Jump to content
Not connected, Your IP: 3.137.219.68
Sign in to follow this  
salacronix

When you don't read instructions...

Recommended Posts

This does not actually work as shown.
TLS key usage mode only works with TLS Authentication.
Auth digest algorithm only works with SHA1 (160 bit).
This is with PFsense 2.50 release.

Share this post


Link to post
@salacronix

Hello!

TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection).

Kind regards
 

Share this post


Link to post
5 hours ago, Staff said:
@salacronix

Hello!

TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection).

Kind regards
 
I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.
 

Share this post


Link to post
5 minutes ago, salacronix said:
I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.
 


The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

Share this post


Link to post
1 hour ago, go558a83nk said:


The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

Share this post


Link to post
5 minutes ago, salacronix said:

Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

No, the problem is with you unable to follow directions.

In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode.  Have you turned on advanced mode in the config generator?

Share this post


Link to post
25 minutes ago, go558a83nk said:

No, the problem is with you unable to follow directions.
Oh I am completely turned on now. Please continue. Your such a big strong boy. Are you wearing leather?

Share this post


Link to post
12 minutes ago, salacronix said:

Are you wearing leather?


Enchanted netherite armor, straight outta hell. Cut the salt, please.
You too, Mr. go558a83nk.
 
47 minutes ago, salacronix said:

Will that return the wrong list of servers? 


Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
6 minutes ago, OpenSourcerer said:

Enchanted netherite armor, straight outta hell. Cut the salt, please.
You too, Mr. go558a83nk.

Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.
Pfsense still doesn't like it. Thanks for the help, I will just fall back to the Eddie setup for now. 😊

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...