Jump to content
Not connected, Your IP: 52.15.238.221
Sign in to follow this  
Taser

Are these the wrong settings?

Recommended Posts

Hello all,

I'm new to VPN's, and am trying to set up AirVPN on my router (using PFSense) so all traffic will be routed through the VPN.

Under the router's VPN client settings I have the following:

Server Mode: Peer to peer (SSL/TLS)

Protocol: UDP

Device Mode: tun

Interface: WAN

Local Port: 50012

Server Host: (from the ovpn file)

Server Port: (form the ovpn file)

Proxy: blank (and auth method set to none)

Infinitely Resolve Server: Checked

Enable authentication of TLS packets: Unchecked

(CA and Cert's copy/pasted from the appropriate files in the zip)

Encryption Algorithm: AES-256-CBC (as per the ovpn file)

(Tunnel Settings left blank)

Compress tunnel packets using the LZO algorithm: Checked (as per the ovpn file)

Set the Type-of-service IP header value of tunnel packets to match the encapsulated packet value: Unchecked

Advanced Config: verb 5;explicit-exit-notify 5;

When the VPN is enabled, I appear to be able to do traceroutes from the router, but any device connected to the LAN can't get out.

Is it safe to assume I have something set wrong on the router itself?

Thanks in advance for your help!

Share this post


Link to post

Hello!

It seems that you're trying to run your router as an OpenVPN server. Is it possible to set it in client mode? Also, you need to change the auth mode to server/client certificates and client key. In the archive prepared by the configuration generator you find them with the names ca.crt, user.crt and user.key. While from your message certificates appear to have been pasted, your key does not. You should find a field to insert also your key (user.key).

Kind regards

Share this post


Link to post

Thanks for the quick reply!

I am indeed setting it up as a OpenVPN client, not server. On the router's certificate manager I have the CA and Certificate set up (when setting up the cert, it asks for both the CRT and KEY info).

As for the server mode, the options are "Peer to peer (SSL/TLS)" and "Peer to Peer (Shared Key).

I can turn on "enable authentication of TLS packets", and the option to input a TLS authent key opens up. I used user.key when importing the certificate earlier (when it asks for cert data and private key data I used user.crt and user.key, respectively).

Does this help any?

Share this post


Link to post

Thanks for the quick reply!

I am indeed setting it up as a OpenVPN client, not server. On the router's certificate manager I have the CA and Certificate set up (when setting up the cert, it asks for both the CRT and KEY info).

As for the server mode, the options are "Peer to peer (SSL/TLS)" and "Peer to Peer (Shared Key).

I can turn on "enable authentication of TLS packets", and the option to input a TLS authent key opens up. I used user.key when importing the certificate earlier (when it asks for cert data and private key data I used user.crt and user.key, respectively).

Does this help any?

Hello!

About TLS auth: leave it inactive.

You imported both the server certificate (ca.crt) and the client certificate (user.crt), right?

Do you have the (attempted) connections logs?

Kind regards

Share this post


Link to post

Man, I'm embarrassed to say that it was indeed my router's settings. It turns out I had to set up new firewall rules and manual NAT.

Thanks again for all your help, though!

For anyone that wants to use pfsense and this service, you need to set up the OpenVPN, create a new Interface, set up firewall rules, and set NAT to Manual! See this article (and the comments below the main post) for more info:http://forum.hidemyass.com/index.php/topic/6256-pfsense-openvpn-connection-issues/#entry15634

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...