Jump to content
Not connected, Your IP: 3.139.93.242

Recommended Posts

Hi guys,

 

I followed pfsense_fans guide and got it all working fine, based on a dutch server.  This has been stable for over a month and leak tested etc

 

I decided that I wanted to change the server so that it worked based on the UK region.  Before I did anything, I did a full backup of pfSense.

 

1) So I figured all I needed to do was update the CA, the Certificate and then modify the OpenVPn connection with the static key, making sure I use the server as uk.vpn.airdns.org, is

this correct? all the rules etc would remain unchanged?

 

2) the above didn't work, so I tried to set to a specific UK based server, but again it didn't work (no idea why, just timeouts).. weirdly the DNS lookup in the dianostic function works fine, also pfsense can search for the updates etc, but all websites timeout.   So running out of time I figured I would just set everything back to dutch server for now, however that also doesn't work, exactly the same problem.

 

So I did a restore from the backup and that's not working either.   Ive tried a factory reset then backup...totally broke.. 

 

Any ideas very much appreciated. 

 

PS ive only used v2.3 of the guide,

Share this post


Link to post

the only thing you need to change to use a different server is the server host/address in the openvpn client setup.  just put in the IP address of the server you want to use and click save.

 

I don't know why you'd be having problems after restoring the backup.  Sorry for your trouble. 

Share this post


Link to post

really?  so the Cert authority and cert don't change?  Feel silly now lol.

 

Ok so anyone got any ideas on why I get timeout issues in browser and emails etc, but pfsense can update (and actually I have now allowed it to update from 2.3.2 to 2.3.2_1).  Like i say the DNS lookup works fine.  Anyone got any ideas on how I can diagnose the issue?

 

Any thoughts appreciated...  I hate networking lol

Share this post


Link to post

Try this and see if it helps. First click on the "Status" tab in PFSense. Then click on "OpenVPN" in the dropdown list. Then under where it says "Service" click on the icon that says "Restart openvpn Service" when you move your mouse pointer over it.. Then wait 10 to 15 seconds and check to see if your internet now works.

 

Sometimes when my PFSense starts up I don't have internet even though everything shows as up under interfaces. A restart of openvpn gets my AirVPN internet up and running.

Share this post


Link to post

Thanks onebarrell, that worked a treat.  Id rebooted the server soooo many times, would never have guessed restarting the service would help.

 

However im still unsure how to use gb.vpn.airdns.org?  If I stick that in the server/host address, the external ip address falls off an I lose internet connection.    If I put any IP address in that field it works fine, but Im trying to get pfSense to automatically pick the quickest route but unsure how to do this.  Ive done some searching a found someone mention about url wont resolve becuase the DNS is locked to work over VPN, but the VPN isn't active so cant resolve.  The workaround is apparently to use host overrides in the DNS resolver applet.  Im not sure that's actually my issue though, or how to use the hosts override.

 

Also Is there a reason there isn't a config file to download that new users can just restore to pfSense, then change the CA/Cert and server id/keys?  would save a lot of faffing and some slly questions I suspect.

 

I might even look into writing a program that prompts the user to enter the variable data, then generate a config that can be imported into pfSense.  Need to improve my understanding of the process a bit first though.

 

Any thoughts appreciated

Share this post


Link to post

Thanks onebarrell, that worked a treat.  Id rebooted the server soooo many times, would never have guessed restarting the service would help.

 

However im still unsure how to use gb.vpn.airdns.org?  If I stick that in the server/host address, the external ip address falls off an I lose internet connection.    If I put any IP address in that field it works fine, but Im trying to get pfSense to automatically pick the quickest route but unsure how to do this.  Ive done some searching a found someone mention about url wont resolve becuase the DNS is locked to work over VPN, but the VPN isn't active so cant resolve.  The workaround is apparently to use host overrides in the DNS resolver applet.  Im not sure that's actually my issue though, or how to use the hosts override.

 

Also Is there a reason there isn't a config file to download that new users can just restore to pfSense, then change the CA/Cert and server id/keys?  would save a lot of faffing and some slly questions I suspect.

 

I might even look into writing a program that prompts the user to enter the variable data, then generate a config that can be imported into pfSense.  Need to improve my understanding of the process a bit first though.

 

Any thoughts appreciated

 

there is no possible way for Air to know which server will be fastest for you at any given moment.  those nationwide hosts will only route you to the "best" server based on Air's metrics but they still know nothing about your situation - ISP, route, etc.  It's up to you to test and determine which servers work best for you.

Share this post


Link to post

Thanks for your thoughts, but I worked it out and it now seems to be working.  Basically in pfSense I used the DNS lookup functionality to get the IP address for the region I wanted (gb.vpn.airdns.org).. I put this IP in the server field in the VPN/openVPN applet.  It now seems to be connecting to this fastest server in that region automatically.

 

The point is, you cant look up gb.vpn.airdns.org, becaue following pfSene Fans guide, the DNS is achieved over the VPN, and when you change the server name to 'gb.vpn.airdns.org' and save, it disconnects you from your existing VPN and tries to connect to the new VPN, which it cant find because it cant use the DNS.(catch 22), hence you have to use the IP address of the region server.

 

I take your point it may not be the quickest for me, but if the server is working well, that's most of the battle as far as im concerned

 

Many thanks all

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...