chuckhammerberry 2 Posted ... I just installed Pfsense (i'm new to it) and tried to follow the guide on here but thats for versions 2.3 and some olf the guides options are not in pfsense ver 2.4. Once i completyed i had no access to internet and AirVPN_WAN showed no IP (yet Airvpn.org site showed i had 1 connectiopn to VPN which had to be my pfsense box) I've wiped the settings and tried twice but still same issue, any updated guide? Quote Share this post Link to post
LZ1 673 Posted ... Hello! Perhaps this thread can be slightly helpful. Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
chuckhammerberry 2 Posted ... thanks, I've been looking over that thread, the original 2.3 and 2.1 setups and followed them all. I'm currently at a state where my internet works, but VPN does notI have 3 NIC cards (1 for WAN, 1 for LAN and 1 for VPN LAN) When i check airvpn.org it shows i have a conencted, yet the pfsense dashboard shows the VPN as down no IP and Open VPN client says reconnecting; process-push-msg-failed I'm at a loss as to why the VPN connected is not working yet airvpn shows i'm connected (and I verified I have no other devices connected) Quote Share this post Link to post
chuckhammerberry 2 Posted ... just in case someone can spot a simple mistake i have taken some screen shots and atatched my logs Not some of the options in 2.1 and 2.3 are not there in pfsense 2,4 such as Open VPN / ClientServer Host name Resolution = Checked (this is not in the latest version that I can find)same as disable IPv6 (even though I followed the pfsense v2.3 guide and disabled IPv6 system wide) I have followed both old and new guides (which are slightly different) and I ended up with the same results, internet access on my LAN side, no VPN connection shown in system (no IP and OpenVPN shows not connected) i cannot surf from VPN_LAN port yet airvpn shows a connection. Quote Share this post Link to post
chuckhammerberry 2 Posted ... sorry for the double post (my posts are delayed as they are being monitored by the MODs for some reason) Here are my logs for Open VPN Last 50 OpenVPN Log Entries. (Maximum 50) Time Process PID Message Jan 20 15:24:57 openvpn 64218 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: timers and/or timeouts modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: compression parms modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: --ifconfig/up options modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: route-related options modified Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: peer-id set Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: adjusting link_mtu to 1625 Jan 20 15:24:57 openvpn 64218 OPTIONS IMPORT: data channel crypto options modified Jan 20 15:24:57 openvpn 64218 Error: pushed cipher not allowed - AES-256-GCM not in AES-256-CBC or AES-128-CBC Jan 20 15:24:57 openvpn 64218 OPTIONS ERROR: failed to import crypto options Jan 20 15:24:57 openvpn 64218 ERROR: Failed to apply push options Jan 20 15:24:57 openvpn 64218 Failed to open tun/tap interface Jan 20 15:24:57 openvpn 64218 SIGUSR1[soft,process-push-msg-failed] received, process restarting Jan 20 15:24:57 openvpn 64218 Restart pause, 5 second(s) Jan 20 15:25:00 openvpn 64218 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 20 15:25:00 openvpn 64218 MANAGEMENT: CMD 'state 1' Jan 20 15:25:00 openvpn 64218 MANAGEMENT: Client disconnected Jan 20 15:25:02 openvpn 64218 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Jan 20 15:25:02 openvpn 64218 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 20 15:25:02 openvpn 64218 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.194:443 Jan 20 15:25:02 openvpn 64218 Socket Buffers: R=[42080->42080] S=[57344->57344] Jan 20 15:25:02 openvpn 64218 UDP link local (bound): [AF_INET][undef]:0 Jan 20 15:25:02 openvpn 64218 UDP link remote: [AF_INET]104.254.90.194:443 Jan 20 15:25:02 openvpn 64218 TLS: Initial packet from [AF_INET]104.254.90.194:443 (via [AF_INET]10.0.0.167%), sid=6eb9476b 9609a49e Jan 20 15:25:02 openvpn 64218 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jan 20 15:25:02 openvpn 64218 VERIFY OK: nsCertType=SERVER Jan 20 15:25:02 openvpn 64218 VERIFY KU OK Jan 20 15:25:02 openvpn 64218 Validating certificate extended key usage Jan 20 15:25:02 openvpn 64218 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jan 20 15:25:02 openvpn 64218 VERIFY EKU OK Jan 20 15:25:02 openvpn 64218 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Jan 20 15:25:03 openvpn 64218 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Jan 20 15:25:03 openvpn 64218 [server] Peer Connection Initiated with [AF_INET]104.254.90.194:443 (via [AF_INET]10.0.0.167%) Jan 20 15:25:04 openvpn 64218 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Jan 20 15:25:04 openvpn 64218 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.29.224.1,route-gateway 10.29.224.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.29.224.25 255.255.255.0,peer-id 5,cipher AES-256-GCM' Jan 20 15:25:04 openvpn 64218 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Jan 20 15:25:04 openvpn 64218 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: timers and/or timeouts modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: compression parms modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: --ifconfig/up options modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: route-related options modified Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: peer-id set Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: adjusting link_mtu to 1625 Jan 20 15:25:04 openvpn 64218 OPTIONS IMPORT: data channel crypto options modified Jan 20 15:25:04 openvpn 64218 Error: pushed cipher not allowed - AES-256-GCM not in AES-256-CBC or AES-128-CBC Jan 20 15:25:04 openvpn 64218 OPTIONS ERROR: failed to import crypto options Jan 20 15:25:04 openvpn 64218 ERROR: Failed to apply push options Jan 20 15:25:04 openvpn 64218 Failed to open tun/tap interface Jan 20 15:25:04 openvpn 64218 SIGUSR1[soft,process-push-msg-failed] received, process restarting Jan 20 15:25:04 openvpn 64218 Restart pause, 5 second(s) Quote Share this post Link to post
verinsoft 0 Posted ... I may be late to the party but here is how I fixed mine. 1. Remove all the Custom options and add the following instead: auth-nocache;mlock;remote-cert-tls server;explicit-exit-notify 5 Hope this helps someone down the road Quote Share this post Link to post
spe 4 Posted ... sorry for the double post (my posts are delayed as they are being monitored by the MODs for some reason) Here are my logs for Open VPN ... Jan 20 15:25:04 openvpn 64218 Error: pushed cipher not allowed - AES-256-GCM not in AES-256-CBC or AES-128-CBC ... That's the major issue with the setup. You have to enable AES-256-GCM in the NCP Algorithms list (in the Cryptographic Settings section). Right now, you only have AES-256-CBC and AES-128-CBC enabled, which prevents the server from using its requested algorithm. Quote Share this post Link to post
Air4141841 25 Posted ... when you export the opvn files. add the data into the custom options, for example here is mine: resolv-retry infinite;persist-key;persist-tun;remote-cert-tls server; as long as ncp is checked and you have 256 cbc and 256gcm you should be ok Quote Share this post Link to post
AirCore 0 Posted ... On 1/26/2019 at 2:11 PM, Air4141841 said: when you export the opvn files. add the data into the custom options, for example here is mine: resolv-retry infinite; persist-key; persist-tun; remote-cert-tls server; as long as ncp is checked and you have 256 cbc and 256gcm you should be ok Hi, It is possible that you like to share your OpenVPN Client settings here? Screenshots is the best. Thanks in advanced Quote Share this post Link to post
Air4141841 25 Posted ... 44 minutes ago, CiscoX said: Hi, It is possible that you like to share your OpenVPN Client settings here? Screenshots is the best. Thanks in advanced exact copy and paste of the advanced window for airvpn resolv-retry infinite; persist-key; persist-tun; remote-cert-tls server; auth-nocache; tls-version-min 1.2; remote 199.249.230.34 443; remote us3.vpn.airdns.org 443; Quote Share this post Link to post
AirCore 0 Posted ... 8 hours ago, Air4141841 said: exact copy and paste of the advanced window for airvpn resolv-retry infinite; persist-key; persist-tun; remote-cert-tls server; auth-nocache; tls-version-min 1.2; remote 199.249.230.34 443; remote us3.vpn.airdns.org 443; Thanks, I was thinking more like this, i post an screenshot of my settings Quote Share this post Link to post
Air4141841 25 Posted ... i followed the 2.3 guide initially. then when tls 1.2 was available i moved it to. there is a tacket thread about ddwrt and 1.2 you basically follow the same steps. i tried to upload a photo but its unreadable like yours Quote Share this post Link to post
AirCore 0 Posted ... 1 hour ago, Air4141841 said: i followed the 2.3 guide initially. then when tls 1.2 was available i moved it to. there is a tacket thread about ddwrt and 1.2 you basically follow the same steps. i tried to upload a photo but its unreadable like yours Hi, I can see now that my picture went very bad here, hmm. It's unreadable like you said. I have added a link to my image instead https://imgur.com/vUNlR0m Quote Share this post Link to post
Air4141841 25 Posted ... CiscoX i assume your having the same issue? auth digest algorithm should be sha512 ipvp4 network should be blank topology should be subnet under custom box remove: client; then post your openvpn log under status > system logs > openvpn if it still doesn't work 1 AirCore reacted to this Quote Share this post Link to post