Jump to content
Not connected, Your IP: 3.219.31.204
danioj

pfsense connection problem I can't resolve

Recommended Posts

Hello All,

I was hoping someone could help me setup my connection.  I have recently moved from an ASUS router to pfsense but am unable to get the client to connect.

I am trying to connect to the same server I have been using for a long time now in Singapore. Being based on Australia, it is the closest one:

AirVPN_SG-Singapore_Triangulum_UDP-443

I have setup my Certificates fine.  I have created a client and input my settings BUT I can't take another step as the client just doesn't connect or grab an IP. The log's aren't helpful (to me - but this might be my uneducated view) either.

For want of clarity, my complete advanced settings (as you can't see it from the screen shots) are:

resolv-retry infinite
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
remote-cert-tls server
comp-lzo no
proto udp
key-direction 1

I am sure I am doing something wrong and it is obvious but this has been an all day activity now and I need to throw the hand up for some help. Please.

Screenshots of my settings, status's and logs are attached to hopefully allow some eagle eye expert to be able to spot what the issue might be.

Thanks for your time in advance.

D
 

settings crypto.png

settings advanced.png

settings tunnel.png

settings general.png

 

openvpn main page.png

opevpn client stats.png

log.png

Share this post


Link to post
2 hours ago, Wolke68 said:

Take a Look at this 

https://nguvu.org/pfsense/pfsense-baseline-setup/#create vpn

this config is a bit different from yours 


Thanks, I was only off on a couple of settings. I have now mirrored that config exactly and no joy. It now times out.

I am at a complete loss.

Now my log looks like this:
 
Aug 11 19:12:04 openvpn 79705 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
Aug 11 19:12:04 openvpn 79705 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
Aug 11 19:12:04 openvpn 79810 mlockall call succeeded
Aug 11 19:12:04 openvpn 79810 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 11 19:12:04 openvpn 79810 Initializing OpenSSL support for engine 'rdrand'
Aug 11 19:12:04 openvpn 79810 TCP/UDP: Preserving recently used remote address: [AF_INET]185.200.116.130:443
Aug 11 19:12:04 openvpn 79810 UDPv4 link local (bound): [AF_INET]<IP ADDRESS>:0
Aug 11 19:12:04 openvpn 79810 UDPv4 link remote: [AF_INET]185.200.116.130:443
Aug 11 19:12:34 openvpn 79810 [UNDEF] Inactivity timeout (--ping-restart), restarting
Aug 11 19:12:34 openvpn 79810 SIGUSR1[soft,ping-restart] received, process restarting

Share this post


Link to post

You're using the wrong entry IP.  You're setting up to use tls-crypt so you need to use entry IP 3 or 4 and make sure you have a tls-crypt config for the proper tls key.  For Triangulum that's 185.200.116.133  and 185.200.116.134. 

I'd also leave key direction at default, use AES-256-GCM, set comp-lzo yes though compression will be turned off via the push from the server, turn on UDP fast I/O, turn on explicit exit notify, and increase the send and receive buffers from default.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...