Jump to content
Not connected, Your IP: 18.232.124.77

Recommended Posts

I just installed Pfsense (i'm new to it) and tried to follow the guide on here but thats for versions 2.3 and some olf the guides options are not in pfsense ver 2.4. Once i completyed i had no access to internet and AirVPN_WAN showed no IP (yet Airvpn.org site showed i had 1 connectiopn to VPN which had to be my pfsense box)

 

I've wiped the settings and tried twice but still same issue, any updated guide?

Share this post


Link to post

Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.


Tired of Windows? Why Linux Is Better.

Share this post


Link to post

thanks, I've been looking over that thread, the original 2.3 and 2.1 setups and followed them all. I'm currently at a state where my internet works, but VPN does not

I have 3 NIC cards (1 for WAN, 1 for LAN and 1 for VPN LAN)

 

When i check airvpn.org it shows i have a conencted, yet the pfsense dashboard shows the VPN as down no IP and Open VPN client says reconnecting; process-push-msg-failed

 

I'm at a loss as to why the VPN connected is not working yet airvpn shows i'm connected (and I verified I have no other devices connected)

Share this post


Link to post

just in case someone can spot a simple mistake i have taken some screen shots and atatched my logs

 

Not some of the options in 2.1 and 2.3 are not there in pfsense 2,4 such as 

Open VPN / Client

Server Host name Resolution = Checked (this is not in the latest version that I can find)

same as disable IPv6 (even though I followed the pfsense v2.3 guide and disabled IPv6 system wide)

 

I have followed both old and new guides (which are slightly different) and I ended up with the same results, internet access on my LAN side, no VPN connection shown in system (no IP and OpenVPN shows not connected) i cannot surf from VPN_LAN port yet airvpn shows a connection.

 

 

 

 

 

 

Share this post


Link to post

sorry for the double post (my posts are delayed as they are being monitored by the MODs for some reason)

 

Here are my logs for Open VPN

 

Last 50 OpenVPN Log Entries. (Maximum 50)

Time Process PID Message Jan 20 15:24:57 openvpn 64218 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: timers and/or timeouts modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: compression parms modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: --ifconfig/up options modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: route-related options modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: peer-id set Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: adjusting link_mtu to 1625 Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: data channel crypto options modified Jan 20 15:24:57 openvpn 64218 Error: pushed cipher not allowed - AES-256-GCM not in AES-256-CBC or AES-128-CBC Jan 20 15:24:57 openvpn 64218 OPTIONS ERROR: failed to import crypto options Jan 20 15:24:57 openvpn 64218 ERROR: Failed to apply push options Jan 20 15:24:57 openvpn 64218 Failed to open tun/tap interface Jan 20 15:24:57 openvpn 64218 SIGUSR1[soft,process-push-msg-failed] received, process restarting Jan 20 15:24:57 openvpn 64218 Restart pause, 5 second(s) Jan 20 15:25:00 openvpn 64218 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 20 15:25:00 openvpn 64218 MANAGEMENT: CMD 'state 1' Jan 20 15:25:00 openvpn 64218 MANAGEMENT: Client disconnected Jan 20 15:25:02 openvpn 64218 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Jan 20 15:25:02 openvpn 64218 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 20 15:25:02 openvpn 64218 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.194:443 Jan 20 15:25:02 openvpn 64218 Socket Buffers: R=[42080->42080] S=[57344->57344] Jan 20 15:25:02 openvpn 64218 UDP link local (bound): [AF_INET][undef]:0 Jan 20 15:25:02 openvpn 64218 UDP link remote: [AF_INET]104.254.90.194:443 Jan 20 15:25:02 openvpn 64218 TLS: Initial packet from [AF_INET]104.254.90.194:443 (via [AF_INET]10.0.0.167%), sid=6eb9476b 9609a49e Jan 20 15:25:02 openvpn 64218 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jan 20 15:25:02 openvpn 64218 VERIFY OK: nsCertType=SERVER Jan 20 15:25:02 openvpn 64218 VERIFY KU OK Jan 20 15:25:02 openvpn 64218 Validating certificate extended key usage Jan 20 15:25:02 openvpn 64218 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jan 20 15:25:02 openvpn 64218 VERIFY EKU OK Jan 20 15:25:02 openvpn 64218 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Jan 20 15:25:03 openvpn 64218 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Jan 20 15:25:03 openvpn 64218 [server] Peer Connection Initiated with [AF_INET]104.254.90.194:443 (via [AF_INET]10.0.0.167%) Jan 20 15:25:04 openvpn 64218 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Jan 20 15:25:04 openvpn 64218 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.29.224.1,route-gateway 10.29.224.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.29.224.25 255.255.255.0,peer-id 5,cipher AES-256-GCM' Jan 20 15:25:04 openvpn 64218 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Jan 20 15:25:04 openvpn 64218 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: timers and/or timeouts modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: compression parms modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: --ifconfig/up options modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: route-related options modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: peer-id set Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: adjusting link_mtu to 1625 Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: data channel crypto options modified Jan 20 15:25:04 openvpn 64218 Error: pushed cipher not allowed - AES-256-GCM not in AES-256-CBC or AES-128-CBC Jan 20 15:25:04 openvpn 64218 OPTIONS ERROR: failed to import crypto options Jan 20 15:25:04 openvpn 64218 ERROR: Failed to apply push options Jan 20 15:25:04 openvpn 64218 Failed to open tun/tap interface Jan 20 15:25:04 openvpn 64218 SIGUSR1[soft,process-push-msg-failed] received, process restarting Jan 20 15:25:04 openvpn 64218 Restart pause, 5 second(s)

Share this post


Link to post

I may be late to the party but here is how I fixed mine. 

 

1. Remove all the Custom options and add the following instead: 

 

auth-nocache;

mlock;

remote-cert-tls server;

explicit-exit-notify 5

 

Hope this helps someone down the road  

Share this post


Link to post

 

sorry for the double post (my posts are delayed as they are being monitored by the MODs for some reason)

 

Here are my logs for Open VPN

...
Jan 20 15:25:04
openvpn
64218
Error: pushed cipher not allowed - AES-256-GCM not in AES-256-CBC or AES-128-CBC
...

 

That's the major issue with the setup. You have to enable AES-256-GCM in the NCP Algorithms list (in the Cryptographic Settings section). Right now, you only have AES-256-CBC and AES-128-CBC enabled, which prevents the server from using its requested algorithm.

Share this post


Link to post

when you export the opvn files.  add the data into the custom options, for example here is mine:

 

resolv-retry infinite;
persist-key;
persist-tun;
remote-cert-tls server;

 

as long as ncp is checked and you have 256 cbc and 256gcm  you should be ok

Share this post


Link to post
On 1/26/2019 at 2:11 PM, Air4141841 said:

when you export the opvn files.  add the data into the custom options, for example here is mine:

 

resolv-retry infinite;
persist-key;
persist-tun;
remote-cert-tls server;

 

as long as ncp is checked and you have 256 cbc and 256gcm  you should be ok

Hi,

It is possible that you like to share your OpenVPN Client settings here?
Screenshots is the best. :)

Thanks in advanced

Share this post


Link to post
44 minutes ago, CiscoX said:
Hi,

It is possible that you like to share your OpenVPN Client settings here?
Screenshots is the best. :)

Thanks in advanced
exact copy and paste of the advanced window for airvpn

resolv-retry infinite;
persist-key;
persist-tun;
remote-cert-tls server;
auth-nocache;
tls-version-min 1.2;
remote 199.249.230.34 443;
remote us3.vpn.airdns.org 443;

Share this post


Link to post
8 hours ago, Air4141841 said:
exact copy and paste of the advanced window for airvpn

resolv-retry infinite;
persist-key;
persist-tun;
remote-cert-tls server;
auth-nocache;
tls-version-min 1.2;
remote 199.249.230.34 443;
remote us3.vpn.airdns.org 443;
Thanks,
I was thinking more like this, i post an screenshot of my settings :)
 

 

Share this post


Link to post

i followed the 2.3 guide initially.

then when tls 1.2 was available i moved it to.   there is a tacket thread about ddwrt and 1.2   you basically follow the same steps.   i tried to upload a photo but its unreadable like yours

Share this post


Link to post
1 hour ago, Air4141841 said:

i followed the 2.3 guide initially.

then when tls 1.2 was available i moved it to.   there is a tacket thread about ddwrt and 1.2   you basically follow the same steps.   i tried to upload a photo but its unreadable like yours

Hi,

I can see now that my picture went very bad here, hmm. It's unreadable like you said.
I have added a link to my image instead :)
https://imgur.com/vUNlR0m

Share this post


Link to post

CiscoX i assume your having the same issue?

auth digest algorithm should be sha512
ipvp4 network should be blank
topology should be subnet
under custom box remove:

client;

then post your openvpn log under status  > system logs > openvpn  if it still doesn't work

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...