Jump to content
Not connected, Your IP: 3.236.218.88
Sign in to follow this  
salacronix

When you don't read instructions...

Recommended Posts

This does not actually work as shown.
TLS key usage mode only works with TLS Authentication.
Auth digest algorithm only works with SHA1 (160 bit).
This is with PFsense 2.50 release.

Share this post


Link to post
@salacronix

Hello!

TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection).

Kind regards
 

Share this post


Link to post
5 hours ago, Staff said:
@salacronix

Hello!

TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection).

Kind regards
 
I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.
 

Share this post


Link to post
5 minutes ago, salacronix said:
I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.
 


The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

Share this post


Link to post
1 hour ago, go558a83nk said:


The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

Share this post


Link to post
5 minutes ago, salacronix said:

Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

No, the problem is with you unable to follow directions.

In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode.  Have you turned on advanced mode in the config generator?

Share this post


Link to post
25 minutes ago, go558a83nk said:

No, the problem is with you unable to follow directions.
Oh I am completely turned on now. Please continue. Your such a big strong boy. Are you wearing leather?

Share this post


Link to post
12 minutes ago, salacronix said:

Are you wearing leather?


Enchanted netherite armor, straight outta hell. Cut the salt, please.
You too, Mr. go558a83nk.
 
47 minutes ago, salacronix said:

Will that return the wrong list of servers? 


Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
6 minutes ago, OpenSourcerer said:

Enchanted netherite armor, straight outta hell. Cut the salt, please.
You too, Mr. go558a83nk.
 
Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.
Pfsense still doesn't like it. Thanks for the help, I will just fall back to the Eddie setup for now. 😊

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...