Jump to content
Not connected, Your IP: 3.147.73.117

tuxornot

Members2
  • Content Count

    33
  • Joined

    ...
  • Last visited

    ...

Everything posted by tuxornot

  1. I have my pfsense firewall set up as described in the excellent nguvu.org guides, I have an always on airvpn connection and a few VLAN'S that run to the none VPN WAN interface.. Works fine most of the time, the hardware I use is a fanless intel five port minipc, there is also two non VPN LAN'S that use two hardware ports that also connect to the non vpn WAN interface. A problem arose when trying to use the Eddie airvpn client on one of the non VPN VLAN'S, or one of the non VPN LAN'S, Eddie refused to connect. The solution was simple, the nguvu.org guide shows how to create a 'Define local subnets' alias, or in the original pfsense guide it was called ' Private Networks'. example: 192.168.0.0/16 and then create LAN rules using this alias. Any private or local subnets not in this alias will not be processed as pfsense is unaware of anything except what is in provided in this alias, Eddie creates its own network for TUN ( I hope I have phrased this correctly ) so to solve the no connect issue a new private network 128.0.0.0/1 should be added to the Define local subnets alias. Not being an expert in networking it took quite a while to finally understand what was going on, reading the Eddie logs. the pfsense logs and pulling out what is left of my hair, Eventually I reset pfsense and rebuilt one LAN using the guide for testing, everything worked until I created the Local Subnet alias and associated LAN rules, that is when I had the light bulb moment ! I thought I would post this here in case it may help anyone with the same issue. This problem would have been easier to solve but networking is not my strong point !
  2. I get a blank page but can access it on a non airvpn connection.
  3. Same problems on Asterop :-(
  4. Thanks for replying giganerd, I have tried all the UK based servers and keep receiving the 403, if I bypass the vpn the page loads. I use pfsense and one vpn server at a time, went through all of the servers, cleared the cache (s) and rebooted pfsense, still the same thing, I have airvpn DNS set in pfsense so I wonder if that could cause the problem ?
  5. https://www.wickes.co.uk/ Can not reach this website using any of Airvpn UK servers, I get 403 Forbidden on each search attempt. I can reach it and browse if I bypass airvpn and can reach it and browse on my mobile phone over the O2 network, the site worked fine a few days ago and seems ok using airvpn router checker so I presume airvpn has been added to a block blacklist somewhere.
  6. Add to that a few UK servers throwing up googles captas, Naos for one.
  7. As a Test I changed airvpn server to Asterion and the Screwfix forum is now showing and working so there appears to be a problem with Arion.
  8. Changes Airvpn server to Arion and when accessing screwfix comunity forums (UK) I get a blank page, works ok over non vpn, had this issue before but never reported it till now. The link to the page is : https://community.screwfix.com/
  9. I have the same issue with 'DNS address 0 Servers 100 Errors', Only found it during a daily leak test, other dns sites produce normal results, Im guessing its the airvpn test thats a bit iffy. --
  10. Just changed server to another address and got the site to load, odd because it showed all green like the previous servers did, thank you !
  11. Thank you LZ1, I checked with the rout checker and the 2 servers I have tried show green / direct but I still get the error accessing the site.
  12. ​ Just found out that: ​ ​https://tuclothing.sainsburys.co.uk/ Is blocked on Airvpn, can be reached using a 'free proxy server' ( While on Airvpn ) Have tried a few vpn servers, same problem, Typical cloudfront error message: ​ ERROR The request could not be satisfied.Request blocked. Generated by cloudfront (CloudFront)Request ID: TO7Bwiwi1Wjl7hfYsZw2fIxCcCff5iGx3da_4H5q8K42uuJLjaALJw==​ ​There is no way I will drop a vpn to access a shopping site, other people in this house don’t agree with my stance ! ​ ​ ​ ​ ​ ​ ​ ​
  13. Thank you for posting this, makes an interesting read. Once private entities become involved with data in this way the only possible outcome will be a huge mess or as we say over here 'strong and stable' ! /s As a user of posteo I often take it for granted, I sometimes forget that its there, in the background working seamlessly, your post reminded me to actually visit the website and have a good read :-) --
  14. I started over with a fresh install of pfsense and swapped opendns to airvpn dns, so far everything seems to be working. I also added pfblockerNG, rather spiffy but well worth the effort.
  15. Just wanted to mention that the Guide's setting for Topology in "Step 3-A: Setting up the OpenVPN Client" might need changing. According to: https://community.openvpn.net/openvpn/wiki/Topology Subnet topology is the current recommended topology; it is not the default as of OpenVPN 2.3 for reasons of backwards-compatibility with 2.0.9-era configs. It is safe and recommended to use subnet topology when no old/outdated clients exist that are running OpenVPN 2.0.9 under Windows. In subnet topology, the tun device is configured with an IP and netmask like a "traditional" broadcast-based network. The traditional network and broadcast IPs should not be used; while tun has no concept of broadcasts, Windows clients will be unable to properly use these addresses. All remaining IPs in the network are available for use. Since every IP can be used, subnet topology allows the better utilization of IP space and easier to understand network layout. Going to Diagnostics / Command Prompt on my pfSense 2.3.3 box and entering: openvpn --version gives me: OpenVPN 2.3.14 So, it looks like a subnet topology would be a better choice than the current net30 topology.'' I'm testing a fresh pfsense install today, after reading your post I changed to the subnet topology, I dont have any need for backward compatibility, though some people will have. If I find any glitches then I will post back, may take some time as I go through all the logs for this and other stuff. One odd thing I did discover after setting the airvpn guide for pfsense, I have mostly linux computers, each has firejail installed and I use a set of custom commands to launch firejailed browsers in private mode, one of those options forces the browser to use a forced dns, in my case the dns servers are opendns, this worked ok, however using the airvpn dns guide I set up opendns. For some odd reason if firejail also uses opendns then the browser fails to pull webpages, change the firejail dns and no problem. I then changed an androids dns to opendns and the same thing, it fails to pull webpages. It seems to be that if a device has the same dns server as the one used in pfsense using the airvpn guide, then it wont pull webpages, I am unsure if this effects just me but I thought I would mention this in case anyone finds a phone or tablet wont connect, some people change the devices dns and may inadvertently hit this problem. From my point of view this is a trivial issue compared to the extra security the dns setting in this guide offer :-)
  16. I'm mostly clueless, but over on the pfsense forums I did a search for Resolver DNSSEC and got some hits. Unfortunately, almost all were unanswered. But, the indication was that there might be issues with DNSSEC if either IPV6 support is on or if DNS Query Forwarding is checked (I kept that option off in my 2.3.3 setup). Have you got IPV6 off everywhere? What happens if you turn off Forwarding? Also, back in "Step 7-A: System / General Setup", the author said to use only AirVPN's DNS Server (10.4.0.1) in the DNS Server slot. I decided not to do that and have four DNS servers listed there (thour 10.4.0.1 is the first one) with no issues. What are you using there? Maybe there's a problem with DNSSEC on whatever DNS Server you're using. Thanks for your reply, IPv6 is disabled throughout pfsense , not tried disabling forwarding yet. My dns servers are opendns. Oddly enough I was searching for DNSSec and the other setting options, I must have read the same unanswered posts you did. -- This might be OBE, but OpenDNS apparently doesn't support DNSSEC: https://support.opendns.com/hc/en-us/community/posts/220028387-OpenDNS-and-DNSSEC Similarly, AirVPN's DNS Server doesn't support DNSSEC: https://airvpn.org/topic/16202-request-dnssec/ So, if all you have are OpenDNS and AirVPN DNS servers set, having the DNSSEC (and the hardening option, too) will probably do bad things. Thats interesting, thanks for digging into it :-) I changed from opendns to airvpn dns just to do some tests. Il try and find some DNSSEC compliant servers to test with.
  17. In the 18 months I have used a vpn with pfsense I have never had to log off the vpn, its kept running until it fails of its own accord. I'm new to airvpn but I expect to have the connection always on in the same way. One thing I have learnt is if you import a config file then restarting the vpn is sometimes needed, after the restore pfsense reboots but sometimes the vpn goes off on a tangent and needs a restart.
  18. I assumed that the user information is stored within the generated key once obtained when you have logged into the site and downloaded the file with the data in.I'm sure that someone better informed could confirm that. I think they is unique to each user, the key replaces the need for pain text user details, that’s my understanding of it,
  19. This happens to same other 'updates' for various things, the developers often say its improvements but I believe they do it to keep our lives interesting :-)
  20. I'm mostly clueless, but over on the pfsense forums I did a search for Resolver DNSSEC and got some hits. Unfortunately, almost all were unanswered. But, the indication was that there might be issues with DNSSEC if either IPV6 support is on or if DNS Query Forwarding is checked (I kept that option off in my 2.3.3 setup). Have you got IPV6 off everywhere? What happens if you turn off Forwarding? Also, back in "Step 7-A: System / General Setup", the author said to use only AirVPN's DNS Server (10.4.0.1) in the DNS Server slot. I decided not to do that and have four DNS servers listed there (thour 10.4.0.1 is the first one) with no issues. What are you using there? Maybe there's a problem with DNSSEC on whatever DNS Server you're using. Thanks for your reply, IPv6 is disabled throughout pfsense , not tried disabling forwarding yet. My dns servers are opendns. Oddly enough I was searching for DNSSec and the other setting options, I must have read the same unanswered posts you did. --
  21. I think that name came from the set up the guide was based on, mines just called WAN.
  22. I have my pfsense airvpn working, i'm on 2.3.3 and I am pretty sure some things are a bit odd with this version because no matter how many times I follow the guide I end up with no dns ! I did try with Ver 2.3.2 and it works, but 2.3.3, nope. ( I test things like this because I'm a nut ) I do part of my setup after install on a monitor connected to the pfsense box, I have a ppoe to a bridge modem so I set that up along with the lan address and range / subset, then go to a pc and access the admin page and carry on from there, it gets interesting because my set up throws the guide out of step. Anyway I can get the vpn up doing the CA, Cert, Interface and setting the airvpn wan as the gateway in the default lan rule, thats easy, then I do the rest but when I step 8A-1 DNS server and tick everything under DNSSEC then I loose ability to pull websites, so I don’t tick them and leave it at that. Another issue to compound an already confused pfsense user, using the guide's rule for DNS server redirect seems to stop pfblocker running the DNSBL, every works fine but that doesn’t run, it wont even load a rule, five installs using different images and usb sticks to a SSD and I cant get it going, however, leave the rules out, including the alias's and use the default lan rule and DNSSEC runs fine, this may just affect me for some reason, I dunno. Of course given my limited understanding i would rather have dns locked down and use the firewall rules in the guide, just have pfblockerNG do the IPV4 filtering, leaving the privacy and easy list stuff to plugins in the browser until I can find or work out a fix.
  23. The tick box for the negate rules should not be skipped. It literally makes your ip leak if a vpn goes down by redirecting rules/gateways We want it to only use our manually created rules, causing the connection to drop if the vpn goes down. I wish more people would ask questions and discuss this in the main post. The whole community would benefit from the open discussion. I didn’t start this thread, just answered it to the best of my limited ability, I agree this should be in the main thread. I did say I don’t endorse skipping rules, you put a lot of effort into your guide and I like many people are very grateful, without it I doubt I would be online now. I note your point about negate rules but I have a wan_egress floating rule, its a remnant from using another vpn service where the guides where far less informative and being a bit green behind the ears I thought it was a good way to kill traffic if the vpn goes down, that’s just me and I made no mention of it here in case it was bad practice. The idea behind my replying to this post was to not only answer my own post but to reply to someone else who had trouble setting up pfsense, my thinking is during initial setup it may help to get the vpn up and then once proven, move right on to the rules and tweaks, I should have made that more clear. --
×
×
  • Create New...