How To Set Up pfSense 2.3 for AirVPN

[zavvand 0]

Will this guide allow me to have a normal lan and a lan dedicated to my VPN, or will all traffic be routed through the VPN connection?

[hbs 1]

Well. I followed this guide.

 

And all I got was this:

 

 

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: CMD 'state 1'

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client disconnected

Oct 27 03:18:21 openvpn 68284 SIGTERM[hard,init_instance] received, process exiting

Oct 27 03:18:22 openvpn 45695 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6

Oct 27 03:18:22 openvpn 45695 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018

Oct 27 03:18:22 openvpn 45695 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10

Oct 27 03:18:22 openvpn 45966 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock

Oct 27 03:18:22 openvpn 45966 mlockall call succeeded

Oct 27 03:18:22 openvpn 45966 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Oct 27 03:18:22 openvpn 45966 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication

Oct 27 03:18:22 openvpn 45966 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication

Oct 27 03:18:22 openvpn 45966 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.31:443

Oct 27 03:18:22 openvpn 45966 Socket Buffers: R=[42080->524288] S=[57344->524288]

Oct 27 03:18:22 openvpn 45966 UDPv4 link local (bound): [AF_INET]192.168.1.232:0

Oct 27 03:18:22 openvpn 45966 UDPv4 link remote: [AF_INET]199.249.230.31:443

Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock

Oct 27 03:18:27 openvpn 45966 MANAGEMENT: CMD 'state 1'

Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client disconnected

 

 

Can anyone help me?

[go558a83nk 364]

Well. I followed this guide.

 

And all I got was this:

 

 

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: CMD 'state 1'

Oct 27 03:18:01 openvpn 68284 MANAGEMENT: Client disconnected

Oct 27 03:18:21 openvpn 68284 SIGTERM[hard,init_instance] received, process exiting

Oct 27 03:18:22 openvpn 45695 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6

Oct 27 03:18:22 openvpn 45695 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018

Oct 27 03:18:22 openvpn 45695 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10

Oct 27 03:18:22 openvpn 45966 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock

Oct 27 03:18:22 openvpn 45966 mlockall call succeeded

Oct 27 03:18:22 openvpn 45966 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Oct 27 03:18:22 openvpn 45966 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication

Oct 27 03:18:22 openvpn 45966 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication

Oct 27 03:18:22 openvpn 45966 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.31:443

Oct 27 03:18:22 openvpn 45966 Socket Buffers: R=[42080->524288] S=[57344->524288]

Oct 27 03:18:22 openvpn 45966 UDPv4 link local (bound): [AF_INET]192.168.1.232:0

Oct 27 03:18:22 openvpn 45966 UDPv4 link remote: [AF_INET]199.249.230.31:443

Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock

Oct 27 03:18:27 openvpn 45966 MANAGEMENT: CMD 'state 1'

Oct 27 03:18:27 openvpn 45966 MANAGEMENT: Client disconnected

 

 

Can anyone help me?

 

 

Hash algorithm is SHA1 (not SHA) for tls-auth configs.

[mcana77 0]

Hey pfSense_fan, just wanted to say thank you a lot for writing this comprehensive tutorial! I (as a beginner) followed all your steps meticulously and it worked perfectly!

 

Just a question: When I want to switch the VPN server, should I only edit the OpenVPN client settings? 

 

 

Edit / Update (18.06.17):

 

So I just figured it out by myself It actually is soooo easy I didn't know that, I thought like every time you generate new OpenVPN configs for the new server you want to connect to you also get new key and certificate files with changed "content". But, everything stays the same, I compared the data inside the files with the one in pfSense, nothing changed. 

So the only thing you need to do is stop the OpenVPN client, change the IP of the VPN server and start the client again. Boom! Easy. Made my day <3

Dude I have been pouring over this forum like mad trying to figure out a way to easily switch between servers with the pfSense... and then I read your post Simpty. "Nah, it can't be that easy can it?" I thought. Holy crap thank you!!

 

Oh and the bro who came up with this guide, you da man!

[hbs 1]

I am a noob about this matter.

 

As I have followed this tutorial, as I did the ones from PIA, ExpressVPN, NordVPN.

 

But I am not able to UP AirVPN using Pfsense on my AP2C2 

 

I did thrice. Always ending with a network without internet.

 

To be clear. I followed until the step 6  That should be enough.

 

I am using the latest Pfsense firmware 2.4.4

 

This is OpenVPN log

 

Nov 5 19:29:35	openvpn	36189	ifconfig_pool_start = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_end = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_filename = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_refresh_freq = 600
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_base = ::
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_netbits = 0
Nov 5 19:29:35	openvpn	36189	n_bcast_buf = 256
Nov 5 19:29:35	openvpn	36189	tcp_queue_limit = 64
Nov 5 19:29:35	openvpn	36189	real_hash_size = 256
Nov 5 19:29:35	openvpn	36189	virtual_hash_size = 256
Nov 5 19:29:35	openvpn	36189	client_connect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	learn_address_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_disconnect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_config_dir = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ccd_exclusive = DISABLED
Nov 5 19:29:35	openvpn	36189	tmp_dir = '/tmp'
Nov 5 19:29:35	openvpn	36189	push_ifconfig_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_local = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_remote_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_local = ::/0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_remote = ::
Nov 5 19:29:35	openvpn	36189	enable_c2c = DISABLED
Nov 5 19:29:35	openvpn	36189	duplicate_cn = DISABLED
Nov 5 19:29:35	openvpn	36189	cf_max = 0
Nov 5 19:29:35	openvpn	36189	cf_per = 0
Nov 5 19:29:35	openvpn	36189	max_clients = 1024
Nov 5 19:29:35	openvpn	36189	max_routes_per_client = 256
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script_via_file = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_generate = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_lifetime = 0
Nov 5 19:29:35	openvpn	36189	port_share_host = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	port_share_port = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client = ENABLED
Nov 5 19:29:35	openvpn	36189	pull = ENABLED
Nov 5 19:29:35	openvpn	36189	auth_user_pass_file = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Nov 5 19:29:35	openvpn	36189	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=1 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Nov 5 19:29:35	openvpn	36437	mlockall call succeeded
Nov 5 19:29:35	openvpn	36437	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 5 19:29:35	openvpn	36437	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=4 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	PRNG init md=SHA512 size=128
Nov 5 19:29:35	openvpn	36437	Insufficient key material or header text not found in file '/var/etc/openvpn/client1.tls-auth' (0/128/256 bytes found/min/max)
Nov 5 19:29:35	openvpn	36437	Exiting due to fatal error

Everything was running fine up to the point I had to create the NAT Outbound rules. After this first reboot, my internet went down. I am not able to access it from my laptop anymore. But from pfsense it is still connected.

 

This is my rules. It is a simple setup. I never imagined AirVPN would be so hard to set up

 

.

 

 I don't wanna start all over again. If anyone can help please, let me know.

 

 

Thanks.

[go558a83nk 364]

I am a noob about this matter.

 

As I have followed this tutorial, as I did the ones from PIA, ExpressVPN, NordVPN.

 

But I am not able to UP AirVPN using Pfsense on my AP2C2 

 

I did thrice. Always ending with a network without internet.

 

To be clear. I followed until the step 6  That should be enough.

 

I am using the latest Pfsense firmware 2.4.4

 

This is OpenVPN log

 

Nov 5 19:29:35	openvpn	36189	ifconfig_pool_start = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_end = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_filename = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ifconfig_pool_persist_refresh_freq = 600
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_base = ::
Nov 5 19:29:35	openvpn	36189	ifconfig_ipv6_pool_netbits = 0
Nov 5 19:29:35	openvpn	36189	n_bcast_buf = 256
Nov 5 19:29:35	openvpn	36189	tcp_queue_limit = 64
Nov 5 19:29:35	openvpn	36189	real_hash_size = 256
Nov 5 19:29:35	openvpn	36189	virtual_hash_size = 256
Nov 5 19:29:35	openvpn	36189	client_connect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	learn_address_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_disconnect_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client_config_dir = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	ccd_exclusive = DISABLED
Nov 5 19:29:35	openvpn	36189	tmp_dir = '/tmp'
Nov 5 19:29:35	openvpn	36189	push_ifconfig_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_local = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_remote_netmask = 0.0.0.0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_defined = DISABLED
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_local = ::/0
Nov 5 19:29:35	openvpn	36189	push_ifconfig_ipv6_remote = ::
Nov 5 19:29:35	openvpn	36189	enable_c2c = DISABLED
Nov 5 19:29:35	openvpn	36189	duplicate_cn = DISABLED
Nov 5 19:29:35	openvpn	36189	cf_max = 0
Nov 5 19:29:35	openvpn	36189	cf_per = 0
Nov 5 19:29:35	openvpn	36189	max_clients = 1024
Nov 5 19:29:35	openvpn	36189	max_routes_per_client = 256
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	auth_user_pass_verify_script_via_file = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_generate = DISABLED
Nov 5 19:29:35	openvpn	36189	auth_token_lifetime = 0
Nov 5 19:29:35	openvpn	36189	port_share_host = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	port_share_port = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	client = ENABLED
Nov 5 19:29:35	openvpn	36189	pull = ENABLED
Nov 5 19:29:35	openvpn	36189	auth_user_pass_file = '[UNDEF]'
Nov 5 19:29:35	openvpn	36189	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Nov 5 19:29:35	openvpn	36189	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=1 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Nov 5 19:29:35	openvpn	36437	mlockall call succeeded
Nov 5 19:29:35	openvpn	36437	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 5 19:29:35	openvpn	36437	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 5 19:29:35	openvpn	36437	PO_INIT maxevents=4 flags=0x00000002
Nov 5 19:29:35	openvpn	36437	PRNG init md=SHA512 size=128
Nov 5 19:29:35	openvpn	36437	Insufficient key material or header text not found in file '/var/etc/openvpn/client1.tls-auth' (0/128/256 bytes found/min/max)
Nov 5 19:29:35	openvpn	36437	Exiting due to fatal error

Everything was running fine up to the point I had to create the NAT Outbound rules. After this first reboot, my internet went down. I am not able to access it from my laptop anymore. But from pfsense it is still connected.

 

This is my rules. It is a simple setup. I never imagined AirVPN would be so hard to set up

 

.

 

 I don't wanna start all over again. If anyone can help please, let me know.

 

 

Thanks.

 

 

Looks like you did something wrong around the TLS key.

 

Also, is your local network really 192.168.0.0?  What is your DHCP server subnet?

[hbs 1]

 

 

Does that answer your question?

 

I have reentered the TLS Key.

 

OpenVPN is still down.

 

PS: I had to go with 192.168.0.1 because 192.168.1.1 was making my PfSense box unreachable.

[hbs 1]

I was able now to make AirVPN go UP.

 

 

But I am not able to access the internet from my laptop.

 

can anyone here help me?

 

I have never been so close to make AirVPN work (although without firewall rules yet) 

 

These are my NAT outbound rules.

 

 

 

Why am I missing?

[go558a83nk 364]

I was able now to make AirVPN go UP.

 

 

But I am not able to access the internet from my laptop.

 

can anyone here help me?

 

I have never been so close to make AirVPN work (although without firewall rules yet) 

 

These are my NAT outbound rules.

 

 

 

Why am I missing?

 

 

You need to follow the guide.  Firewall rules are required.  This note is under the "i" at the bottom of the firewall rules pages - "Everything that isn't explicitly passed is blocked by default."

 

Therefore, if you don't create rules to pass traffic out the AirVPN gateway (or wherever you want it) it'll be blocked!

[hbs 1]

 

I was able now to make AirVPN go UP.

 

 

But I am not able to access the internet from my laptop.

 

can anyone here help me?

 

I have never been so close to make AirVPN work (although without firewall rules yet) 

 

These are my NAT outbound rules.

 

 

 

Why am I missing?

 

 

You need to follow the guide.  Firewall rules are required.  This note is under the "i" at the bottom of the firewall rules pages - "Everything that isn't explicitly passed is blocked by default."

 

Therefore, if you don't create rules to pass traffic out the AirVPN gateway (or wherever you want it) it'll be blocked!

 

 

Thank you for replying it. 

 

This is the fifth time I do that. 

 

This once I left the firewall rules to be done AFTER I actually UP'd the openvpn.

 

I will do as you told me. Hope everything will be fully working  at the end.

[hbs 1]

Well, I followed through and completed the tutorial.

 

Things got worse. Before I was able to nslookup within my pfSense.

 

Now, it doesn't: 

 

Host "airvpn.org" could not be resolved.

 

[hbs 1]

These are my firewall rules after all was done.

 

On the tutorial, it shows only one rule, the anti-lockout rule before the staring of the new firewall rules. (the first one on the image) 

 

On the image, as you see there are two more default rules that the this part of the AirVPN tutorial.

 

[go558a83nk 364]

These are my firewall rules after all was done.

 

On the tutorial, it shows only one rule, the anti-lockout rule before the staring of the new firewall rules. (the first one on the image) 

 

On the image, as you see there are two more default rules that the this part of the AirVPN tutorial.

 

 

 

Those two default rules need to be deleted and it looks like you have a duplicate rule for "airvpn_lan allow outbound".

[hbs 1]

Thanks for replying go558a83nk

 

I have just done that. But to no avail.

 

Still, no traffic going out from pfsense.

 

 

 

 

is there a way to troubleshoot this? 

 

Please, let me know.

[giangifrat 0]

Hello everyone,
 
I followed the tutorial, and I think is the best tutorial I ever found on setting Vpn on PfSense.

But I can't get to route traffic trough the VPN interface.
 
Client connects correctly:

 

 

But from the logs I get this:

 

 

And there is no way to route traffic trough, I tested several different servers and same result.

 

Anyone can help? It'd be very much apprecieted.

[Air4141841 25]

increasing logging to verb 4 and it will give you details on what to remove from the configuration

[go558a83nk 364]

It's connected

 

Hello everyone,
 
I followed the tutorial, and I think is the best tutorial I ever found on setting Vpn on PfSense.

But I can't get to route traffic trough the VPN interface.
 
Client connects correctly:

 

Int.PNG

 

But from the logs I get this:

 

OpenvpnLogs.PNG

 

And there is no way to route traffic trough, I tested several different servers and same result.

 

Anyone can help? It'd be very much apprecieted.

 

 

There's no problem here.  That's just pfsense disconnecting from monitoring itself.  I get hundreds of those notices.  The "initialization sequence completed" is what matters.

 

If you can't get any traffic through the VPN tunnel then your NAT and/or firewall rules are incorrect.

[giangifrat 0]

Thanks for answering my question go558a83nk

 

It seems like I'm having with the config the same troubles hbs

was experiencing, I wonder if he found some solutions.

 

Anyway I did the configuration again following the tutorial to the letter and ended up again whitout being able to route any traffic through

the vpn_wan interfaces.

 

At tutorial step 4 I should already be able to route traffic through OpenVpn client, keeping the Outbound LAN to WAN rule and change it to LAN to AirVPN_WAN modifing the interface into that rule.

 

I actually did like that when I set a PIA client on PfSense and it worked fine, the reason I didn't keep using it is that PIA doesn't offer port forwarding service.

So I'm trying now AirVPN.

[Mjcj 0]

Just wanted to say a quick thank you for this guide. 

My first time ever playing with pfsense, or anything such, and I now have it up and running perfectly thanks to this. 

Thank you so much for taking the time to lay it all out in such an easy to follow format.

[airvpn0s4752852 0]

Thank you for the thoroughly written guide.

Edited ... by airvpn0s4752852

[hbs 1]

what is going wrong here?

 

Dec 26 19:38:06	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:06	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:06	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:06	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:06	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:06	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:06	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:06	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:06	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:06	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:06	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:06	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:06	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:06	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:16	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:16	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:16	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:16	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:16	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:16	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:16	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:16	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:16	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:16	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:16	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:16	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:16	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:16	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:26	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:26	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:26	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:26	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:26	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:26	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:26	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:26	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:26	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:26	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:26	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:26	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:26	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:26	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:36	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:36	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:36	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:36	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:36	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:36	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:36	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:36	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:36	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:36	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:36	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:36	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:36	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:36	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:46	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:46	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:46	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:46	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:46	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:46	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:46	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:46	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]

I am unable to connect.

[Wolke68 5]

This

 

WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.

 

 

Use

 

remote-cert-tls server;

[chuckhammerberry 2]

i just completed configuring my new Pfsense box with this setup but i have no acconnection to VPN. I did notice this guide is slightly different from the pfsense version 2.4.4 that i'm using. Wondering if anyone can help me or if so what info would i need to provide you?

 

 

got it working, so I can confirm this guide still works with version 2.4

 

I was missing this step under OpenVPN, I had "Enable NCP" box checked which was causing all my problems

 

[Air4141841 25]

that has nothing to do with it.

 

i use that option on all of my Tunnels and they all connect just fine..  so this is isolated to the settings on your devices

[chuckhammerberry 2]

Question , I would like to use Open DNS family (208.67.222.123 and 208.67.220.123) Instead of 10.4.0.1

When I go to DHCP Server

AIRVPN-LAN

And change 10.4.0.1 to the above DNS (or any DNS for that matter) I can no longer surf the web or resolve websites

I reset my WiFi connection so I confirm that I’m receiving the new DNS settings but it’s like the vpn is blocking the requests or something. Am I doing something wrong here?