Polius 1 Posted ... Here's a generic working setup I made: DNS resolver: General Settings> DNS Server Firewall Rules: Firewall>NAT: custom directives: client; persist-key; persist-tun; remote-cert-tls server; prng sha512 64; mlock; auth-nocache hope it helps ps. if you wonder why I use my vpn gateway address for dns server, check out https://airvpn.org/specs/ under VPN DNS server. It also kind of explains why AirVPN does not support DNSSEC https://airvpn.org/forums/topic/852-airvpn-does-not-recognize-icann-authority-anymore/ You could also use 10.4.0.1 instead Quote Share this post Link to post
bobsnail 0 Posted ... Polius, many thanks again for taking the time. I notice some of your settings are very different to the main guide, i tried them again anyway and it made dramatically little difference (VPN was up, DNS was fine, main traffic visible). I am at the point now where i have invested a couple of days resetting to defaults and making little progress. I know this works, ive had it working before, but just cant fathom it this time. I took out a trial account with another provider and it worked first time (didnt even need to use the guide), switched the certs, server details and TLS key over to Air and it dies. Think i need a break from this now. Will have another go next weekend becuase i love AIRVPN, the speeds, the fact it is one of the only providers with a support forum in the memeber area, and i trust them. But if i cant work it out, then at least i have options to keep my server online. Cheers anyway Quote Share this post Link to post
Polius 1 Posted ... On 11/14/2020 at 5:11 PM, bobsnail said: Polius, many thanks again for taking the time. I notice some of your settings are very different to the main guide, i tried them again anyway and it made dramatically little difference (VPN was up, DNS was fine, main traffic visible). I am at the point now where i have invested a couple of days resetting to defaults and making little progress. I know this works, ive had it working before, but just cant fathom it this time. I took out a trial account with another provider and it worked first time (didnt even need to use the guide), switched the certs, server details and TLS key over to Air and it dies. Think i need a break from this now. Will have another go next weekend becuase i love AIRVPN, the speeds, the fact it is one of the only providers with a support forum in the memeber area, and i trust them. But if i cant work it out, then at least i have options to keep my server online. Cheers anyway Hi Bob, Understood. You should take a break if it still doesn't work out. I myself have spent a lot of time trying to make it work too and understand the frustration completely. cheers! Quote Share this post Link to post
SumRndmDude 22 Posted ... Can you post a screenshot of your outbound NAT configuration? It definitely sounds like your LAN is not routing through the tunnel, but since the tunnel is up, it can utilize the DNS for AirVPN as you likely configured that on the DNS Resolver settings, without routing your traffic through it. Also, a screenshot of your routing/gateways setup. You can obscure the IP's for this one if needed. I just need to see if they're setup properly. Quote Share this post Link to post
rob77 0 Posted ... Is anyone running pfsense 2.5.0? I've just upgraded to the latest build and it's broke my VPN connection to Air after it being sucessful for months. I have tried the guide mentioned a few posts back and put the same settings but some of the options have changed. Cheers Quote Share this post Link to post
Wolke68 5 Posted ... This Thread is a few years old but if you try like ngu (link on the First Site) Even 2.5.0 run Quote Share this post Link to post
rob77 0 Posted ... 5 hours ago, Wolke68 said: This Thread is a few years old but if you try like ngu (link on the First Site) Even 2.5.0 run Thanks Wolke I did follow the guide but some settings differ now. I have it working though after deleting the client and putting the details back in. Quote Share this post Link to post
Wolke68 5 Posted ... I think Start your own thread with your logs and tell wich kind of problem there is and which howto you follow without any logs nobody can see anything I am on 2.5 and all is good ( Most times) 😆 Quote Share this post Link to post
rob77 0 Posted ... On 12/5/2020 at 6:10 PM, Wolke68 said: I think Start your own thread with your logs and tell wich kind of problem there is and which howto you follow without any logs nobody can see anything I am on 2.5 and all is good ( Most times) 😆 Would you mind telling me what Data Encryption Algorithms and Auth digest algorithm yours is set at? I have mine on AES-256-GMC but cannot set it to anything above SHA1. It just will not connect. Cheers Quote Share this post Link to post
go558a83nk 377 Posted ... 10 minutes ago, rob77 said: Would you mind telling me what Data Encryption Algorithms and Auth digest algorithm yours is set at? I have mine on AES-256-GMC but cannot set it to anything above SHA1. It just will not connect. Cheers sha1 is what you use with entry IP 1 and 2. sha512 (and tls encryption and authorization) is used for entry IP 3 and 4 configs. Quote Share this post Link to post
rob77 0 Posted ... 1 hour ago, go558a83nk said: sha1 is what you use with entry IP 1 and 2. sha512 (and tls encryption and authorization) is used for entry IP 3 and 4 configs. Thanks. I had been downloading the wrong config, changed and all working now per the guide Quote Share this post Link to post
hanserikbusk 0 Posted ... After updating pfSense from version 22.01 to 22.05 my vpn cannot connect to AirVPN. In the system logfile/ openvpn shows only one line: " Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client2/config.ovpn:42: keysize (2.6_git) " A rollback of the update is not possible, and restoring parameters from the backup doesn't help, maybe a simple parameter change can solve the problem, but I can't really see how. My setup after your very good description for 2 channels to AirVPN have worked without problems for several years now, so I hope you can help. Quote Share this post Link to post
HughM 0 Posted ... (edited) 6 hours ago, hanserikbusk said: After updating pfSense from version 22.01 to 22.05 my vpn cannot connect to AirVPN. In the system logfile/ openvpn shows only one line: " Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client2/config.ovpn:42: keysize (2.6_git) " I can confirm that I do have pfSense 22.05 as well as AirVPN and i have no such problem. The error message indicates some problem with the key size. For what it is worth, these are my settings, maybe it helps: Server Mode: Peer to Peer (SSL/TLS) Device mode: tun Protocol: UDP on IPv4 only Server port: 443 TLS Configuration: Use a TLS KeyTLS Key Usage Mode: TLS Encryption and AuthenticationTLS keydir direction: Use default direction Data Encryption Algorithms: AES-256-GCM AES-256-CBC Auth digest algorithm: SHA512Custom options: client; persist-key; persist-tun; remote-cert-tls server; prng sha256 64; mlock; auth-nocache;UDP Fast I/O: Use fast I/O operations with UDP writes to tun/tap. Experimental.Send/Receive Buffer: !.00 MiB Note that on a reboot of my firewall, the connection often does not come up. Restarting the OpenVPN client service(s) (can be done from the dashboard is you have the Service Status widget enabled) usually does the trick. Success 🙂 Edited ... by HughM Incomplete Quote Share this post Link to post
fysh 3 Posted ... On 7/6/2022 at 11:10 AM, hanserikbusk said: After updating pfSense from version 22.01 to 22.05 my vpn cannot connect to AirVPN. In the system logfile/ openvpn shows only one line: " Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client2/config.ovpn:42: keysize (2.6_git) " A rollback of the update is not possible, and restoring parameters from the backup doesn't help, maybe a simple parameter change can solve the problem, but I can't really see how. My setup after your very good description for 2 channels to AirVPN have worked without problems for several years now, so I hope you can help. I had the same, removing "keysize xxx;" from the custom options of the vpn client fixed it for me. The keysize option is deprecated now. Quote Share this post Link to post
hbs 1 Posted ... I was able to reconfigure my pfSense 2.6 in order to work. But compared to 2.4. my speed was cut in half in some cases. (i.e Roku Speed Test connection) I have a 225Mb down connection and before I was getting 58/60. Now I can barely reach 30. Using the Pollux Server located in Jacksonville, FL. Is anyone experiencing this? If so, how can one mitigate this? Please, let me know. Thanks. Quote Share this post Link to post
Air4141841 30 Posted ... On 12/26/2022 at 8:12 PM, hbs said: I was able to reconfigure my pfSense 2.6 in order to work. But compared to 2.4. my speed was cut in half in some cases. (i.e Roku Speed Test connection) I have a 225Mb down connection and before I was getting 58/60. Now I can barely reach 30. Using the Pollux Server located in Jacksonville, FL. Is anyone experiencing this? If so, how can one mitigate this? Please, let me know. Thanks. add this to advanced config: sndbuf 512000; rcvbuf 512000; or increase the number down below. Pfsense still lists the send and receive buffer option. my opnsense doesn't edit. I had no idea that post was from a year ago the date was hidden Quote Share this post Link to post
Not connected, Your IP: 216.73.216.7
Online: 30732 users - 399861 Mbit/s total BW