Jump to content
Not connected, Your IP: 3.129.69.134
pfSense_fan

How To Set Up pfSense 2.3 for AirVPN

Recommended Posts

Here's a generic working setup I made:

DNS resolver:
dns-resolver.png

General Settings> DNS Server
dns-server.png

Firewall Rules:

firewall.png

Firewall>NAT:

Nat.png

custom directives:
client;
persist-key;
persist-tun;
remote-cert-tls server;
prng sha512 64;
mlock;
auth-nocache

hope it helps :)

ps.
if you wonder why I use my vpn gateway address for dns server, check out https://airvpn.org/specs/ under VPN DNS server. It also kind of explains why AirVPN does not support DNSSEC https://airvpn.org/forums/topic/852-airvpn-does-not-recognize-icann-authority-anymore/


You could also use 10.4.0.1 instead

Share this post


Link to post

Polius, many thanks again for taking the time.  I notice some of your settings are very different to the main guide, i tried them again anyway and it made dramatically little difference (VPN was up, DNS was fine, main traffic visible).  I am at the point now where i have invested a couple of days resetting to defaults and making little progress.

I know this works, ive had it working before, but just cant fathom it this time. 

I took out a trial account with another provider and it worked first time (didnt even need to use the guide),  switched the certs, server details and TLS key over to Air and it dies.

Think i need a break from this now.  Will have another go next weekend becuase i love AIRVPN, the speeds, the fact it is one of the only providers with a support forum in the memeber area, and i trust them.  But if i cant work it out, then at least i have options to keep my server online.

Cheers anyway

Share this post


Link to post
On 11/14/2020 at 5:11 PM, bobsnail said:

Polius, many thanks again for taking the time.  I notice some of your settings are very different to the main guide, i tried them again anyway and it made dramatically little difference (VPN was up, DNS was fine, main traffic visible).  I am at the point now where i have invested a couple of days resetting to defaults and making little progress.

I know this works, ive had it working before, but just cant fathom it this time. 

I took out a trial account with another provider and it worked first time (didnt even need to use the guide),  switched the certs, server details and TLS key over to Air and it dies.

Think i need a break from this now.  Will have another go next weekend becuase i love AIRVPN, the speeds, the fact it is one of the only providers with a support forum in the memeber area, and i trust them.  But if i cant work it out, then at least i have options to keep my server online.

Cheers anyway

Hi Bob,

Understood. You should take a break if it still doesn't work out. I myself have spent a lot of time trying to make it work too and understand the frustration completely.

cheers!

Share this post


Link to post

Can you post a screenshot of your outbound NAT configuration? It definitely sounds like your LAN is not routing through the tunnel, but since the tunnel is up, it can utilize the DNS for AirVPN as you likely configured that on the DNS Resolver settings, without routing your traffic through it. Also, a screenshot of your routing/gateways setup. You can obscure the IP's for this one if needed. I just need to see if they're setup properly.

Share this post


Link to post

Is anyone running pfsense 2.5.0? I've just upgraded to the latest build and it's broke my VPN connection to Air after it being sucessful for months. I have tried the guide mentioned a few posts back and put the same settings but some of the options have changed.

Cheers

Share this post


Link to post

This Thread is a few years old but if  you try like ngu (link on the First Site) Even 2.5.0 run
 

Share this post


Link to post
5 hours ago, Wolke68 said:

This Thread is a few years old but if  you try like ngu (link on the First Site) Even 2.5.0 run
 


Thanks Wolke

I did follow the guide but some settings differ now. I have it working though after deleting the client and putting the details back in.

Share this post


Link to post

I think Start your own thread with your logs and tell wich kind of problem there is and which howto you follow

without any logs nobody can see anything

I am on 2.5 and all is good ( Most times) 😆


Share this post


Link to post
On 12/5/2020 at 6:10 PM, Wolke68 said:

I think Start your own thread with your logs and tell wich kind of problem there is and which howto you follow

without any logs nobody can see anything

I am on 2.5 and all is good ( Most times) 😆


Would you mind telling me what Data Encryption Algorithms and Auth digest algorithm yours is set at? I have mine on AES-256-GMC but cannot set it to anything above SHA1. It just will not connect.

Cheers

Share this post


Link to post
10 minutes ago, rob77 said:
Would you mind telling me what Data Encryption Algorithms and Auth digest algorithm yours is set at? I have mine on AES-256-GMC but cannot set it to anything above SHA1. It just will not connect.

Cheers

sha1 is what you use with entry IP 1 and 2. sha512 (and tls encryption and authorization) is used for entry IP 3 and 4 configs.

Share this post


Link to post
1 hour ago, go558a83nk said:

sha1 is what you use with entry IP 1 and 2. sha512 (and tls encryption and authorization) is used for entry IP 3 and 4 configs.

Thanks. I had been downloading the wrong config, changed and all working now per the guide :)

Share this post


Link to post

After updating pfSense from version 22.01 to 22.05 my vpn cannot connect to AirVPN.
In the system logfile/ openvpn shows only one line:
" Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client2/config.ovpn:42: keysize (2.6_git) "

A rollback of the update is not possible, and restoring parameters from the backup doesn't help, maybe a simple parameter change can solve the problem, but I can't really see how.

My setup after your very good description for 2 channels to AirVPN have worked without problems for several years now, so I hope you can help.

 

Share this post


Link to post
Posted ... (edited)
6 hours ago, hanserikbusk said:

After updating pfSense from version 22.01 to 22.05 my vpn cannot connect to AirVPN.
In the system logfile/ openvpn shows only one line:
" Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client2/config.ovpn:42: keysize (2.6_git) "


I can confirm that I do have pfSense 22.05 as well as AirVPN and i have no such problem. The error message indicates some problem with the key size.

For what it is worth, these are my settings, maybe it helps:

Server Mode: Peer to Peer (SSL/TLS)
Device mode: tun
Protocol: UDP on IPv4 only
Server port: 443
TLS Configuration: Use a TLS Key
TLS Key Usage Mode: TLS Encryption and Authentication
TLS keydir direction: Use default direction
Data Encryption Algorithms: AES-256-GCM AES-256-CBC
Auth digest algorithm: SHA512

Custom options: client; persist-key; persist-tun; remote-cert-tls server; prng sha256 64; mlock; auth-nocache;
UDP Fast I/O: Use fast I/O operations with UDP writes to tun/tap. Experimental.
Send/Receive Buffer: !.00 MiB

Note that on a reboot of my firewall, the connection often does not come up. Restarting the OpenVPN client service(s) (can be done from the dashboard is you have the Service Status widget enabled) usually does the trick.

Success 🙂
Edited ... by HughM
Incomplete

Share this post


Link to post
On 7/6/2022 at 11:10 AM, hanserikbusk said:

After updating pfSense from version 22.01 to 22.05 my vpn cannot connect to AirVPN.
In the system logfile/ openvpn shows only one line:
" Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client2/config.ovpn:42: keysize (2.6_git) "

A rollback of the update is not possible, and restoring parameters from the backup doesn't help, maybe a simple parameter change can solve the problem, but I can't really see how.

My setup after your very good description for 2 channels to AirVPN have worked without problems for several years now, so I hope you can help.

 


I had the same, removing "keysize xxx;" from the custom options of the vpn client fixed it for me. The keysize option is deprecated now.

Share this post


Link to post

I was able to reconfigure my pfSense 2.6 in order to work. But compared to 2.4. my speed was cut in half in some cases. (i.e Roku Speed Test connection)

I have a 225Mb down connection and before I was getting 58/60.

Now I can barely reach 30. Using the Pollux Server located in Jacksonville, FL. 

Is anyone experiencing this? If so, how can one mitigate this? 

Please, let me know.

Thanks.

Share this post


Link to post
On 12/26/2022 at 8:12 PM, hbs said:

I was able to reconfigure my pfSense 2.6 in order to work. But compared to 2.4. my speed was cut in half in some cases. (i.e Roku Speed Test connection)

I have a 225Mb down connection and before I was getting 58/60.

Now I can barely reach 30. Using the Pollux Server located in Jacksonville, FL. 

Is anyone experiencing this? If so, how can one mitigate this? 

Please, let me know.

Thanks.

add this to advanced config:

sndbuf 512000;
rcvbuf 512000;
or increase the number down below. Pfsense still lists the send and receive buffer option.  my opnsense doesn't 

edit.  I had no idea that post was from a year ago the date was hidden 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...