bobsnail 0 Posted ... Hi guys, I followed pfsense_fans guide and got it all working fine, based on a dutch server. This has been stable for over a month and leak tested etc I decided that I wanted to change the server so that it worked based on the UK region. Before I did anything, I did a full backup of pfSense. 1) So I figured all I needed to do was update the CA, the Certificate and then modify the OpenVPn connection with the static key, making sure I use the server as uk.vpn.airdns.org, isthis correct? all the rules etc would remain unchanged? 2) the above didn't work, so I tried to set to a specific UK based server, but again it didn't work (no idea why, just timeouts).. weirdly the DNS lookup in the dianostic function works fine, also pfsense can search for the updates etc, but all websites timeout. So running out of time I figured I would just set everything back to dutch server for now, however that also doesn't work, exactly the same problem. So I did a restore from the backup and that's not working either. Ive tried a factory reset then backup...totally broke.. Any ideas very much appreciated. PS ive only used v2.3 of the guide, Quote Share this post Link to post
go558a83nk 364 Posted ... the only thing you need to change to use a different server is the server host/address in the openvpn client setup. just put in the IP address of the server you want to use and click save. I don't know why you'd be having problems after restoring the backup. Sorry for your trouble. Quote Share this post Link to post
bobsnail 0 Posted ... really? so the Cert authority and cert don't change? Feel silly now lol. Ok so anyone got any ideas on why I get timeout issues in browser and emails etc, but pfsense can update (and actually I have now allowed it to update from 2.3.2 to 2.3.2_1). Like i say the DNS lookup works fine. Anyone got any ideas on how I can diagnose the issue? Any thoughts appreciated... I hate networking lol Quote Share this post Link to post
onebarrell 3 Posted ... Try this and see if it helps. First click on the "Status" tab in PFSense. Then click on "OpenVPN" in the dropdown list. Then under where it says "Service" click on the icon that says "Restart openvpn Service" when you move your mouse pointer over it.. Then wait 10 to 15 seconds and check to see if your internet now works. Sometimes when my PFSense starts up I don't have internet even though everything shows as up under interfaces. A restart of openvpn gets my AirVPN internet up and running. Quote Share this post Link to post
bobsnail 0 Posted ... Thanks onebarrell, that worked a treat. Id rebooted the server soooo many times, would never have guessed restarting the service would help. However im still unsure how to use gb.vpn.airdns.org? If I stick that in the server/host address, the external ip address falls off an I lose internet connection. If I put any IP address in that field it works fine, but Im trying to get pfSense to automatically pick the quickest route but unsure how to do this. Ive done some searching a found someone mention about url wont resolve becuase the DNS is locked to work over VPN, but the VPN isn't active so cant resolve. The workaround is apparently to use host overrides in the DNS resolver applet. Im not sure that's actually my issue though, or how to use the hosts override. Also Is there a reason there isn't a config file to download that new users can just restore to pfSense, then change the CA/Cert and server id/keys? would save a lot of faffing and some slly questions I suspect. I might even look into writing a program that prompts the user to enter the variable data, then generate a config that can be imported into pfSense. Need to improve my understanding of the process a bit first though. Any thoughts appreciated Quote Share this post Link to post
zhang888 1066 Posted ... You can just change the IP in the OpenVPN client section, no need to change the certs and CA.They are identical per your username on all servers. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 364 Posted ... Thanks onebarrell, that worked a treat. Id rebooted the server soooo many times, would never have guessed restarting the service would help. However im still unsure how to use gb.vpn.airdns.org? If I stick that in the server/host address, the external ip address falls off an I lose internet connection. If I put any IP address in that field it works fine, but Im trying to get pfSense to automatically pick the quickest route but unsure how to do this. Ive done some searching a found someone mention about url wont resolve becuase the DNS is locked to work over VPN, but the VPN isn't active so cant resolve. The workaround is apparently to use host overrides in the DNS resolver applet. Im not sure that's actually my issue though, or how to use the hosts override. Also Is there a reason there isn't a config file to download that new users can just restore to pfSense, then change the CA/Cert and server id/keys? would save a lot of faffing and some slly questions I suspect. I might even look into writing a program that prompts the user to enter the variable data, then generate a config that can be imported into pfSense. Need to improve my understanding of the process a bit first though. Any thoughts appreciated there is no possible way for Air to know which server will be fastest for you at any given moment. those nationwide hosts will only route you to the "best" server based on Air's metrics but they still know nothing about your situation - ISP, route, etc. It's up to you to test and determine which servers work best for you. Quote Share this post Link to post
bobsnail 0 Posted ... Thanks for your thoughts, but I worked it out and it now seems to be working. Basically in pfSense I used the DNS lookup functionality to get the IP address for the region I wanted (gb.vpn.airdns.org).. I put this IP in the server field in the VPN/openVPN applet. It now seems to be connecting to this fastest server in that region automatically. The point is, you cant look up gb.vpn.airdns.org, becaue following pfSene Fans guide, the DNS is achieved over the VPN, and when you change the server name to 'gb.vpn.airdns.org' and save, it disconnects you from your existing VPN and tries to connect to the new VPN, which it cant find because it cant use the DNS.(catch 22), hence you have to use the IP address of the region server. I take your point it may not be the quickest for me, but if the server is working well, that's most of the battle as far as im concerned Many thanks all Quote Share this post Link to post