Jump to content
Not connected, Your IP: 34.229.151.87

tuxornot

Members2
  • Content Count

    23
  • Joined

    ...
  • Last visited

    ...
  1. I have the same issue with 'DNS address 0 Servers 100 Errors', Only found it during a daily leak test, other dns sites produce normal results, Im guessing its the airvpn test thats a bit iffy. --
  2. Just changed server to another address and got the site to load, odd because it showed all green like the previous servers did, thank you !
  3. Thank you LZ1, I checked with the rout checker and the 2 servers I have tried show green / direct but I still get the error accessing the site.
  4. ​ Just found out that: ​ ​https://tuclothing.sainsburys.co.uk/ Is blocked on Airvpn, can be reached using a 'free proxy server' ( While on Airvpn ) Have tried a few vpn servers, same problem, Typical cloudfront error message: ​ ERROR The request could not be satisfied.Request blocked. Generated by cloudfront (CloudFront)Request ID: TO7Bwiwi1Wjl7hfYsZw2fIxCcCff5iGx3da_4H5q8K42uuJLjaALJw==​ ​There is no way I will drop a vpn to access a shopping site, other people in this house don’t agree with my stance ! ​ ​ ​ ​ ​ ​ ​ ​
  5. Thank you for posting this, makes an interesting read. Once private entities become involved with data in this way the only possible outcome will be a huge mess or as we say over here 'strong and stable' ! /s As a user of posteo I often take it for granted, I sometimes forget that its there, in the background working seamlessly, your post reminded me to actually visit the website and have a good read :-) --
  6. I started over with a fresh install of pfsense and swapped opendns to airvpn dns, so far everything seems to be working. I also added pfblockerNG, rather spiffy but well worth the effort.
  7. Just wanted to mention that the Guide's setting for Topology in "Step 3-A: Setting up the OpenVPN Client" might need changing. According to: https://community.openvpn.net/openvpn/wiki/Topology Subnet topology is the current recommended topology; it is not the default as of OpenVPN 2.3 for reasons of backwards-compatibility with 2.0.9-era configs. It is safe and recommended to use subnet topology when no old/outdated clients exist that are running OpenVPN 2.0.9 under Windows. In subnet topology, the tun device is configured with an IP and netmask like a "traditional" broadcast-based network. The traditional network and broadcast IPs should not be used; while tun has no concept of broadcasts, Windows clients will be unable to properly use these addresses. All remaining IPs in the network are available for use. Since every IP can be used, subnet topology allows the better utilization of IP space and easier to understand network layout. Going to Diagnostics / Command Prompt on my pfSense 2.3.3 box and entering: openvpn --version gives me: OpenVPN 2.3.14 So, it looks like a subnet topology would be a better choice than the current net30 topology.'' I'm testing a fresh pfsense install today, after reading your post I changed to the subnet topology, I dont have any need for backward compatibility, though some people will have. If I find any glitches then I will post back, may take some time as I go through all the logs for this and other stuff. One odd thing I did discover after setting the airvpn guide for pfsense, I have mostly linux computers, each has firejail installed and I use a set of custom commands to launch firejailed browsers in private mode, one of those options forces the browser to use a forced dns, in my case the dns servers are opendns, this worked ok, however using the airvpn dns guide I set up opendns. For some odd reason if firejail also uses opendns then the browser fails to pull webpages, change the firejail dns and no problem. I then changed an androids dns to opendns and the same thing, it fails to pull webpages. It seems to be that if a device has the same dns server as the one used in pfsense using the airvpn guide, then it wont pull webpages, I am unsure if this effects just me but I thought I would mention this in case anyone finds a phone or tablet wont connect, some people change the devices dns and may inadvertently hit this problem. From my point of view this is a trivial issue compared to the extra security the dns setting in this guide offer :-)
  8. I'm mostly clueless, but over on the pfsense forums I did a search for Resolver DNSSEC and got some hits. Unfortunately, almost all were unanswered. But, the indication was that there might be issues with DNSSEC if either IPV6 support is on or if DNS Query Forwarding is checked (I kept that option off in my 2.3.3 setup). Have you got IPV6 off everywhere? What happens if you turn off Forwarding? Also, back in "Step 7-A: System / General Setup", the author said to use only AirVPN's DNS Server (10.4.0.1) in the DNS Server slot. I decided not to do that and have four DNS servers listed there (thour 10.4.0.1 is the first one) with no issues. What are you using there? Maybe there's a problem with DNSSEC on whatever DNS Server you're using. Thanks for your reply, IPv6 is disabled throughout pfsense , not tried disabling forwarding yet. My dns servers are opendns. Oddly enough I was searching for DNSSec and the other setting options, I must have read the same unanswered posts you did. -- This might be OBE, but OpenDNS apparently doesn't support DNSSEC: https://support.opendns.com/hc/en-us/community/posts/220028387-OpenDNS-and-DNSSEC Similarly, AirVPN's DNS Server doesn't support DNSSEC: https://airvpn.org/topic/16202-request-dnssec/ So, if all you have are OpenDNS and AirVPN DNS servers set, having the DNSSEC (and the hardening option, too) will probably do bad things. Thats interesting, thanks for digging into it :-) I changed from opendns to airvpn dns just to do some tests. Il try and find some DNSSEC compliant servers to test with.
  9. In the 18 months I have used a vpn with pfsense I have never had to log off the vpn, its kept running until it fails of its own accord. I'm new to airvpn but I expect to have the connection always on in the same way. One thing I have learnt is if you import a config file then restarting the vpn is sometimes needed, after the restore pfsense reboots but sometimes the vpn goes off on a tangent and needs a restart.
  10. I assumed that the user information is stored within the generated key once obtained when you have logged into the site and downloaded the file with the data in.I'm sure that someone better informed could confirm that. I think they is unique to each user, the key replaces the need for pain text user details, that’s my understanding of it,
  11. This happens to same other 'updates' for various things, the developers often say its improvements but I believe they do it to keep our lives interesting :-)
  12. I'm mostly clueless, but over on the pfsense forums I did a search for Resolver DNSSEC and got some hits. Unfortunately, almost all were unanswered. But, the indication was that there might be issues with DNSSEC if either IPV6 support is on or if DNS Query Forwarding is checked (I kept that option off in my 2.3.3 setup). Have you got IPV6 off everywhere? What happens if you turn off Forwarding? Also, back in "Step 7-A: System / General Setup", the author said to use only AirVPN's DNS Server (10.4.0.1) in the DNS Server slot. I decided not to do that and have four DNS servers listed there (thour 10.4.0.1 is the first one) with no issues. What are you using there? Maybe there's a problem with DNSSEC on whatever DNS Server you're using. Thanks for your reply, IPv6 is disabled throughout pfsense , not tried disabling forwarding yet. My dns servers are opendns. Oddly enough I was searching for DNSSec and the other setting options, I must have read the same unanswered posts you did. --
  13. I think that name came from the set up the guide was based on, mines just called WAN.
  14. I have my pfsense airvpn working, i'm on 2.3.3 and I am pretty sure some things are a bit odd with this version because no matter how many times I follow the guide I end up with no dns ! I did try with Ver 2.3.2 and it works, but 2.3.3, nope. ( I test things like this because I'm a nut ) I do part of my setup after install on a monitor connected to the pfsense box, I have a ppoe to a bridge modem so I set that up along with the lan address and range / subset, then go to a pc and access the admin page and carry on from there, it gets interesting because my set up throws the guide out of step. Anyway I can get the vpn up doing the CA, Cert, Interface and setting the airvpn wan as the gateway in the default lan rule, thats easy, then I do the rest but when I step 8A-1 DNS server and tick everything under DNSSEC then I loose ability to pull websites, so I don’t tick them and leave it at that. Another issue to compound an already confused pfsense user, using the guide's rule for DNS server redirect seems to stop pfblocker running the DNSBL, every works fine but that doesn’t run, it wont even load a rule, five installs using different images and usb sticks to a SSD and I cant get it going, however, leave the rules out, including the alias's and use the default lan rule and DNSSEC runs fine, this may just affect me for some reason, I dunno. Of course given my limited understanding i would rather have dns locked down and use the firewall rules in the guide, just have pfblockerNG do the IPV4 filtering, leaving the privacy and easy list stuff to plugins in the browser until I can find or work out a fix.
  15. The tick box for the negate rules should not be skipped. It literally makes your ip leak if a vpn goes down by redirecting rules/gateways We want it to only use our manually created rules, causing the connection to drop if the vpn goes down. I wish more people would ask questions and discuss this in the main post. The whole community would benefit from the open discussion. I didn’t start this thread, just answered it to the best of my limited ability, I agree this should be in the main thread. I did say I don’t endorse skipping rules, you put a lot of effort into your guide and I like many people are very grateful, without it I doubt I would be online now. I note your point about negate rules but I have a wan_egress floating rule, its a remnant from using another vpn service where the guides where far less informative and being a bit green behind the ears I thought it was a good way to kill traffic if the vpn goes down, that’s just me and I made no mention of it here in case it was bad practice. The idea behind my replying to this post was to not only answer my own post but to reply to someone else who had trouble setting up pfsense, my thinking is during initial setup it may help to get the vpn up and then once proven, move right on to the rules and tweaks, I should have made that more clear. --
×
×
  • Create New...