Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


pfSense_fan last won the day on December 15 2017

pfSense_fan had the most liked content!

About pfSense_fan

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Go to the package manager and install "Service_Watchdog" package. It monitors for stopped services and restarts them. Once installed, configure it and make sure openvpn is monitored.
  2. Then you did not follow and read the links to more info I left on the step in the guide that deals with this. There is every reason in the world to limit them in that port range. From Wikipedia: Those ports should never be in use without explicit permission. Not allowing ones that are not in use stops any malicious activity on those ports without intervention. As far as the outgoing NAT excluding them? Those are service (server) ports and traffic should never originate from those ports, hence not allowing outgoing NAT from that port range should have ZERO effect on users.
  3. You make an outbound NAT rule for the range of local ip addresses you want to exit the clear internet, and another for the local IP addresses you want to exit the vpn. Once thatis done, you make outbound firewall rules for those local IP address ranges, and specifying which gateway those ranges will exit. It's only a slight adjustment to what the guide teaches. It is called policy routing, and the guide explains how it is accomplish by setting the VPN WAN for the outbound firwall rules. https://doc.pfsense.org/index.php/What_is_policy_routing
  4. What are your goals for using squid? I can give you an answer if I know what you are trying to accomplish.
  5. You need to understand that with each incremental update, the pfSense team makes minor GUI updates. They frequently change the way "buttons" look and the wording on them. I worked on this guide over the course of 6 or more months, some minor changes in the GUI show because of it.
  6. The tick box for the negate rules should not be skipped. It literally makes your ip leak if a vpn goes down by redirecting rules/gateways We want it to only use our manually created rules, causing the connection to drop if the vpn goes down. I wish more people would ask questions and discuss this in the main post. The whole community would benefit from the open discussion. I didn’t start this thread, just answered it to the best of my limited ability, I agree this should be in the main thread. I did say I don’t endorse skipping rules, you put a lot of effort into your guide and I like many people are very grateful, without it I doubt I would be online now. I note your point about negate rules but I have a wan_egress floating rule, its a remnant from using another vpn service where the guides where far less informative and being a bit green behind the ears I thought it was a good way to kill traffic if the vpn goes down, that’s just me and I made no mention of it here in case it was bad practice. The idea behind my replying to this post was to not only answer my own post but to reply to someone else who had trouble setting up pfsense, my thinking is during initial setup it may help to get the vpn up and then once proven, move right on to the rules and tweaks, I should have made that more clear. -- Quite the opposite, an egress rule is a great practice. I never got around to playing around with it. If you care to share what you did in a PM, perhaps I can add it to the guide. No offense was taken and I never said i was accusing you of such comments... i just "think out loud". Also, the nguvu guide and mine are a collective effort, so yes it is good info too. My personal setup is similar to that guide.
  7. The tick box for the negate rules should not be skipped. It literally makes your ip leak if a vpn goes down by redirecting rules/gateways We want it to only use our manually created rules, causing the connection to drop if the vpn goes down. I wish more people would ask questions and discuss this in the main post. The whole community would benefit from the open discussion.
  8. I had the issue with squid, it would always leak no matter what i tried on the same instance, i got around the problem by installing win server 2012 on the machine, then creating 2 X Hyper-V machines one for the VPN using this tutorial and the 2nd handles the DHCP and squid, the author himself said on the old thread of this tutorial that getting both VPN and squid to work together does not work. Thanks for your reply Mufasa, I adopted a similar solution (I used a linux virtual machine with squid proxy) but it seems very strange not being able to run squid proxy on pfsense/opnsense on the same machine: I tried with some firewall rules (both on LAN side and floating rule side) without success. I will try again (I do not give up). It will not work and cannot work unless you manual program static routes. The proxy is coded to exit the WAN/default gateway and there is no setting to policy route it to the VPN. Setting this up is something that is well outside the scope of what this tutorial is intended for, and something that quite literally probably no one at this forum can assist with. If you truly want squid to work, ask questions over at the pfSense forums. This guide is meant to be entry level for beginners. Setting up Squid is very involved. Even if you get it to "work", it may leak. I personally gave up on it. If you were to ask me, I would tell you to look into pfblockerNG instead. I have it running and blocking roughly 600,000 known ad servers, malware servers and other junk on both a DNS and IP level. The lists auto update and reload on a schedule. But then again, I don't know what your use case is. For what it's worth, pfblockerNG is easier to use, set up and more reliable in my experience. EDIT: Then I noticed you are on opnsense. Consider moving back over to pfSense for pfblockerNG... it really is the game changer.
  9. Did you also create an outbound NAT rule for the subnet of your DMZ?
  10. Have you cleared your browser cache? Have you ensured webrtc is disabled in your browser?
  11. You actually can get it working in far fewer steps than are in my guide, but you are not 100% protected from leaks. My guide goes the extra mile to knock out a number of other basic privacy and security precautions. pfSense also can get much higher speeds through the VPN since almost any pc equipment will be much more powerfull than a consumer router.
  12. Not sure if I am following you, but you can use a public dns through the vpn. Just change the on the general page to whatever you choose, just have it use the AirrVPN_WAN as the outgoing interface. If you really want to get into it, set up a second openvpn client/interface and have that client connect to the AirVPN server closest to you, and use that for DNS only.
  13. I've never had it until yesterday when I was having connection issues. I could only get 2Mbps and was disconnecting frequently, so i checked my logs. Tried a number of servers, all the same. I did a web search and one of the top hits was this post. Seems odd though that a few of us had the same "issue" in such a small window. It went back to normal late at night, but right now its back at 2Mbps. I'm going to try some things to see if I am throttled.
  14. If you used my guide, this is a caveat of that, you must use direct IP for clients. You are better off that way anyway as you are leaving a trail with a third party that your are connecting to a VPN service. That being said, I did make a provision in the client settings that will automatically connect to another server if the one you are using goes down. ### Use Multple "remote" entries with the according entry IP address of your favorite servers ###; ### other than the server entered in the "Server Host or Address" entry above and pfSense ###; ### will automatically recconnect in a round robin fashion if the server you are connected to ###; ### goes down or is having quality issues. Edit and uncomment the fake lines below or add your own. ###; remote XX.XX.XX.XX 443 ###AirVPN_US-Atlanta-Georgia_Kaus_UDP-443###; remote XXX.XX.XX.XXX 2018 ###AirVPN_US-Miami_Acamar_UDP-2018###; remote XXX.XX.XX.XXX 2018 ###AirVPN_US-Miami_Yildun_UDP-2018###; remote XX.XX.XX.XX 53 ###AirVPN_US-Miami_Cursa_UDP-53###; remote XXX.XX.XX.XX 443 ###AirVPN_CA-Dheneb_UDP-443###; remote XXX.XX.XXX.XXX 443 ###AirVPN_CA-Saiph_UDP-443###; All you have to do is enter multiple remote lines into the advanced section on your client settings. There may be a short delay as it reconnects but i have honestly never noticed when mine does. Just choose your favorite server in the main entry and a number of secondary options.
  • Create New...