scrambles27 0 Posted ... (edited) I've searched to death on this and am at my wit's end. I cannot get an OpenVPN connection established for AirVPN on my pfsense router (running 2.4.5). I've copied and re-copied the CA and cert several times as well as regenerated the OpenVPN client entry several times. I currently have a working NordVPN client (disabled for testing purposes here) and previously used ExpressVPN and had zero setup issues with either. I have no idea what's different about AirVPN and I'm not experienced enough to interpret the log. I followed this guide. Screenshots are attached. Help?? Edited ... by scrambles27 trying to make images legible Quote Share this post Link to post
Air4141841 25 Posted ... I believe your TLS authentication is set wrong (correct if using entry IP 3) and your send and receive buffer seems unrealistic Quote Share this post Link to post
scrambles27 0 Posted ... 4 hours ago, Air4141841 said: I believe your TLS authentication is set wrong (correct if using entry IP 3) and your send and receive buffer seems unrealistic Thanks for taking a look. No change when the buffer is reduced to 512 or 256. The TLS key is copied straight from the .opvn for this server - what else could be incorrect? Quote Share this post Link to post
Air4141841 25 Posted ... which entry point are you using? I believe you need to change TLS authentication mode to just TLS authentication Quote Share this post Link to post
scrambles27 0 Posted ... 3 hours ago, Air4141841 said: which entry point are you using? I believe you need to change TLS authentication mode to just TLS authentication Using the US server (us.vpn.airdns.org). I tried setting it to just authentication, no effect. Quote Share this post Link to post
Air4141841 25 Posted ... ok then your auth dig algorithm needs to be 160 most likely Quote Share this post Link to post
scrambles27 0 Posted ... 6 hours ago, Air4141841 said: ok then your auth dig algorithm needs to be 160 most likely Holy crap, thank you! The combo of TLS auth-only and SHA1-160 has established a connection. It's weird because this seems to jive with the old guide, but not the new guide that it links to at the top (that I linked to in my OP). I have two follow-up questions I guess then: how is an end user supposed to know what settings to use beyond trial and error, and is it actually secure to be using a 160 bit auth algorithm given that pfsense warns about it? Quote Share this post Link to post
Air4141841 25 Posted ... it took me quite a while to get a configuration I was happy with with Pfense, now it just runs and never stops. to get the below under configuration you must choose advanced and router OpenVPN UDP 443 3 Recommended for best performance tls-crypt, tls1.2 is what I am using and yes it uses SHA 512, and TLS encryption and authentication. Quote Share this post Link to post
scrambles27 0 Posted ... 8 hours ago, Air4141841 said: it took me quite a while to get a configuration I was happy with with Pfense, now it just runs and never stops. to get the below under configuration you must choose advanced and router OpenVPN UDP 443 3 Recommended for best performance tls-crypt, tls1.2 is what I am using and yes it uses SHA 512, and TLS encryption and authentication. Oh wow yeah, pulled that config file and it includes 'auth SHA512' explicitly, I'll try it later on today. This feels a little like figuring out which bush to burn in the NES legend of zelda but I'll also readily admit that my interest in tinkering far outstrips my knowledge. Thank you so much for the help, and I hope this thread can maybe help someone else in the same boat in the future. Quote Share this post Link to post
hydrotux 3 Posted ... Just wanted to let you guys know that this post saved me hours of work trying to work out why I couldn't connect. scrambles27, I had the exact same issue. I'm goin gto let nguvu know that he needs to make his guide clearer ;-) as I was making the same mistakes and have the same limitations as you. Quote Share this post Link to post