Jump to content
Not connected, Your IP:

pfsense / SSL Tunnel specific guide?

Recommended Posts

Hi,  I'm pretty green to pfsense as a whole,  and I know there are a few good guides out there, but I'm wondering if one has been written in particular, to address  setting pfsense up w/AirVPN using  SSL tunneling (also how crypto hardware acceleration work w/regard to that).   I need this to get around my ISP's  traffic shaping,  and undoubtedly need my hand held while sorting it out.

I'm hoping to come back to using AirVPN  if I can get it all working.

Ideally the guide would go through everything step by step,  including any  killswitches or other scripts/steps  that need to be setup to recover from broken connections, or power cycles, etc.  so everything comes back up on its own.

Share this post

Link to post

Yes, I did extensive testing a while back,  although I will probably retest again, but from what I remember everything except SSL tunneling showed evidence of bandwidth shaping.

Usually the best I can hope for is around 200Mbps downstream,  but that's roughly half of the max pipe we pay for (verified on standard connection)

Also can a mod please just set me to not need approval, I've got 7 rep and 35 posts on an established account it's pretty clear I'm not a spammer.

Share this post

Link to post

Well, I'd try UDP entry IP 3 or 4 first.  If that doesn't work like it should then try TCP entry IP 3 or 4.  If that doesn't then resort to stunnel.  I'll be glad to try to help should it come to that.  But it's a last resort because it's just not going to have much speed either.  I'm really surprised you saw more than 200mbps with the SSL tunnel.  What OS was doing the testing back then?

Share this post

Link to post

When I did my testing I was using Windows 10 on an i7 6800K with the eddie client.   I have an ASUS  AC86U which I bought since it could easily do  200Mbps with OpenVPN  and by and large I was quite happy with that.   But my current VPN provider lost the server closest to me with the best performance and I was getting frustrated not being able to break 150Mb/s  on a good day, for whatever reason (as well as other sporadic performance issues).    So at that point I grabbed their client software, and then also a 3 day trial on Air and the Eddie client, to go through a lot of tests.     I did  TLS / non-TLS tests on both services,  UDP/TCP on various ports and entry IPs but nothing really seemed consistent.    But I have a distinct memory of seeing over 300Mbps using SSL tunnel   (oddly don't think I saw that with SSH).

At that point I decided to repurpose old hardware and build a Pfsense box.   I picked up two  dual port gigabit Intel NICs  and threw them into an FX8320 I have owned for years and not done much with.
At first I was seeing similar performance,  but there have recently been a few ISP outages,  and also i enabled both the BSD drivers and AES-NI  on pfsense  (I had only enabled AES-NI at first),  so I'm not sure if any of that helped change,  but  doing some more testing in the past 24 hours w/my current VPN provider  I'm now seeing 400Mbit+ speeds  - honestly confused as to what caused this change.  It's standard UDP  port 1301.      Granted performance does go up and down depending on line conditions, but this is from a server all the way in Texas which is at the other end of the country for me.

This request may be moot anyway.   I thought I had figured out a way to continuously purchase AirVPN anonymously that didn't involve acquiring bitcoins,  but now it seems that method is being blocked from working inexplicably  (the same prepaid VISA card I used to grab a 3 day trial  18 days ago,  has enough funds for another, but won't run.  A different card probably from the same production lot also refuses to run, so I wonder if they notice "that shouldn't happen" and then clamp down on future purchases).

If I do manage to get some services purchased at some point I may still ask for your guidance,  purely for the educational experience  tbh.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...