Jump to content
Not connected, Your IP: 35.170.75.58
pfSense_fan

How To Set Up pfSense 2.3 for AirVPN

Recommended Posts

13 hours ago, joebywan said:
Thanks for that, worked.

What's the DNS server we're supposed to be using?  Status>OpenVPN says it's up, but I can't do the dnslookup to airvpn.org

10.4.0.1 is the DNS but I can't get dns resolver or forwarder to use that and it's especially a pain if you have policy routing - some clients using the VPN and others not.

What I do is turn off resolver and forwarder in pfsense and use DHCP to assign the DNS I want to use to clients.

I use firewall rules to enforce that clients use the DNS I want them to use.

Share this post


Link to post

if you want to use 10.4.0.1 you have to do a manual route in your ovpn config


pfsense is bsd and there is a DNS push in the config not possible to use

i use it for
10.4.0.1
10.50.1
10.6.0.1
10.7.0.1
 

Share this post


Link to post
5 hours ago, Wolke68 said:

if you want to use 10.4.0.1 you have to do a manual route in your ovpn config


pfsense is bsd and there is a DNS push in the config not possible to use

i use it for
10.4.0.1
10.50.1
10.6.0.1
10.7.0.1
 

Could you elaborate on how to do this please?  Bit of a noob here. 

Shouldn't it be covered by step 6-D in the guide "Step 6-D: First AirVPN_LAN Firewall Rule "AirVPN LAN DNS REDIRECT""??
 

Share this post


Link to post

add this in your openvpn config


route 10.4.0.0 255.255.255.0;


set 10.4.0.1 DNS for DNS Server Settings
Nothing else to change.
If you want to look at the routing table in pfsense if the route 10.4.0.0 is set to your AirVPN internal IP
 

Share this post


Link to post
6 hours ago, Wolke68 said:

add this in your openvpn config


route 10.4.0.0 255.255.255.0;


set 10.4.0.1 DNS for DNS Server Settings
Nothing else to change.
If you want to look at the routing table in pfsense if the route 10.4.0.0 is set to your AirVPN internal IP
 

So in System/General Setup if I setup 10.4.0.1 set to the vpn wan gateway, it won't automatically setup a route?

When you say put it in the config, I'm assuming I can just put it in the custom settings text box at the bottom?

Share this post


Link to post

in my tests it is not enough the route from the DNS 
if you test in pfsense the dns question you get no answers
with this extra route it is ok
 

Share this post


Link to post
13 hours ago, Wolke68 said:

in my tests it is not enough the route from the DNS 
if you test in pfsense the dns question you get no answers
with this extra route it is ok
 

It worked, thanks!

Share this post


Link to post

Has any one stated having issues in the last few days with this setup, I have been running this setup for about 2 years and had no issues up until last night.. 
Now I am getting this error when I try to connect.. anyone else or is it just me :P
 

Sep 25 04:26:54 openvpn 25923 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sep 25 04:26:54 openvpn 25923 TCP/UDP: Closing socket
Sep 25 04:26:54 openvpn 25923 SIGUSR1[soft,ping-restart] received, process restarting
Sep 25 04:26:54 openvpn 25923 Restart pause, 10 second(s)


UPDATE : :  found out my ISP was Blocking port 443 to vpn servers.. updated to a new IP good to go. 

Share this post


Link to post

Was working fine then nothing changed on my end I started getting these log entries and the vpn's not coming up.

Oct 7 15:12:25 openvpn 20222 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 7 15:12:25 openvpn 20222 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 7 15:12:25 openvpn 20222 TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.178:443
Oct 7 15:12:25 openvpn 20222 Socket Buffers: R=[42080->42080] S=[57344->57344]
Oct 7 15:12:25 openvpn 20222 UDPv4 link local (bound): [AF_INET]192.168.0.3:0
Oct 7 15:12:25 openvpn 20222 UDPv4 link remote: [AF_INET]184.75.221.178:443
Oct 7 15:13:25 openvpn 20222 [UNDEF] Inactivity timeout (--ping-restart), restarting
Oct 7 15:13:25 openvpn 20222 SIGUSR1[soft,ping-restart] received, process restarting
Oct 7 15:13:25 openvpn 20222 Restart pause, 300 second(s)
Oct 7 15:13:32 openvpn 20222 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Oct 7 15:13:32 openvpn 20222 MANAGEMENT: CMD 'state 1'
Oct 7 15:13:32 openvpn 20222 MANAGEMENT: Client disconnected

Any ideas on how to get it going again?

Share this post


Link to post
Posted ... (edited)

I have a setup like: https://nguvu.org/pfsense/pfsense-baseline-setup/
The connection with AirVPN is working and the test as described on the site are also working.

The challenge I have is that from VL20_VPN I cannot do a dns resolve on airvpn.org.
All other DNS resolves are going well.

Does anyone have tips on how I can solve this.

Edited ... by neptunus
Small update

Share this post


Link to post

Hi has anyone managed to get Policy routing Websites ONLY to work under pfsense air ?

I am trying to get paypal or online banking sites to use the ISP ip, I see people got separate devices and pcs, tvs etc to work but not seen if its possible for websites only.

Share this post


Link to post
1 hour ago, Lee47 said:

Hi has anyone managed to get Policy routing Websites ONLY to work under pfsense air ?

I am trying to get paypal or online banking sites to use the ISP ip, I see people got separate devices and pcs, tvs etc to work but not seen if its possible for websites only.


create aliases for things.  they can include FQDN.  Then create firewall rules for you LAN using those aliases to allow stuff via VPN or via WAN then create rules under those to block the interface you don't want them to use.

Share this post


Link to post

I followed NGVU's guide and everything seems to work. 
But all my computers must be on the LAN gateway. I have the pfsense connected to a dd-wrt router with wan and dhcp server off. How do I assign which devices go out which gateways? Do I do it on pfsense or dd-wrt?

Any help would be appreciated. 
 

Share this post


Link to post
Posted ... (edited)

Hi,
I'm busy to egress my firewall I was looking for a DNS rule to not allow other traffic go's to other public adress for example 8.8.8.8 or whatever
Ok redirect works fine for DNSleaks but if you hard-code it like apps or a person fills in DHCP to use 8.8.8.8 dns then we got a problem
So for security reasons i would like that al the traffic is generated by clients go to the redirected dns of airvpn

hope someone can help


never mind found the solution myself :-))

Edited ... by genuine3000
solution

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...