Casper31 73 Posted ... Installed PfblockerNG on 2.3 .Everthing seems to work oke.I noticed that the url`s from iblocklist can take a lot of resources .Question about the configuration :if you mark openvpn on the general page ,how does it work with openvpn client.Because i do not see any firewall rule appear.Don`t know if make sense to make use of a floating rule.Any ideas ?Gr,casper Quote Share this post Link to post
pfSense_fan 181 Posted ... Hello, pfSense_fan,I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile. I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has. Thanks again. Thank you, it means lot to read such a wonderful compliment. I am so glad it has helped you. For anyone interested, updating the guide from the original to the new 2.3 took over 100 hours of research and and editing. The original guide took well over a few thousand hours including learning/upgrading it between iterations. I rushed this one out to have it ready for 2.3. There will be small edits over time to explain in more detail what and why settings are recommended the way they are. For now I need a break from it. There will also be some additional optional steps added. I hope it lasts as long too, and i really hope, as I always have, that discussion will pick up in this thread among users and together we can evolve the discussion to make this better for everyone. 1 Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
Voodoo1965 0 Posted ... Hi, I followed this guide through (nice guide btw)..have rechecked and afaik all settings are correct but I can't access any DNS servers, the openvpn log says can't resolve host address Prior to this setup I had been connecting through the pfsense routerusing the airvpn "eddie" and was connecting without issue.The only real difference to the guideline setup is this pfsense router(192.168.3.1) is behind a NAT ISP router (192.168.1.1) so I wasreplacing the 192.168.1.1 entries in the guide with 192.168.3.1 I'm not too experienced with this stuff but have included DNS resolver log - Apr 26 21:00:30 unbound 91287:3 info: send_udp over interface: 127.0.0.1Apr 26 21:00:30 unbound 91287:3 info: receive_udp on interface: 127.0.0.1Apr 26 21:00:30 unbound 91287:2 info: send_udp over interface: 192.168.3.1Apr 26 21:00:30 unbound 91287:2 info: receive_udp on interface: 192.168.3.1Apr 26 21:00:30 unbound 91287:2 debug: cache memory msg=77683 rrset=66072 infra=3130 val=66280Apr 26 21:00:30 unbound 91287:2 info: 0RDd mod1 rep 2.pool.ntp.org.home. A INApr 26 21:00:30 unbound 91287:2 info: 128.000000 256.000000 1Apr 26 21:00:30 unbound 91287:2 info: 32.000000 64.000000 1Apr 26 21:00:30 unbound 91287:2 info: 16.000000 32.000000 1Apr 26 21:00:30 unbound 91287:2 info: 8.000000 16.000000 3Apr 26 21:00:30 unbound 91287:2 info: 2.000000 4.000000 1Apr 26 21:00:30 unbound 91287:2 info: 0.000000 0.000001 659Apr 26 21:00:30 unbound 91287:2 info: lower(secs) upper(secs) recursionsApr 26 21:00:30 unbound 91287:2 info: [25%]=2.52656e-07 median[50%]=5.05311e-07 [75%]=7.57967e-07Apr 26 21:00:30 unbound 91287:2 info: histogram of recursion processing timesApr 26 21:00:30 unbound 91287:2 info: average recursion processing time 0.391632 secApr 26 21:00:30 unbound 91287:2 info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 666 recursion replies sent, 0 replies dropped, 0 states jostled outApr 26 21:00:30 unbound 91287:2 debug: query took 0.000000 secApr 26 21:00:30 unbound 91287:2 info: send_udp over interface: 127.0.0.1Apr 26 21:00:30 unbound 91287:2 debug: mesh_run: validator module exit state is module_finishedApr 26 21:00:30 unbound 91287:2 debug: cannot validate non-answer, rcode SERVFAILApr 26 21:00:30 unbound 91287:2 debug: validator: nextmodule returnedApr 26 21:00:30 unbound 91287:2 info: validator operate: query db.au.clamav.net.home. A INApr 26 21:00:30 unbound 91287:2 debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddoneApr 26 21:00:30 unbound 91287:2 debug: mesh_run: iterator module exit state is module_finishedApr 26 21:00:30 unbound 91287:2 debug: return error response SERVFAILApr 26 21:00:30 unbound 91287:2 debug: store error response in message cacheApr 26 21:00:30 unbound 91287:2 debug: configured forward servers failed -- returning SERVFAILApr 26 21:00:30 unbound 91287:2 debug: No more query targets, attempting last resortApr 26 21:00:30 unbound 91287:2 debug: rtt=120000Apr 26 21:00:30 unbound 91287:2 debug: servselect ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:30 unbound 91287:2 debug: attempt to get extra 3 targetsApr 26 21:00:30 unbound 91287:2 debug: ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:30 unbound 91287:2 info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNSApr 26 21:00:30 unbound 91287:2 debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0Apr 26 21:00:30 unbound 91287:2 info: processQueryTargets: db.au.clamav.net.home. A INApr 26 21:00:30 unbound 91287:2 debug: iter_handle processing q with state QUERY TARGETS STATEApr 26 21:00:30 unbound 91287:2 debug: forwarding requestApr 26 21:00:30 unbound 91287:2 debug: request has dependency depth of 0Apr 26 21:00:30 unbound 91287:2 info: resolving db.au.clamav.net.home. A INApr 26 21:00:30 unbound 91287:2 debug: iter_handle processing q with state INIT REQUEST STATEApr 26 21:00:30 unbound 91287:2 debug: process_request: new external request eventApr 26 21:00:30 unbound 91287:2 debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_passApr 26 21:00:30 unbound 91287:2 debug: mesh_run: validator module exit state is module_wait_moduleApr 26 21:00:30 unbound 91287:2 debug: validator: pass to next moduleApr 26 21:00:30 unbound 91287:2 info: validator operate: query db.au.clamav.net.home. A INApr 26 21:00:30 unbound 91287:2 debug: validator[module 0] operate: extstate:module_state_initial event:module_event_newApr 26 21:00:30 unbound 91287:2 debug: mesh_run: startApr 26 21:00:30 unbound 91287:2 debug: udp request from ip4 127.0.0.1 port 37143 (len 16)Apr 26 21:00:30 unbound 91287:2 info: receive_udp on interface: 127.0.0.1Apr 26 21:00:29 unbound 91287:0 info: send_udp over interface: 192.168.3.1Apr 26 21:00:29 unbound 91287:0 info: receive_udp on interface: 192.168.3.1Apr 26 21:00:29 unbound 91287:3 info: send_udp over interface: 127.0.0.1Apr 26 21:00:29 unbound 91287:3 info: receive_udp on interface: 127.0.0.1Apr 26 21:00:28 unbound 91287:2 debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280Apr 26 21:00:28 unbound 91287:2 info: 0RDd mod1 rep 2.pool.ntp.org.home. A INApr 26 21:00:28 unbound 91287:2 info: 128.000000 256.000000 1Apr 26 21:00:28 unbound 91287:2 info: 32.000000 64.000000 1Apr 26 21:00:28 unbound 91287:2 info: 16.000000 32.000000 1Apr 26 21:00:28 unbound 91287:2 info: 8.000000 16.000000 3Apr 26 21:00:28 unbound 91287:2 info: 2.000000 4.000000 1Apr 26 21:00:28 unbound 91287:2 info: 0.000000 0.000001 658Apr 26 21:00:28 unbound 91287:2 info: lower(secs) upper(secs) recursionsApr 26 21:00:28 unbound 91287:2 info: [25%]=2.5266e-07 median[50%]=5.05319e-07 [75%]=7.57979e-07Apr 26 21:00:28 unbound 91287:2 info: histogram of recursion processing timesApr 26 21:00:28 unbound 91287:2 info: average recursion processing time 0.392221 secApr 26 21:00:28 unbound 91287:2 info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 665 recursion replies sent, 0 replies dropped, 0 states jostled outApr 26 21:00:28 unbound 91287:2 debug: query took 0.000000 secApr 26 21:00:28 unbound 91287:2 info: send_udp over interface: 127.0.0.1Apr 26 21:00:28 unbound 91287:2 debug: mesh_run: validator module exit state is module_finishedApr 26 21:00:28 unbound 91287:2 debug: cannot validate non-answer, rcode SERVFAILApr 26 21:00:28 unbound 91287:2 debug: validator: nextmodule returnedApr 26 21:00:28 unbound 91287:2 info: validator operate: query 2.pool.ntp.org. AAAA INApr 26 21:00:28 unbound 91287:2 debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddoneApr 26 21:00:28 unbound 91287:2 debug: mesh_run: iterator module exit state is module_finishedApr 26 21:00:28 unbound 91287:2 debug: return error response SERVFAILApr 26 21:00:28 unbound 91287:2 debug: store error response in message cacheApr 26 21:00:28 unbound 91287:2 debug: configured forward servers failed -- returning SERVFAILApr 26 21:00:28 unbound 91287:2 debug: No more query targets, attempting last resortApr 26 21:00:28 unbound 91287:2 debug: rtt=120000Apr 26 21:00:28 unbound 91287:2 debug: servselect ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:28 unbound 91287:2 debug: attempt to get extra 3 targetsApr 26 21:00:28 unbound 91287:2 debug: ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:28 unbound 91287:2 info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNSApr 26 21:00:28 unbound 91287:2 debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0Apr 26 21:00:28 unbound 91287:2 info: processQueryTargets: 2.pool.ntp.org. AAAA INApr 26 21:00:28 unbound 91287:2 debug: iter_handle processing q with state QUERY TARGETS STATEApr 26 21:00:28 unbound 91287:2 debug: forwarding requestApr 26 21:00:28 unbound 91287:2 debug: request has dependency depth of 0Apr 26 21:00:28 unbound 91287:2 info: resolving 2.pool.ntp.org. AAAA INApr 26 21:00:28 unbound 91287:2 debug: iter_handle processing q with state INIT REQUEST STATEApr 26 21:00:28 unbound 91287:2 debug: process_request: new external request eventApr 26 21:00:28 unbound 91287:2 debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_passApr 26 21:00:28 unbound 91287:2 debug: mesh_run: validator module exit state is module_wait_moduleApr 26 21:00:28 unbound 91287:2 debug: validator: pass to next moduleApr 26 21:00:28 unbound 91287:2 info: validator operate: query 2.pool.ntp.org. AAAA INApr 26 21:00:28 unbound 91287:2 debug: validator[module 0] operate: extstate:module_state_initial event:module_event_newApr 26 21:00:28 unbound 91287:2 debug: mesh_run: startApr 26 21:00:28 unbound 91287:2 debug: udp request from ip4 127.0.0.1 port 60673 (len 16)Apr 26 21:00:28 unbound 91287:2 debug: answer from the cache failedApr 26 21:00:28 unbound 91287:2 info: receive_udp on interface: 127.0.0.1Apr 26 21:00:28 unbound 91287:0 info: send_udp over interface: 127.0.0.1Apr 26 21:00:28 unbound 91287:0 info: receive_udp on interface: 127.0.0.1Apr 26 21:00:28 unbound 91287:3 info: send_udp over interface: 192.168.3.1Apr 26 21:00:28 unbound 91287:3 info: receive_udp on interface: 192.168.3.1Apr 26 21:00:27 unbound 91287:2 info: send_udp over interface: 192.168.3.1Apr 26 21:00:27 unbound 91287:2 info: receive_udp on interface: 192.168.3.1Apr 26 21:00:27 unbound 91287:2 debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280Apr 26 21:00:27 unbound 91287:2 info: 0RDd mod1 rep 2.pool.ntp.org.home. A INApr 26 21:00:27 unbound 91287:2 info: 128.000000 256.000000 1Apr 26 21:00:27 unbound 91287:2 info: 32.000000 64.000000 1Apr 26 21:00:27 unbound 91287:2 info: 16.000000 32.000000 1Apr 26 21:00:27 unbound 91287:2 info: 8.000000 16.000000 3Apr 26 21:00:27 unbound 91287:2 info: 2.000000 4.000000 1Apr 26 21:00:27 unbound 91287:2 info: 0.000000 0.000001 657Apr 26 21:00:27 unbound 91287:2 info: lower(secs) upper(secs) recursionsApr 26 21:00:27 unbound 91287:2 info: [25%]=2.52664e-07 median[50%]=5.05327e-07 [75%]=7.57991e-07Apr 26 21:00:27 unbound 91287:2 info: histogram of recursion processing timesApr 26 21:00:27 unbound 91287:2 info: average recursion processing time 0.392812 secApr 26 21:00:27 unbound 91287:2 info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 664 recursion replies sent, 0 replies dropped, 0 states jostled outApr 26 21:00:27 unbound 91287:2 debug: query took 0.000000 secApr 26 21:00:27 unbound 91287:2 info: send_udp over interface: 127.0.0.1Apr 26 21:00:27 unbound 91287:2 debug: mesh_run: validator module exit state is module_finishedApr 26 21:00:27 unbound 91287:2 debug: cannot validate non-answer, rcode SERVFAILApr 26 21:00:27 unbound 91287:2 debug: validator: nextmodule returnedApr 26 21:00:27 unbound 91287:2 info: validator operate: query nl.vpn.airdns.org. A INApr 26 21:00:27 unbound 91287:2 debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddoneApr 26 21:00:27 unbound 91287:2 debug: mesh_run: iterator module exit state is module_finishedApr 26 21:00:27 unbound 91287:2 debug: return error response SERVFAILApr 26 21:00:27 unbound 91287:2 debug: store error response in message cacheApr 26 21:00:27 unbound 91287:2 debug: configured forward servers failed -- returning SERVFAILApr 26 21:00:27 unbound 91287:2 debug: No more query targets, attempting last resortApr 26 21:00:27 unbound 91287:2 debug: rtt=120000Apr 26 21:00:27 unbound 91287:2 debug: servselect ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:27 unbound 91287:2 debug: attempt to get extra 3 targetsApr 26 21:00:27 unbound 91287:2 debug: ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:27 unbound 91287:2 info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNSApr 26 21:00:27 unbound 91287:2 debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0Apr 26 21:00:27 unbound 91287:2 info: processQueryTargets: nl.vpn.airdns.org. A INApr 26 21:00:27 unbound 91287:2 debug: iter_handle processing q with state QUERY TARGETS STATEApr 26 21:00:27 unbound 91287:2 debug: forwarding requestApr 26 21:00:27 unbound 91287:2 debug: request has dependency depth of 0Apr 26 21:00:27 unbound 91287:2 info: resolving nl.vpn.airdns.org. A INApr 26 21:00:27 unbound 91287:2 debug: iter_handle processing q with state INIT REQUEST STATEApr 26 21:00:27 unbound 91287:2 debug: process_request: new external request eventApr 26 21:00:27 unbound 91287:2 debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_passApr 26 21:00:27 unbound 91287:2 debug: mesh_run: validator module exit state is module_wait_moduleApr 26 21:00:27 unbound 91287:2 debug: validator: pass to next moduleApr 26 21:00:27 unbound 91287:2 info: validator operate: query nl.vpn.airdns.org. A INApr 26 21:00:27 unbound 91287:2 debug: validator[module 0] operate: extstate:module_state_initial event:module_event_newApr 26 21:00:27 unbound 91287:2 debug: mesh_run: startApr 26 21:00:27 unbound 91287:2 debug: udp request from ip4 127.0.0.1 port 1665 (len 16)Apr 26 21:00:27 unbound 91287:2 debug: answer from the cache failedApr 26 21:00:27 unbound 91287:2 info: receive_udp on interface: 127.0.0.1Apr 26 21:00:27 unbound 91287:3 info: send_udp over interface: 192.168.3.1Apr 26 21:00:27 unbound 91287:3 info: receive_udp on interface: 192.168.3.1Apr 26 21:00:26 unbound 91287:0 info: send_udp over interface: 192.168.3.1Apr 26 21:00:26 unbound 91287:0 info: receive_udp on interface: 192.168.3.1Apr 26 21:00:26 unbound 91287:2 debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280Apr 26 21:00:26 unbound 91287:2 info: 0RDd mod1 rep 2.pool.ntp.org.home. A INApr 26 21:00:26 unbound 91287:2 info: 128.000000 256.000000 1Apr 26 21:00:26 unbound 91287:2 info: 32.000000 64.000000 1Apr 26 21:00:26 unbound 91287:2 info: 16.000000 32.000000 1Apr 26 21:00:26 unbound 91287:2 info: 8.000000 16.000000 3Apr 26 21:00:26 unbound 91287:2 info: 2.000000 4.000000 1Apr 26 21:00:26 unbound 91287:2 info: 0.000000 0.000001 656Apr 26 21:00:26 unbound 91287:2 info: lower(secs) upper(secs) recursionsApr 26 21:00:26 unbound 91287:2 info: [25%]=2.52668e-07 median[50%]=5.05335e-07 [75%]=7.58003e-07Apr 26 21:00:26 unbound 91287:2 info: histogram of recursion processing timesApr 26 21:00:26 unbound 91287:2 info: average recursion processing time 0.393404 secApr 26 21:00:26 unbound 91287:2 info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 663 recursion replies sent, 0 replies dropped, 0 states jostled outApr 26 21:00:26 unbound 91287:2 debug: query took 0.000000 secApr 26 21:00:26 unbound 91287:2 info: send_udp over interface: 127.0.0.1Apr 26 21:00:26 unbound 91287:2 debug: mesh_run: validator module exit state is module_finishedApr 26 21:00:26 unbound 91287:2 debug: cannot validate non-answer, rcode SERVFAILApr 26 21:00:26 unbound 91287:2 debug: validator: nextmodule returnedApr 26 21:00:26 unbound 91287:2 info: validator operate: query 2.pool.ntp.org. A INApr 26 21:00:26 unbound 91287:2 debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddoneApr 26 21:00:26 unbound 91287:2 debug: mesh_run: iterator module exit state is module_finishedApr 26 21:00:26 unbound 91287:2 debug: return error response SERVFAILApr 26 21:00:26 unbound 91287:2 debug: store error response in message cacheApr 26 21:00:26 unbound 91287:2 debug: configured forward servers failed -- returning SERVFAILApr 26 21:00:26 unbound 91287:2 debug: No more query targets, attempting last resortApr 26 21:00:26 unbound 91287:2 debug: rtt=120000Apr 26 21:00:26 unbound 91287:2 debug: servselect ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:26 unbound 91287:2 debug: attempt to get extra 3 targetsApr 26 21:00:26 unbound 91287:2 debug: ip4 10.4.0.1 port 53 (len 16)Apr 26 21:00:26 unbound 91287:2 info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNSApr 26 21:00:26 unbound 91287:2 debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0Apr 26 21:00:26 unbound 91287:2 info: processQueryTargets: 2.pool.ntp.org. A INApr 26 21:00:26 unbound 91287:2 debug: iter_handle processing q with state QUERY TARGETS STATEApr 26 21:00:26 unbound 91287:2 debug: forwarding requestApr 26 21:00:26 unbound 91287:2 debug: request has dependency depth of 0Apr 26 21:00:26 unbound 91287:2 info: resolving 2.pool.ntp.org. A INApr 26 21:00:26 unbound 91287:2 debug: iter_handle processing q with state INIT REQUEST STATEApr 26 21:00:26 unbound 91287:2 debug: process_request: new external request eventApr 26 21:00:26 unbound 91287:2 debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_passApr 26 21:00:26 unbound 91287:2 debug: mesh_run: validator module exit state is module_wait_moduleApr 26 21:00:26 unbound 91287:2 debug: validator: pass to next moduleApr 26 21:00:26 unbound 91287:2 info: validator operate: query 2.pool.ntp.org. A IN Quote Share this post Link to post
bama 0 Posted ... pfSense_fan,hope you are well,quick question,I have all settings in properly I believe and I have Internet access as well as vpn connection to air but when I try to run a dns leak test I can't get any result also in my tablet my router 192.168.1.1 is the same as my dns any chance you can help me find error by the way I used 10.4.0.1 as dns on general set up page.and thanks for your time. Quote Share this post Link to post
LazyLizard14 11 Posted ... Great work pfSense_fan! I see there are some changes in the custom options / advanced configuration of the VPN client compared to the older guide. You noticed some changes in performance of the VPN connection compared to the old ones? Quote Share this post Link to post
bama 0 Posted ... Can anyone who has used the 2.3 to do a fresh install help me out,I'm noticing since I set it up that I my the router and dns fields in my iPad now display the same number my Vpn connection is to air servers seem to be working,but my dns seems to be off I can't run dnsleaktest the airvpn speed test no longer works,I have checked and rechecked settings all seem ok unless I just missed something.thanks for any help you can give,I know I'm not being specific but I'm describing what's happening. Quote Share this post Link to post
jds_uniphase 0 Posted ... Great guide! i followed the instructions and everything seems to be working.except i can't ping python.org.i can do it from the diagnostics, but not from the console. any suggestions? Quote Share this post Link to post
isengar 1 Posted ... have a question inStep 4-A: Assigning the OpenVPN Interface i followed the setup, but it will not allow me to save at this point. I get this error The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration. but under IPv4 Configuration Type set to none.ame as ip6 i have checked the dhcp server it only active on my lan.i have stop DHCP and rebooted. it still gives me the error but my internet feed from cogeco is set to dhcp (do not have a static ip from them ) 1 Charlespon reacted to this Quote Share this post Link to post
isengar 1 Posted ... thanks for the guide,solved my interface save problemBill Quote Share this post Link to post
MrConducter 11 Posted ... Hello, pfSense_fan,I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile. I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has. Thanks again. Thank you, it means lot to read such a wonderful compliment. I am so glad it has helped you. For anyone interested, updating the guide from the original to the new 2.3 took over 100 hours of research and and editing. The original guide took well over a few thousand hours including learning/upgrading it between iterations. I rushed this one out to have it ready for 2.3. There will be small edits over time to explain in more detail what and why settings are recommended the way they are. For now I need a break from it. There will also be some additional optional steps added. I hope it lasts as long too, and i really hope, as I always have, that discussion will pick up in this thread among users and together we can evolve the discussion to make this better for everyone. Great work dude I really am impressed. It took me 4 hours to get through it and then I messed something up so it didn't work anyways lol! There is no way in hell I would have the time/patience/knowledge to make something like this. It's invaluable to noobs like me. I'm still working through it...and I thought setting up DD-WRT was hard haha 2 Hobedei and Lee47 reacted to this Quote Share this post Link to post
cliff.peeples 0 Posted ... Like many others, I appreciate your guide Followed your previous guide (Multiple NIC interfaces) and had zero issues getting everything going properly. Now, however, with the upgrade to 2.3... Your multiple interfaces guide isn't yet available. Any timeframe when you may be done with it? I followed everything with this guide and ensured I was still paying attention to IP configurations so as to utilize the other NIC for the VPN routing, and my LAN/WAN traffic for AIRVPN is non-existent. Connecting my devices to the wireless access point utilized for VPN connectivity reports as "no Internet access available" Quote Share this post Link to post
dssguy11 4 Posted ... yes i have the multi nic using 2.2.6 and want to move to the 2.3 new version but need the multi version as well. Thanks so much for all the time you put into this. Quote Share this post Link to post
MrConducter 11 Posted ... Wait...multiple NIC interface guide? I thought pfsense required multiple NICS?? Like a router? Quote Share this post Link to post
dssguy11 4 Posted ... Pfsense normally uses two NICs. One for the internet, and one for your LAN. In the last guide, PFsense_fan wrote a guide the had an additional NIC just for AirVPN. So basically I had two Cisco switches, each connected to a different NIC. Anything I plugged into the one switch would be on the VPN, anything I plugged into the other switch would use the regular internet and bypass the VPN. Quote Share this post Link to post
MrConducter 11 Posted ... Ah that's pretty cool. If I don't want to do that though I don't have to worry about it right? I just have the internet NIC and then the LAN is going to my wireless router I am trying to setup as an AP. 1 cliff.peeples reacted to this Quote Share this post Link to post
dssguy11 4 Posted ... you will need 2 NICs though.. one you plug into the internet, the other plugs into a switch or your wireless router (in AP mode).. You should turn off all DHCP and such on the wireless router and just like you said, put it in AP mode. 1 cliff.peeples reacted to this Quote Share this post Link to post
MrConducter 11 Posted ... Yup that's exactly what I'm trying to do. I bought a mini-pc thing for this and it has 2 NICS, so I'm good there. It's just a matter of correctly configuring everything. I'm soooooooooooo close! Quote Share this post Link to post
dssguy11 4 Posted ... be patient, PFsense is VERY confusing.. one wrong tick somewhere and your fuxxed 2 cliff.peeples and Lee47 reacted to this Quote Share this post Link to post
cliff.peeples 0 Posted ... Dssguy11 nailed it. My previous setup involved an AP for "clearnet", and an AP for VPN in the states (we live in Seoul, Korea). The wife and kids connect to the VPN in order to watch shows and surf content more easily. Keeping the networks "physically" segregated made the most sense to me, as it keeps me from having to explain things to the family. "Just connect to the VPN or VPN5g wireless, dear" Sent from my Nexus 6P using Tapatalk Quote Share this post Link to post
MrConducter 11 Posted ... be patient, PFsense is VERY confusing.. one wrong tick somewhere and your fuxxed Thank you, I need the encouragement. If it weren't for this thread I would be fuxxed lol Quote Share this post Link to post
pfSense_fan 181 Posted ... For those asking about the clearnet interface, I don't have a timetable other than to say eventually. If you used the original guide, you should be ale to extrapolate how to accomplish this. First create and name a new interface. All settings on the interface page are the same are the AirVPN_LAN interface EXCEPT the name and IP address of the subnet you choose. Under dhcp server for the new interface, replace the 192.168.1.100 - 192.168.1.199 with 192.168.123.100 - 192.168.123.199 (or whatever subnet you chose) For the rest of the interface settings, simply replace AirVPN_LAN in the rules for Clear_LAN (or whatever you name it) and AirVPN_WAN with WAN. On the outbound rule, select WAN for the gateway. There is not much different, you are just telling the traffic where to go. I highly encourage you all to take ther time to understand how this works, the information is there in the guide. If not, I will eventually open up the text editor and add it, right now I am backed up with work and cannot. 2 Lee47 and Wolf666 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
cliff.peeples 0 Posted ... For those asking about the clearnet interface, I don't have a timetable other than to say eventually. If you used the original guide, you should be ale to extrapolate how to accomplish this. First create and name a new interface. All settings on the interface page are the same are the AirVPN_LAN interface EXCEPT the name and IP address of the subnet you choose. Under dhcp server for the new interface, replace the 192.168.1.100 - 192.168.1.199 with 192.168.123.100 - 192.168.123.199 (or whatever subnet you chose) For the rest of the interface settings, simply replace AirVPN_LAN in the rules for Clear_LAN (or whatever you name it) and AirVPN_WAN with WAN. On the outbound rule, select WAN for the gateway. There is not much different, you are just telling the traffic where to go. I highly encourage you all to take ther time to understand how this works, the information is there in the guide. If not, I will eventually open up the text editor and add it, right now I am backed up with work and cannot.Thank you for the response. I'll go back and double check my configs again. I'm not entirely sure if it was related to the upgrade and not a clean install, borking my routes. I'll redo my config from scratch and see where that takes me. I know there were a few server changes (one of which I used as a primary exit point), so that complicated things a bit. Once I started tracing my steps, I realized the VPN connection kept terminating. Maybe I should change the log level and look again for specifics. Quote Share this post Link to post
cliff.peeples 0 Posted ... Not exactly sure why, but the configuration for 2.3 you have above would NOT function properly with multiple (3) interfaces. Ended up wiping the configuration and creating one from your 2.1 guide, and it worked fine. Not sure why the upgrade killed the configuration either, but at least I'm up and running again. Quote Share this post Link to post
dssguy11 4 Posted ... Cliff, so just to confirm. You are now running 2.3 with multiple network cards but you used the old guide to get it working? Quote Share this post Link to post
pfSense_fan 181 Posted ... Not exactly sure why, but the configuration for 2.3 you have above would NOT function properly with multiple (3) interfaces. Ended up wiping the configuration and creating one from your 2.1 guide, and it worked fine. Not sure why the upgrade killed the configuration either, but at least I'm up and running again. It does work. Unlike the old guide, the 2.3 guide is very close to how I actually use my appliance. It works for me and is tested and working for others. There is no hidden magic to adding a clear interface.... you create a new interface and through all of the SAME STEPS, tell the traffic to route out WAN instead of AirVPN_WAN. If you tried and it failed you missed something. It's normal, there are a lot of steps/settings and it is easy to overlook one or more. The most common mistake is the outbound NAT settings and not defining the correct gateway on the outbound firewall rule. I changed this guide to create the AirVPN_LAN interface first due to the high demand. Adding a second interface for clearnet works the same way in principal as the old guide.... but the old guide should not be used. here are too many settings that have changed. 2 cliff.peeples and Lee47 reacted to this Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post