 
Client connects correctly:

 

attachicon.gifInt.PNG

 

But from the logs I get this:

 

attachicon.gifOpenvpnLogs.PNG

 

And there is no way to route traffic trough, I tested several different servers and same result.

 

Anyone can help? It'd be very much apprecieted.

 

 

There's no problem here.  That's just pfsense disconnecting from monitoring itself.  I get hundreds of those notices.  The "initialization sequence completed" is what matters.

 

If you can't get any traffic through the VPN tunnel then your NAT and/or firewall rules are incorrect.

Share this post


Link to post

Thanks for answering my question go558a83nk

 

It seems like I'm having with the config the same troubles hbs

was experiencing, I wonder if he found some solutions.

 

Anyway I did the configuration again following the tutorial to the letter and ended up again whitout being able to route any traffic through

the vpn_wan interfaces.

 

At tutorial step 4 I should already be able to route traffic through OpenVpn client, keeping the Outbound LAN to WAN rule and change it to LAN to AirVPN_WAN modifing the interface into that rule.

 

I actually did like that when I set a PIA client on PfSense and it worked fine, the reason I didn't keep using it is that PIA doesn't offer port forwarding service.

So I'm trying now AirVPN.

Share this post


Link to post

Just wanted to say a quick thank you for this guide. 

My first time ever playing with pfsense, or anything such, and I now have it up and running perfectly thanks to this. 

Thank you so much for taking the time to lay it all out in such an easy to follow format.

Share this post


Link to post

what is going wrong here?

 

Dec 26 19:38:06	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:06	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:06	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:06	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:06	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:06	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:06	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:06	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:06	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:06	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:06	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:06	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:06	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:06	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:16	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:16	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:16	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:16	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:16	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:16	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:16	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:16	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:16	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:16	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:16	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:16	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:16	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:16	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:26	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:26	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:26	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:26	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:26	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:26	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:26	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:26	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:26	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:26	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:26	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:26	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:26	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:26	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:36	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:36	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:36	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:36	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:36	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:36	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:36	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:36	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:36	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:36	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:36	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:36	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:36	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:36	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:46	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:46	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:46	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:46	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:46	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:46	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:46	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:46	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]

I am unable to connect.

Share this post


Link to post

This

 

WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.

 

 

Use

 

remote-cert-tls server;

Share this post


Link to post

i just completed configuring my new Pfsense box with this setup but i have no acconnection to VPN. I did notice this guide is slightly different from the pfsense version 2.4.4 that i'm using. Wondering if anyone can help me or if so what info would i need to provide you?

 

 

got it working, so I can confirm this guide still works with version 2.4

 

I was missing this step under OpenVPN, I had "Enable NCP" box checked which was causing all my problems

 

Share this post


Link to post

that has nothing to do with it.

 

i use that option on all of my Tunnels and they all connect just fine..  so this is isolated to the settings on your devices

Share this post


Link to post

Question , I would like to use Open DNS family (208.67.222.123 and 208.67.220.123) Instead of 10.4.0.1

When I go to DHCP Server

AIRVPN-LAN

And change 10.4.0.1 to the above DNS (or any DNS for that matter) I can no longer surf the web or resolve websites

I reset my WiFi connection so I confirm that I’m receiving the new DNS settings but it’s like the vpn is blocking the requests or something. Am I doing something wrong here?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...