Search the Community

This HOWTO describes how to connect to AirVPN with a Wireguard VPN tunnel from OPNsense. This is the first draft of this howto, i might add (more) screenshots later on. Version: 0.1 Date: 20231029 What we are going to achieve We'll create a single Wireguard VPN Tunnel, IPv4 Only. Traffic to the tunnel will be NATted Requirements OPNsense firewall is up-and-running and updated. This howto is based on version 23.7.7_1 You have basic knowledge on using OPNsense i.e. firewall rules, NAT, routing, gateways and aliases. AirVPN Premium Access Step 1. Information gathering We'll grab some info that we need to configure the Wireguard Tunnel. Go to the Client Area. Got to VPN Devices. Add a device or edit your existing device. Note your Public Key and IPv4 under the heading "Wireguard" Go back to the Client Aerea. Go to Config Generator Select "router" under "Choose your OS" Select "Wireguard under "Choose protocols" Select your country under "By Countries". I selected Netherlands Scroll way down and download your config. This is an example of a Wireguard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.45.95.123/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Step 2. Create the Tunnel configuration Peer configuration: in OPNsense go to VPN|Wireguard|Settings|Peers. Create a peer with the following information: Name: wg_airvpn_<country code>. mine is called wg_airvpn_nl Public key: <PublicKey under heading [Peer] of your generated WG Config> Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> Allowed IP's: 0.0.0.0/0 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> Endpoint port: 1637 (default port) Keepalive interval: 15 (default interval) Instance configuration: in OPNsense go to VPN|Wireguard|Settings|Instances Create an instance with the following information: Enable Advanced Mode. Name: <Endpoint Name i.e. nl.vpn.airdns.org> Public Key: <Public Key as noted with step 1.4> Private Key: <PrivateKey under heading [Interface] of your generated WG Config> Listen Port: 1637 MTU: 1320 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Peers: <select peer that you created with step 2.2> Disable routes: Enabled. Step 3. Make an exception on your WAN interface in OPNsense go to Firewall|Rules Select your WAN interface, mine is called WAN_PPPOE Create a Pass rule for IPv4/UDP port 1647 to your WAN-address. Step 4. Assign Wireguard Interface in OPNsense go to Interfaces|Assignments You'll find a "wg1(Wireguard - nl.vpn.airdns.org)" (or similiar) interface. bind it to an interface with a name of your choice. mine is called WAN_WG1 as is is the first site-to-site Wireguard tunnel on my WAN interface. Step 5. Create a gateway. Remember we disabled the routes for the WG instance configuration? Because of that we need to create a gateway. In OPNsense go to System|Gateways|Single Add a Gateway with the following information: Name: WAN_WG_GW Description: Interface WAN_WG1 Gateway Interface: Select WAN_WG1 as created in step 4. Address Family: IPv4 IP address: Dynamic (leave empty) Far Gateway: Enabled (this i am not sure of but for now i'm happy it works) Disable Gateway Monitoring: enabled Step 6. Aliases We set up some aliases. This will make it more easy to redirect some hosts or networks to the Wireguard tunnel. in OPNsense, go to Firewall|Aliases Create host entries for the specific hosts you'll redirect Create network entries for the specific network(s) you'll redirect. Create a Network Group Entry with the host and network entries to group them together. My alias is called networkgroup_wireguard Step 7. Create Outbound NAT for Wireguard. (In my setup, i use Manual Outbound Rule Generation because i like to have control) In OPNsense go to Firewall|NAT|Outbound Create a new Outbound NAT rule with the following information: Interface: WAN_WG1 TCP/IP version: IPv4 Protocol: Any Source Address: <alias networkgroup_wireguard from step 6> Translation /target WAN_WG1 address Description: Wireguard VPN Outbound NAT rule Step 8. Create Outbound Redirect rule. In this example we create 2 rules on our LAN interface, one for redirecting to WG, the other to prevent leaks. In OPNsense go to Firewall|Rules Select your LAN interface add an outbound Pass rule: Action: Pass Source: Networkgroup_wireguard Destination: Any (in my case i use an inverted network group called networkgroup_local where all my local vlans are grouped together) Gateway: WAN_WG1_GW (the gateway you created in step 5.) Add an outbound block rule below that: Action: Block Source: Networkgroup_wireguard Destination: Any Gateway: default Your WG VPN tunnel should now work. Test with https://ipleak.net The following steps are more advanced and i'm still finetuning/experimenting with the settings. your experience may vary. Step 9. Prevent VPN leakage I'm new to OPNsense and i am not sure what the default setting is, but from my pfSense experience i know the following setting is important when you want to make sure your VPN does not leak when for instance the tunnel is down. In OPNsense go to Firewall|Settings|Advanced Under "Gateway Monitoring" enable "Skip Rules when gateway is down" Step 10. MTU/MSS optimization For now i have set thte MTU according to the default setting of AirVPN. I want it to be higher but for now i'm just happy it works. My settings are as follows: In the properties of the WAN_WG1 interface i set the MTU to 1320 and the MSS to 1280. I created a normalize rule (Firewall|Settings|Normalization) with the following settings. this should enable me to clamp the MSS to 1280 for the wireguard group but leave the MSS to the desired setting (1452) as defined on my LAN interface for the rest of the hosts on my LAN; Interface: LAN Direction, Protocol: Any Source: networkgroup_wireguard Max MSS: 1280

Hi everyone, I did follow the guide posted here: [link] as good as I could. I ran ins some minor issues, but that should not be the root cause really. Furthermore, I documented my setup and posted a reply to the original author this time with screenshots so it could be used as help for everyone, like me, who is struggling with this. So as said, basically it's not working for me. I can't access anything from LAN. To me (noob) it looks like the tunnel is up, but I can't reach it. Looking at the gateway shows "defunct". To me, this does not sound good. In the WireGuard log, I get the following when I disable WireGuard and enable it again: I am a complete starter on OPNsense and WireGuard, before I was using pfSense and OpenVPN, but this is a bit different. So any help is much appreciated.

So I am running opnsense and for some reason can't get airvpn to tell me I have properly opened my port for qbitorrent. I've successfully done so with mullvad in the past, but that was also with another torrent program I think. I'm using the same port as recommended for qbitorrent though opnsense into airvpn. The only hiccup might be that I have my torrent client on a separate vlan. I seem to recall opnsense having an issue with the rules for port forwarding not properly generating when adding a port forward to a non-lan interface. Anyone know anything? Thanks!

Hi, I'm trying to connect my newly OpenSense installed device to AirVPN. I'm stuck with configuring the connection properly. First, I tried entering all lines manually, where possible. My generated ovpn file is as follows: client dev tun remote nl4.vpn.airdns.org 41185 resolv-retry infinite nobind persist-key persist-tun auth-nocache verb 3 remote-cert-tls server comp-lzo no data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC data-ciphers-fallback AES-256-CBC proto tcp auth SHA512 <ca> -----BEGIN CERTIFICATE----- AAAAAAA -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- BBBBBBB -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- CCCCCCC -----END PRIVATE KEY----- </key> <tls-crypt> -----BEGIN OpenVPN Static key V1----- DDDDDDD -----END OpenVPN Static key V1----- </tls-crypt> I couldn't connect to AirVPN properly. Tried removing nobind as there is an incompatibility with local, which I didn't know exactly. 2022-11-22T10:06:35 Warning openvpn Use --help for more information. 2022-11-22T10:06:35 Error openvpn Options error: --local and --nobind don't make sense when used together 2022-11-22T10:06:24 Warning openvpn Use --help for more information. 2022-11-22T10:06:24 Error openvpn Options error: --local and --nobind don't make sense when used together 2022-11-22T09:38:15 Warning openvpn Use --help for more information. 2022-11-22T09:38:15 Error openvpn Options error: --local and --nobind don't make sense when used together 2022-11-22T09:38:05 Warning openvpn Use --help for more information. 2022-11-22T09:38:05 Error openvpn Options error: --local and --nobind don't make sense when used together 2022-11-22T09:37:53 Warning openvpn Use --help for more information. 2022-11-22T09:37:53 Error openvpn Options error: --local and --nobind don't make sense when used together 2022-11-22T09:35:47 Notice openvpn Exiting due to fatal error 2022-11-22T09:35:47 Error openvpn Error: private key password verification failed 2022-11-22T09:35:47 Warning openvpn Cannot load private key file /var/etc/openvpn/client1.key 2022-11-22T09:35:47 Warning openvpn OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch 2022-11-22T09:35:47 Warning openvpn NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-11-22T09:35:47 Notice openvpn MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock 2022-11-22T09:35:47 Notice openvpn library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10 2022-11-22T09:35:47 Notice openvpn OpenVPN 2.5.8 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2022 2022-11-22T09:35:47 Warning openvpn WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Advanced settings contents: nobind persist-key persist-tun auth-nocache verb 3 remote-cert-tls server comp-lzo no data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC data-ciphers-fallback AES-256-CBC proto tcp auth SHA512 While removing some lines, nobind persist-key persist-tun auth-nocache verb 3 remote-cert-tls server the result is similar. After removing nobind: 2022-11-22T10:51:11 Notice openvpn Exiting due to fatal error 2022-11-22T10:51:11 Error openvpn Error: private key password verification failed 2022-11-22T10:51:11 Warning openvpn Cannot load private key file /var/etc/openvpn/client1.key 2022-11-22T10:51:11 Warning openvpn OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch 2022-11-22T10:51:11 Warning openvpn NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-11-22T10:51:11 Notice openvpn MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock 2022-11-22T10:51:11 Notice openvpn library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10 2022-11-22T10:51:11 Notice openvpn OpenVPN 2.5.8 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2022 2022-11-22T10:51:11 Warning openvpn WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Tried several things here, without luck: - Using IP address instead of host. - Disabling TLS auth and putting all the lines into Advanced section. Can you help?

I got Airvpn wireguard working on OPNsense using this link. It works fine except I can't access the sites in the title. They time out. I imagine there are others but these are the only three I have found so far after approximately one week of usage. I have tried different servers and for duckduckgo I tried the ip address but no results. I am currently using the northamerican server. I have tried canada and a particular Toronto server with the same result. Any help or suggestions would be much appreciated. Thanks. Bill Dika SOLVED: I got this working using a detailed rule for MSS clamping by setting the it to 1300. Firewall --> Settings --> Normalization --> Disable Interface Scrub --> Create Detailed Settings Rule --> Set max mss to 1300.

I have the following set up: ISP Modem --> Protectli(OPNsense-AirVPN Wireguard) --> Netgear R7000 Access Point(Fresh Tomato) --> My Lan (of which there is one hardwired computer running an apache webserver) I have a nextcloud instance running on the apache webserver. I want to be able to access the nextcloud instance remotely. OPNsense has an option available for various Dynamic DNS (DDNS) services. I had the DDNS service for duckdns working and I could access my nextcloud server remotely before I changed to AirVPN as my VPN (I was using Mulvad). Now I want to accomplish the same thing with AirVPN without using duckdns but by using AirVPN's DDNS. The problem is that I cannot even get started. When I go to the AirVPN ports page, click on "Request a new port" and then click on "Test open". The connection times out (110) for TCP but seems to work for UDP (at least I don't see any error for UDP). This happens regardless of whether I leave the local port empty, fill in the local port with the same port number as the assigned port or use port 80 for the local port. Also it doesn't matter if I fill in the xxxx.airdns,org or not. "CanYouSeeMe" reports the ports as closed for for all my attempts. I have tried this on my local internet as well as on my cell phone data plan without any difference. I feel like I am missing something fundamental but have no idea what it is. Any help would be much appreciated. Thanks. bdika

Hi I am trying to connect to AirVPN from an OPNSense Firewall. I have tried many different configs and the status of my openvpn tunnel is always "connecting". The log file shows no errors, there is just a entry state all and client disconnected. Is there any working guide for the current OPNSense version. I do not have any problems to connect to AirVPN from any Windows Client in my network. I looked at my firewall log and did a tcpdump, but i can not see any incoming traffic. I do not have a private ip address, because i use a 5G router. could this be the problem? why is it working on other clients (Android, Windows Workstation)? thank you for your help

Hi, I´ve tried to configure Airvpn on my Firewall with this tutorial (https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/). Unfortunately the tutorial is written for pfsense and there are to many differences in the web gui to use it with OPNsense. So I couldn´t get it running with this tutorial. I want to route my whole traffic through Airvpn. Does anybody has a hint or an how to do? Please consider that Im a beginner at opnsense, so the options and steps are not self-explanatory to me. I also speak german

I am trying to get airvpn running on my new opnsense install but no success so far. This is the guide i followed and quite some options in the setup menu are not in the guide. Maybe because this was written for an older opnsense version. I did exactly what was in the guide and nothing more. Maybe the point is that i`m behind a non-bridged modemrouter? I forwarded port 443 udp and tcp to the opnsense wan (192.168.0.20). Everything after the modemrouter is 192.168.0.x and the lan behind the opnsense system gets 192.168.1.x The guide says, at step 5 the status should be up. This is the log i get: Feb 25 02:40:45 openvpn[86654]: MANAGEMENT: Client disconnected Feb 25 02:40:45 openvpn[86654]: MANAGEMENT: CMD 'state 1' Feb 25 02:40:45 openvpn[86654]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Feb 25 02:40:15 openvpn[86654]: MANAGEMENT: Client disconnected Feb 25 02:40:15 openvpn[86654]: MANAGEMENT: CMD 'state 1' Feb 25 02:40:15 openvpn[86654]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Feb 25 02:40:14 openvpn[86654]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Feb 25 02:40:14 openvpn[86654]: VERIFY EKU OK Feb 25 02:40:14 openvpn[86654]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Feb 25 02:40:14 openvpn[86654]: Validating certificate extended key usage Feb 25 02:40:14 openvpn[86654]: VERIFY KU OK Feb 25 02:40:14 openvpn[86654]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Feb 25 02:40:14 openvpn[86654]: TLS: Initial packet from [AF_INET]194.187.251.154:443, sid=c0b00d21 453258cb Feb 25 02:40:14 openvpn[86654]: UDP link remote: [AF_INET]194.187.251.154:443 Feb 25 02:40:14 openvpn[86654]: UDP link local (bound): [AF_INET]192.168.0.20:0 Feb 25 02:40:14 openvpn[86654]: Socket Buffers: R=[42080->42080] S=[57344->57344] Feb 25 02:40:14 openvpn[86654]: TCP/UDP: Preserving recently used remote address: [AF_INET]194.187.251.154:443 Feb 25 02:40:14 openvpn[86654]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 25 02:40:14 openvpn[86654]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 25 02:40:14 openvpn[86654]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 25 02:40:14 openvpn[86654]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Feb 25 02:40:14 openvpn[86616]: library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.10 Feb 25 02:40:14 openvpn[86616]: OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 22 2018 Feb 25 02:38:49 openvpn[68218]: SIGTERM[hard,] received, process exiting Feb 25 02:38:49 openvpn[68218]: event_wait : Interrupted system call (code=4) Feb 25 02:38:47 openvpn[68218]: MANAGEMENT: Client disconnected Feb 25 02:38:47 openvpn[68218]: MANAGEMENT: CMD 'state 1' Feb 25 02:38:47 openvpn[68218]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Feb 25 02:37:59 openvpn[68218]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Feb 25 02:37:59 openvpn[68218]: VERIFY EKU OK Feb 25 02:37:59 openvpn[68218]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Feb 25 02:37:59 openvpn[68218]: Validating certificate extended key usage Feb 25 02:37:59 openvpn[68218]: VERIFY KU OK Feb 25 02:37:59 openvpn[68218]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Feb 25 02:37:59 openvpn[68218]: TLS: Initial packet from [AF_INET]194.187.251.154:443, sid=37214535 dc5a7495 Feb 25 02:37:59 openvpn[68218]: UDP link remote: [AF_INET]194.187.251.154:443 Feb 25 02:37:59 openvpn[68218]: UDP link local (bound): [AF_INET]192.168.0.20:0 Feb 25 02:37:59 openvpn[68218]: Socket Buffers: R=[42080->42080] S=[57344->57344] Feb 25 02:37:59 openvpn[68218]: TCP/UDP: Preserving recently used remote address: [AF_INET]194.187.251.154:443 Feb 25 02:37:59 openvpn[68218]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 25 02:37:49 openvpn[68218]: Restart pause, 10 second(s) Feb 25 02:37:49 openvpn[68218]: SIGUSR1[soft,tls-error] received, process restarting Feb 25 02:37:49 openvpn[68218]: TLS Error: TLS handshake failed Feb 25 02:37:49 openvpn[68218]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 25 02:37:35 openvpn[68218]: MANAGEMENT: Client disconnected Feb 25 02:37:35 openvpn[68218]: MANAGEMENT: CMD 'state 1' Feb 25 02:37:35 openvpn[68218]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Feb 25 02:36:49 openvpn[68218]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Feb 25 02:36:49 openvpn[68218]: VERIFY EKU OK Feb 25 02:36:49 openvpn[68218]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Little later: Feb 25 03:00:12 openvpn[86654]: MANAGEMENT: Client disconnected Feb 25 03:00:12 openvpn[86654]: MANAGEMENT: CMD 'state 1' Feb 25 03:00:12 openvpn[86654]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Feb 25 02:55:44 openvpn[86654]: Restart pause, 300 second(s) Feb 25 02:55:44 openvpn[86654]: SIGUSR1[soft,ping-restart] received, process restarting Feb 25 02:55:44 openvpn[86654]: [server] Inactivity timeout (--ping-restart), restarting Feb 25 02:54:44 openvpn[86654]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Feb 25 02:54:44 openvpn[86654]: VERIFY EKU OK Feb 25 02:54:44 openvpn[86654]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Feb 25 02:54:44 openvpn[86654]: Validating certificate extended key usage Feb 25 02:54:44 openvpn[86654]: VERIFY KU OK Feb 25 02:54:44 openvpn[86654]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Feb 25 02:54:44 openvpn[86654]: TLS: Initial packet from [AF_INET]194.187.251.154:443, sid=263f3cd0 cd08c14b Feb 25 02:54:44 openvpn[86654]: UDP link remote: [AF_INET]194.187.251.154:443 Feb 25 02:54:44 openvpn[86654]: UDP link local (bound): [AF_INET]192.168.0.20:0 Feb 25 02:54:44 openvpn[86654]: Socket Buffers: R=[42080->42080] S=[57344->57344] Feb 25 02:54:44 openvpn[86654]: TCP/UDP: Preserving recently used remote address: [AF_INET]194.187.251.154:443 Feb 25 02:54:44 openvpn[86654]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 25 02:52:04 openvpn[86654]: Restart pause, 160 second(s) Feb 25 02:52:04 openvpn[86654]: SIGUSR1[soft,ping-restart] received, process restarting Feb 25 02:52:04 openvpn[86654]: [server] Inactivity timeout (--ping-restart), restarting Feb 25 02:51:04 openvpn[86654]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Feb 25 02:51:04 openvpn[86654]: VERIFY EKU OK Feb 25 02:51:04 openvpn[86654]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Feb 25 02:51:04 openvpn[86654]: Validating certificate extended key usage Feb 25 02:51:04 openvpn[86654]: VERIFY KU OK Feb 25 02:51:04 openvpn[86654]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Feb 25 02:51:04 openvpn[86654]: TLS: Initial packet from [AF_INET]194.187.251.154:443, sid=c6a2dfeb 08c736d9 Feb 25 02:51:04 openvpn[86654]: UDP link remote: [AF_INET]194.187.251.154:443 Feb 25 02:51:04 openvpn[86654]: UDP link local (bound): [AF_INET]192.168.0.20:0 Feb 25 02:51:04 openvpn[86654]: Socket Buffers: R=[42080->42080] S=[57344->57344] Feb 25 02:51:04 openvpn[86654]: TCP/UDP: Preserving recently used remote address: [AF_INET]194.187.251.154:443 Feb 25 02:51:04 openvpn[86654]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 25 02:49:44 openvpn[86654]: Restart pause, 80 second(s) Feb 25 02:49:44 openvpn[86654]: SIGUSR1[soft,ping-restart] received, process restarting Feb 25 02:49:44 openvpn[86654]: [server] Inactivity timeout (--ping-restart), restarting Feb 25 02:48:44 openvpn[86654]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Feb 25 02:48:44 openvpn[86654]: VERIFY EKU OK Feb 25 02:48:44 openvpn[86654]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Feb 25 02:48:44 openvpn[86654]: Validating certificate extended key usage Feb 25 02:48:44 openvpn[86654]: VERIFY KU OK Feb 25 02:48:44 openvpn[86654]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Feb 25 02:48:44 openvpn[86654]: TLS: Initial packet from [AF_INET]194.187.251.154:443, sid=7f656fd8 bb527714 Feb 25 02:48:44 openvpn[86654]: UDP link remote: [AF_INET]194.187.251.154:443 Feb 25 02:48:44 openvpn[86654]: UDP link local (bound): [AF_INET]192.168.0.20:0 Feb 25 02:48:44 openvpn[86654]: Socket Buffers: R=[42080->42080] S=[57344->57344] Feb 25 02:48:44 openvpn[86654]: TCP/UDP: Preserving recently used remote address: [AF_INET]194.187.251.154:443 Feb 25 02:48:44 openvpn[86654]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 25 02:48:04 openvpn[86654]: Restart pause, 40 second(s) Feb 25 02:48:04 openvpn[86654]: SIGUSR1[soft,ping-restart] received, process restarting

I have not had a chance to setup my pfsense box to connect strickly to airVpn. I have been trolling the pfSense forums and read the wiki and seen where a few developers split from pfSense because it was becoming too commercial. I downloaded the image and installed in a VM but have not done much to it. Just wanted to know how many here would move to this version of firewall in leu of pfSense. Dont get me wrong im sticking with pfsense since pfSense_fan did one heck of a job on the guide, i was just wondering.