Jump to content
Not connected, Your IP: 44.221.43.88
scrambles27

pfSense OpenVPN not connecting

Recommended Posts

Posted ... (edited)

I've searched to death on this and am at my wit's end. I cannot get an OpenVPN connection established for AirVPN on my pfsense router (running 2.4.5). I've copied and re-copied the CA and cert several times as well as regenerated the OpenVPN client entry several times. I currently have a working NordVPN client (disabled for testing purposes here) and previously used ExpressVPN and had zero setup issues with either. I have no idea what's different about AirVPN and I'm not experienced enough to interpret the log. I followed this guide.

Screenshots are attached. Help??

CA.PNG

Cert.PNG
1.thumb.PNG.a65c177a23dab410f24b508a1a1d2ca7.PNG2.thumb.PNG.080a0f7cbae6c606cae106ddd80e46c5.PNG3.thumb.png.e18c16571e10194a456c024b9b2da95b.png4.thumb.PNG.28a946ea622a5b61b44b5ba3a9625271.PNG5.thumb.PNG.e85ee2fcc3173ea7418f850fc41b21d0.PNG

 

interface.png
NAT.thumb.PNG.c6f635daf7ed2701736b647bbdd7d3dc.PNG
log.thumb.PNG.dc33a1104cd6047692c8b54c2320c264.PNG

Edited ... by scrambles27
trying to make images legible

Share this post


Link to post

I believe your TLS authentication is set wrong  (correct if using entry IP 3)

and your send and receive buffer seems unrealistic 

Share this post


Link to post
4 hours ago, Air4141841 said:

I believe your TLS authentication is set wrong  (correct if using entry IP 3)

and your send and receive buffer seems unrealistic 


Thanks for taking a look. No change when the buffer is reduced to 512 or 256. The TLS key is copied straight from the .opvn for this server - what else could be incorrect?
1760210681_tlskey.png.28332a6d4b084e95c8db79a9ffd27f42.png

Share this post


Link to post

which entry point are you using? 

I believe you need to change TLS authentication mode to just  TLS authentication 
 

Share this post


Link to post
3 hours ago, Air4141841 said:

which entry point are you using? 

I believe you need to change TLS authentication mode to just  TLS authentication 
 

Using the US server (us.vpn.airdns.org). I tried setting it to just authentication, no effect.

Share this post


Link to post
6 hours ago, Air4141841 said:

ok then your auth dig algorithm needs to be 160 most likely 
 


Holy crap, thank you! The combo of TLS auth-only and SHA1-160 has established a connection. It's weird because this seems to jive with the old guide, but not the new guide that it links to at the top (that I linked to in my OP). I have two follow-up questions I guess then: how is an end user supposed to know what settings to use beyond trial and error, and is it actually secure to be using a 160 bit auth algorithm given that pfsense warns about it?

514400106_tlsauth.thumb.png.fa22724715675d432c32266ca571e602.png

Share this post


Link to post

it took me quite a while to get a configuration I was happy with with Pfense, now it just runs and never stops.   to get the below under configuration you must choose advanced and router 

 

OpenVPN UDP 443 3 Recommended for best performance tls-crypt, tls1.2
 


is what I am using and yes it uses SHA 512, and TLS encryption and authentication.

 

Share this post


Link to post
8 hours ago, Air4141841 said:

it took me quite a while to get a configuration I was happy with with Pfense, now it just runs and never stops.   to get the below under configuration you must choose advanced and router 

 

OpenVPN UDP 443 3 Recommended for best performance tls-crypt, tls1.2
 


is what I am using and yes it uses SHA 512, and TLS encryption and authentication.

 

Oh wow yeah, pulled that config file and it includes 'auth SHA512' explicitly, I'll try it later on today. This feels a little like figuring out which bush to burn in the NES legend of zelda but I'll also readily admit that my interest in tinkering far outstrips my knowledge. Thank you so much for the help, and I hope this thread can maybe help someone else in the same boat in the future.

Share this post


Link to post

Just wanted to let you guys know that this post saved me hours of work trying to work out why I couldn't connect. scrambles27, I had the exact same issue. I'm goin gto let nguvu know that he needs to make his guide clearer ;-) as I was making the same mistakes and have the same limitations as you.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...