Taser 0 Posted ... Hello all, I'm new to VPN's, and am trying to set up AirVPN on my router (using PFSense) so all traffic will be routed through the VPN. Under the router's VPN client settings I have the following: Server Mode: Peer to peer (SSL/TLS) Protocol: UDP Device Mode: tun Interface: WAN Local Port: 50012 Server Host: (from the ovpn file) Server Port: (form the ovpn file) Proxy: blank (and auth method set to none) Infinitely Resolve Server: Checked Enable authentication of TLS packets: Unchecked (CA and Cert's copy/pasted from the appropriate files in the zip) Encryption Algorithm: AES-256-CBC (as per the ovpn file) (Tunnel Settings left blank) Compress tunnel packets using the LZO algorithm: Checked (as per the ovpn file) Set the Type-of-service IP header value of tunnel packets to match the encapsulated packet value: Unchecked Advanced Config: verb 5;explicit-exit-notify 5; When the VPN is enabled, I appear to be able to do traceroutes from the router, but any device connected to the LAN can't get out. Is it safe to assume I have something set wrong on the router itself? Thanks in advance for your help! Quote Share this post Link to post
Staff 9973 Posted ... Hello! It seems that you're trying to run your router as an OpenVPN server. Is it possible to set it in client mode? Also, you need to change the auth mode to server/client certificates and client key. In the archive prepared by the configuration generator you find them with the names ca.crt, user.crt and user.key. While from your message certificates appear to have been pasted, your key does not. You should find a field to insert also your key (user.key). Kind regards Quote Share this post Link to post
Taser 0 Posted ... Thanks for the quick reply! I am indeed setting it up as a OpenVPN client, not server. On the router's certificate manager I have the CA and Certificate set up (when setting up the cert, it asks for both the CRT and KEY info). As for the server mode, the options are "Peer to peer (SSL/TLS)" and "Peer to Peer (Shared Key). I can turn on "enable authentication of TLS packets", and the option to input a TLS authent key opens up. I used user.key when importing the certificate earlier (when it asks for cert data and private key data I used user.crt and user.key, respectively). Does this help any? Quote Share this post Link to post
Staff 9973 Posted ... Thanks for the quick reply!I am indeed setting it up as a OpenVPN client, not server. On the router's certificate manager I have the CA and Certificate set up (when setting up the cert, it asks for both the CRT and KEY info). As for the server mode, the options are "Peer to peer (SSL/TLS)" and "Peer to Peer (Shared Key).I can turn on "enable authentication of TLS packets", and the option to input a TLS authent key opens up. I used user.key when importing the certificate earlier (when it asks for cert data and private key data I used user.crt and user.key, respectively).Does this help any?Hello!About TLS auth: leave it inactive.You imported both the server certificate (ca.crt) and the client certificate (user.crt), right?Do you have the (attempted) connections logs?Kind regards Quote Share this post Link to post
Taser 0 Posted ... Man, I'm embarrassed to say that it was indeed my router's settings. It turns out I had to set up new firewall rules and manual NAT. Thanks again for all your help, though! For anyone that wants to use pfsense and this service, you need to set up the OpenVPN, create a new Interface, set up firewall rules, and set NAT to Manual! See this article (and the comments below the main post) for more info:http://forum.hidemyass.com/index.php/topic/6256-pfsense-openvpn-connection-issues/#entry15634 Quote Share this post Link to post
Taser 0 Posted ... Ok, the problem was in the router setup the whole time! Long story short, pfsense may not be the wisest choice for someone new to OpenVPN . I found the solution (turn off automatic NAT rule generation) down on the bottom of this thread: http://forum.hidemyass.com/index.php/topic/6256-pfsense-openvpn-connection-issues/#entry15634 Thanks again for your help, Admin! Quote Share this post Link to post