Search the Community

Hello, I was messing around with a local web page hosted on my raspberry pi for local projects, and using that web page works fine from my pc which has an ethernet cable to my router. However when I try to access the page with my android phone, I cannot connect to the web page. I can also not reach my router admin page from my android device, something that DOES work on my pc... All three devices: pc, android phone, raspberry pi are running on AirVPN. The moment I disconnect from the VPN, I can access the admin panel and the website from my phone. Is there a way to make devices connected via wifi while using the VPN able to access my router / other local machines? Thanks in advance.

Hello,As we know no VPNs even the safest VPNs like AirVPN or ProtonVPN? are really safe, in fact there is always the problem that none of us users really know if they keeps logs.My solution would be to host running a VPN on a rented VPS server in order to personally manage it.To do so I do not want to limit at something pre-compiled, such as "digital ocean", infact my plan is to run it in Softether host inside a VPS.The scheme should be so: Within a Windows Server VPS placed in some data center run VMware emulating another operating system, within this guest run Softether host app.Then connect via VPN tunnel from Softether host app to my real domestic PC. I just wonder if the VPS server owner or the VPS internet operator itself could actually trace the source back to my real PC even though ill establish a VPN tunnelling from softether to my actual pc. PS: The idea of ​​running everything inside a VM instead of into just the VPS itself is to make the Softether logs inaccessible to a potential attacker protecting them in a shell, plus mask the imei and the operation system.I look forward to understand if they (NSA or potential attackers) would have some way to track back the encrypted VPN connection from Softether to my current PC

Hello Airvpn team. I have been getting very slow speed while using AirVPN. I’m only getting 30MBps downa nd about 11MBps up. instead of about 300MBps down and 12MBps up. This happens across all server. Some are slower then others. My ISP is Comcast. Is this an issue on my end or is Comcast throdeling my internet because I’m going through a VPN almost all the time? Any ideas VPN members?

Hello, I've tried AirVPN now on my desktop and am very pleased with the experience so i wanted to pursue my main goal with AirVPN: My ISP uses CGNAT so i have no public IPV4 adress. My plan was to setup a Ubuntu Server VM that acts as a gateway to AirVPN for my plex server (which currently isn't available outside of my network thanks to CGNAT). I've read elsewhere that i needed to tunnel the IPV4 application (plex) to IPV6 using the program 6tunnel. My first step was to install openvpn and launch the TCP.ovpn file, SSH is telling me: "Initialization Sequence Completed", now I'm stuck at connecting to the gateway (and maybe configuring it as one?) and tunneling the IPV4 traffic of the VPN and Plex to IPV6. I've also just discovered the advanced mode of the config file generator and am a bit overwhelmed. Should I use "IPV4&IPV6 (connect with IPV6) and which ports? I think my current config files where normal IPV4 so that's probably why it only worked on my desktop with eddie. Your help is greatly appreciated and thanks in advance.

Hi. When connected to an AirVPN-server through a VPN-router... Are there any fixed IPs on the VPN-server that can be used to ping for monitoring the quality of the VPN connection (RRD graphs etc)? I used to be able to use 10.x.0.1 but they do not seem to respond to pings anymore. What is the correct IP to use for this purpose? Kind regards,

Hi I'm using a Samsung Galaxy S8+ running Android 8.0 and having issues with the VPN disconnecting after a few minutes (<1 hour) of not using the device. This happens with both OpenVPN for Android & the Eddie - OpenVPN GUI. I've tried uninstalling and reinstalling OpenVPN for Android as well as deleted the config files and redownloaded them, but still doing so. Power Saving mode is off & I've also tried switching to other modes (Game/Entertainment/High performance). Does anyone know why/how to fix this? Apologies if this has already been discussed in another post/thread, I had a look but couldn't find anything, happy to use such a thread if you can point me to it. Thank you.

Hello. I read that connecting to AirVPN using port UDP 53 instead of UDP 443 is a way to get better speeds, but when I tried to do it today it could not connect to that port on any server and kept giving me an error. This happened on both my phone (connected with Wi-Fi) and PC (connected with ethernet cable) . I contacted my ISP and asked them if they were blocking any ports, and they said they were only blocking ports 80 and 25. I had the ISP unblock these ports just in case that was somehow the issue, but it was not and VPN on UDP 53 continued to not work. I even tried forwarding UDP port 53 to my devices from my router, but that didn't do anything. However, when I turn off Wi-Fi on my phone and connect to my mobile network, UDP 53 works flawlessly. Here is a log of me trying to connect to an AirVPN server on port UDP 53 on my Wi-Fi using my android phone and the Eddie for Android app Eddie Log created on 09 Aug 2018 19:24:41 UTC Eddie for Android 1.0 RC 2 Version Code 5 09 Aug 2018 19:23:52 UTC [debug] NativeMethods.OVPN3.Init succeeded (version=3) 09 Aug 2018 19:23:52 UTC Network is connected to WIFI 09 Aug 2018 19:23:52 UTC [debug] VPNService.NetworkStatusChanged: action='RESUME' 09 Aug 2018 19:23:52 UTC Network is connected to WIFI 09 Aug 2018 19:23:52 UTC [debug] VPNService.NetworkStatusChanged: action='RESUME' 09 Aug 2018 19:24:03 UTC Network is connected to WIFI 09 Aug 2018 19:24:03 UTC [debug] VPNService.NetworkStatusChanged: action='RESUME' 09 Aug 2018 19:24:03 UTC Network is connected to WIFI 09 Aug 2018 19:24:03 UTC [debug] VPNService.NetworkStatusChanged: action='RESUME' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'tls_version_min:tls_1_0' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'protocol:' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'ipv6:yes' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'timeout:30' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'tun_persist:true' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'compression_mode:yes' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'synchronous_dns_lookup:false' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'autologin_sessions:true' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'disable_client_cert:false' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'ssl_debug_level:0' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'default_key_direction:-1' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'force_aes_cbc_ciphersuites:false' 09 Aug 2018 19:24:04 UTC OpenVPN3: ovpn3_client_set_option '1' - 'tls_cert_profile:' 09 Aug 2018 19:24:04 UTC Eddie Native Library: client '1' starting 09 Aug 2018 19:24:04 UTC Eddie Native Library: loading profile 09 Aug 2018 19:24:04 UTC OpenVPN3: config.protoOverride: 09 Aug 2018 19:24:04 UTC OpenVPN3: config.connTimeout: 30 09 Aug 2018 19:24:04 UTC OpenVPN3: config.compressionMode: yes 09 Aug 2018 19:24:04 UTC OpenVPN3: config.ipv6: yes 09 Aug 2018 19:24:04 UTC OpenVPN3: config.tlsVersionMinOverride: tls_1_0 09 Aug 2018 19:24:04 UTC OpenVPN3: config.tlsCertProfileOverride: 09 Aug 2018 19:24:04 UTC OpenVPN3: config.disableClientCert: false 09 Aug 2018 19:24:04 UTC OpenVPN3: config.proxyHost: 09 Aug 2018 19:24:04 UTC OpenVPN3: config.proxyPort: 09 Aug 2018 19:24:04 UTC OpenVPN3: config.proxyAllowCleartextAuth: false 09 Aug 2018 19:24:04 UTC OpenVPN3: config.defaultKeyDirection: -1 09 Aug 2018 19:24:04 UTC OpenVPN3: config.forceAesCbcCiphersuites: false 09 Aug 2018 19:24:04 UTC OpenVPN3: config.sslDebugLevel: 0 09 Aug 2018 19:24:04 UTC [debug] DoUpdate - Begin 09 Aug 2018 19:24:04 UTC OpenVPN3: config.autologinSessions: true 09 Aug 2018 19:24:04 UTC OpenVPN3: config.tunPersist: true 09 Aug 2018 19:24:04 UTC OpenVPN3: config.synchronousDnsLookup: false 09 Aug 2018 19:24:04 UTC Eddie Native Library: profile loaded, connecting to server 09 Aug 2018 19:24:04 UTC Eddie Native Library: connect_attach 09 Aug 2018 19:24:04 UTC [debug] OnConnectAttach 09 Aug 2018 19:24:04 UTC OpenVPN3: Frame=512/2048/512 mssfix-ctrl=1250 09 Aug 2018 19:24:04 UTC [debug] OpenVPN Event: type=RESOLVE, name=RESOLVE, info=, data=0 09 Aug 2018 19:24:04 UTC Eddie Native Library: connect_pre_run 09 Aug 2018 19:24:04 UTC [debug] OnConnectPreRun 09 Aug 2018 19:24:04 UTC Eddie Native Library: connect_run 09 Aug 2018 19:24:04 UTC OpenVPN3: Contacting 107.150.23.66:53 via UDP 09 Aug 2018 19:24:04 UTC [debug] OpenVPN Event: type=WAIT, name=WAIT, info=, data=0 09 Aug 2018 19:24:04 UTC Eddie Native Library: socket_protect(socket=81) 09 Aug 2018 19:24:04 UTC [debug] OnSocketProtect(socket=81) 09 Aug 2018 19:24:04 UTC OpenVPN3: Connecting to [107.150.23.66]:53 (107.150.23.66) via UDPv4 09 Aug 2018 19:24:14 UTC OpenVPN3: Server poll timeout, trying next remote entry... 09 Aug 2018 19:24:14 UTC [debug] OpenVPN Event: type=RECONNECTING, name=RECONNECTING, info=, data=0 09 Aug 2018 19:24:14 UTC OpenVPN3: Contacting 107.150.23.66:53 via UDP 09 Aug 2018 19:24:14 UTC [debug] OpenVPN Event: type=WAIT, name=WAIT, info=, data=0 09 Aug 2018 19:24:14 UTC Eddie Native Library: socket_protect(socket=77) 09 Aug 2018 19:24:14 UTC [debug] OnSocketProtect(socket=77) 09 Aug 2018 19:24:14 UTC OpenVPN3: Connecting to [107.150.23.66]:53 (107.150.23.66) via UDPv4 09 Aug 2018 19:24:24 UTC OpenVPN3: Server poll timeout, trying next remote entry... 09 Aug 2018 19:24:24 UTC [debug] OpenVPN Event: type=RECONNECTING, name=RECONNECTING, info=, data=0 09 Aug 2018 19:24:24 UTC OpenVPN3: Contacting 107.150.23.66:53 via UDP 09 Aug 2018 19:24:24 UTC [debug] OpenVPN Event: type=WAIT, name=WAIT, info=, data=0 09 Aug 2018 19:24:24 UTC Eddie Native Library: socket_protect(socket=77) 09 Aug 2018 19:24:24 UTC [debug] OnSocketProtect(socket=77) 09 Aug 2018 19:24:24 UTC OpenVPN3: Connecting to [107.150.23.66]:53 (107.150.23.66) via UDPv4 09 Aug 2018 19:24:34 UTC OpenVPN3 CONNECTION_TIMEOUT: CONNECTION_TIMEOUT 09 Aug 2018 19:24:34 UTC VPN error detected. Locking VPN 09 Aug 2018 19:24:34 UTC Eddie Native Library: client '1' pausing 09 Aug 2018 19:24:34 UTC Eddie Native Library: client '1' paused 09 Aug 2018 19:24:34 UTC VPN locked 09 Aug 2018 19:24:34 UTC Eddie Native Library: tun_builder_teardown(disconnect=false) 09 Aug 2018 19:24:34 UTC [debug] OnTunBuilderTeardown(disconnect=0) 09 Aug 2018 19:24:34 UTC OpenVPN DISCONNECTED - DISCONNECTED: 09 Aug 2018 19:24:34 UTC [debug] OnConnectRun 09 Aug 2018 19:24:34 UTC Eddie Native Library: OpenVPN3 client started 09 Aug 2018 19:24:34 UTC Eddie Native Library: client '1' started 09 Aug 2018 19:24:34 UTC Eddie Native Library: client '1' stopping 09 Aug 2018 19:24:34 UTC Eddie Native Library: client '1' stopped 09 Aug 2018 19:24:34 UTC [debug] ClearContexts 09 Aug 2018 19:24:35 UTC Exception: client not initialized (Eddie.NativeAndroidApp.OpenVPNDispatcher.Run)I would highly appreciate if a fix for this issue could be found, thank you.

Hi, I just started using MS One Note and I have run into the problem where it does not work when the VPN is on. I have reads the thread here https://airvpn.org/topic/10700-ms-onenote-does-not-sync-vith-airvpn/?hl=onenote but it did not provide me with any advice as to what to do in Eddie to allow One Note to work. Can anyone guide me on the settings I need to change to get One Note and the VPN working at the same time. I'm using Windows 7 & 8 and also the OpenVPN on Android. Thanks In advance. Andrew

I have been using Express VPN for a time now but hows Air VPN compare to Express? What are the advantages?

-

Hi, I'm trying to use a NetGear R6300v1 as a VPN Router with the latest DD-WRT build I could find (dd-wrt.v24-36330_NEWD-2_K3.x_mega-R6300). I can establish a TCP/443 connection to AirVPN (using DE or NL servers) and everything is fine in my opinion: There seem to be no DNS leaks and when the VPN goes down the R6300v1 stops traffic over the WAN interface, just as I want it to. With my 100/40 MBit/s NetCologne DSL @ home I see about 15/13 MBit/s VPN Performance on the R6300v1 with TCP, I have not yet seen more than 30% CPU usage on the R6300v1 during Speedtests. Streaming 1080p YouTube videos in a browser window on a PC connected via LAN to the R6300v1 the CPU usage stays below 15%. Streaming 4K video to an iPad connected via 5 GHz WLAN results in 25% to 35% CPU usage on the R6300v1. This is using a TCP connection - I wonder if UDP would give me more performance and if I should strive further to get that up and running? My problem is: With the very same settings - AFAIK I don't have anything TCP exclusive in there - just switching to UDP for connecting to AirVPN I cannot browse anything anymore. DNS resolution still works with UDP, I can ping for example www.heise.de both in Windows and via SSH directly on the R6300v1, I just cannot browse to www.heise.de. On a sidenote, the same is true if I use 'OpenVPN connect' on an iPad (iOS 11.4.1) - when I generate a .ovpn config for TCP/443 to German servers all is well, same config just with UDP/443 not so much on the iPad, too. On a second sidenote, I can get the latest Tomato build I could find for the R6300v1 (tomato-Netgear-R6300V1_RT-AC6x--140-AIO-64K) to do the same and have the same UDP issue as with the DD-WRT load ... I settled for DD-WRT for now because it seems to me the hardware support, especially WLAN AC, is better in the more recent DD-WRT build I'm using. I think I'm either missing something obvious or UDP simply cannot work on the R6300v1 (and an iPad). If anybody has an idea what I should try differently with the settings, I'd very much appreciate the information. Thanks in advance, Kyle

HI, It's been brought to my attention that Steam and Microsoft charge different prices depending on your geographic region. Thus it's possible to use a VPN to trick Steam, for example, into thinking you live in a region where prices are lower. However, in the Steam terms, you do agree not to use a VPN for this purpose. And your account could be permanently closed if you get caught. Question: What is the likelihood of getting caught? Specifically with respect to AirVPN.

Hello I have a very strange problem with my Windows 10 laptop. I try to make a VPN chain. My host OS is a freshly and clean installed Windows 10 Professional without any third party antivirus or firewall installed. I set up an Ubuntu virtual machine in vmware workstation player with NAT network setting. I can successfully connect to the first VPN server on my host OS and start up the virtual machine. When I go to ipleak.net (in the Ubuntu guest OS) i can see the ip address from the first VPN server, so far so good. But when I try to fire up the eddie client in the Ubuntu guest OS and make the second VPN connection it's always stuck on checking route and it fails to connect. After that, I tried to disable the VPN connection on my host OS. I can now make a VPN connection inside the Ubuntu guest OS without any errors. So, a VPN connection is possible on the host and guest OS, but chaining doesn't work. I tried exactly the same on my friends Windows 10 host machine and it worked right away. Why it doesn't on my Windows 10 Laptop?

Hi! We have work witout problems with eddie client , in a few days all servers its really slow some 3 or 15 mb and i dont understand why change browser , check firewall and antivirus rules , and i cannt see any error in log files any help ??or what i need check? have windows 8 service pack 1 os 64bits my connection 100 MB down 30 up regards!

When I connect to Persei using UDP and the Eddie 2.14.2 my speeds decrease dramatically macOS 10.13.4 (17E202). Not connected to VPN connected to Persei

I'm attempting to host a Minecraft server on campus using the provided internet (we aren't allowed to purchase our own) and would like my friends outside campus to be able to connect but they cannot. I've tried to do port forwarding to allow this but it doesn't seem to be working no matter what I try. I can only connect to the server myself when running it locally (connecting to 127.0.0.1) and not when running it through the vpn. Any suggestions?

Hello, I really didn't want to write this post, especially after reading the "Config Generator not resolving hosts for Entry IP 2" post and the https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses post over and over again. I read these posts a million times each but still couldn't figure out how to get my entry IP address and I kind of guessed for the DNS. The only command line prompt I could even get a response for was: nslookup nihal.airservers.org. I tried so many variations of nslookup nl.all.vpn.airdns.org (for example, uslookup pavo.airservers.org) and couldn't get the earth one to work either: earth.all.vpn.airdns.org I went to the specs page of the airvpn website looking for the VPN DNS and kind of just guessed with 10.4.0.1 Here we go: Operating System: RouterOpenVPN version: >= 2.4 IPv4 only Servers: by Continent Protocol: TCP Port: 1194 I chose TCP 1194 because the router I'm flashing has Tor capability and I'm shooting for true anonymity. Everything is just about set up and ready to go but despite reading the entry-ip-addresses article over and over again I couldn't seem to ascertain how exactly to get it. Thoughts anyone?

Hello, I am writing to request a new server or servers in Estonia. A server in Estonia would be a great addition, as Estonia has excellent online freedom. Please see the links below for more info. 1 2 3 4 5 6 What are your thoughts about my suggestion? Feel free to reply and/or answer the poll.

Hi there, I am totally new to vpn and I just curious about how that all works and how to do it right, and now I am quite confused about thousand different setup methods. I have a plain linux box which runs a service Y on a specific port that shall go throught airvpn. So far I only read that once openvpn is started all traffic goes through the vpn. If I simply start the vpn as descibed here https://airvpn.org/topic/11431-using-airvpn-with-linux-from-terminal/ on the box does this mean that everyone on the other side of the vpn can portscan/connect to services that are running on that box? If I manage that box from another client in my LAN via a vncserver that is installed on that box, can I still reach the box after starting openvpn and can anyone on the other vpn side connect to the vncserver? So my question is what is the easyest way to route only service Y to the vpn and make incomming (from the vpn) request route only to service Y's port?

I've been noticing this lately in wireshark. I'm using OpenVPN 2.4.5. Its sending and receiving to the VPN server, however Wireshark shows it is using IPv4, and not the OpenVPN protocol. Is this something to be concerned about, and if so, how can I fix this issue while using OpenVPN?

Hi, I have an issue with my home network. I have an ASUS RT-AC87U router. I use Expressvpn on the router with polcy routing. My Mac is connected straight to the WAN but I use AirVPN'd client Eddie. I have had no issues with either Expressvpn or AirVPN. Last night I spent serveral hours on my universities website doing work. At the end of the night I decided to just check everything was running ok with the VPN connections. I found no matter what I did (clear caches, delete cookies, check my dns settings, renew the lease etc) this problem persists. My iPhone uses the Expressvpn (openvpn in the router) and my mac uses the AirVPN client eddie. When I run the ipleak.net test I receive 100 DNS errors. I have not changed any settings in the router whatsoever. I've changed nothing. See the screenshots ... (Sweden is AirVPN, US is Expressvpn) Obviously the error is being caused within my router, which I have restarted and checked for a ASUS-WRT Merlin update).

Dear Users, Support Stuff, I have a Problem to solve, i try to Run a Web Server. My ISP dont like this and have restrictions over all Ports from Outbound. So i try with a VPN, i have a Port Forwarding, Port is Open with the Connection to the VPN. If i Open the Browser to the VPN IP and the Port from the VPN i have a Network Timeout. Always... I have Down Speed 20mb / Up Speed 6 mb I stopped my Firewall but the same Error ( if you think from my Firewall ) I dont knwo so solve this one, little bit Network Technic i understand. If possible you can Help me. Im so sorry for my ugly English, i know. Im from the German Language Part of Switzerland. Kind regards Chris

Hi, Totally new to doing VPN over TOR. I'm just seeing what its like to set up. I'm using an iMac 27" macOS 10.13.3 & Eddie 2.12.4. I have Tor Browser installed and running fine, its connected to TOR. I followed the instructions on this page: https://airvpn.org/tor/ - In Preferences for Eddie Proxy/Tor>Type>Tor I clicked the test and Eddie indicates there is connectivity to Tor. Am I actually running the VPN through TOR as it is? See images. The Test indicates there is connectivity. But how do I know the VPN traffic is running through TOR? ipleak.net doesn't indicate any tor exit node. Any help or suggestion will be appreciated. Cheers.

Hello. I want to organize virtual local network. Make my notebook, home PC, and several few virtual machine to be in one virtual "local" network. Is it possible with airVPN?

I've managed to get a pfSense VM working with AirVPN's Serpentis server via Stunnel. Given the importance of using the latest versions of Stunnel and OpenSSL, I used pfSense 2.2-BETA x64, which is based on FreeBSD 10.1-RELEASE x64. Working in a FreeBSD 10.1 x64 VM, I made the stunnel-5.07 package and its dependencies from ports. See <http://www.freshports.org/security/stunnel/>. Also see <https://forums.freebsd.org/threads/howto-setting-up-stunnel-in-freebsd.1717/>. pfSense 2.2-BETA x64 VM: 512 MB RAM 7 MB video RAM 2 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (NAT) Adapter 2: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults FreeBSD 10.1 x64 VM 1024 MB RAM 7 MB video RAM 10 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults Debian 7.6 x64 workspace VM 1024 MB RAM 128 MB video RAM 20 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults legacy Gnome desktop installed openssh-server Working in FreeBSD VM: # portsnap fetch extract # mkdir /usr/ports/packages # cd /usr/ports/security/stunnel # make config [x] DOCS [x] EXAMPLES [ ] FIPS [ ] IPV6 [ ] LIBWRAP [x] SSL_PORT [ ] FORK [x] PTHREAD [ ] UCONTEXT # make package-recursive [use default openssl-1.0.1_16 settings] [use default perl5-5.18.4_10 settings] # cd /usr/ports/packages/All # ls openssl-1.0.1_16.txz pkg-1.3.8_3.txz perl5-5.18.4_10.txz stunnel-5.07.txz # sftp user@192.168.10.11 [Debian VM] # put * # exit # shutdown -p now Working in Debian VM: login pfSense webGUI browse "Diagnostics: Command Prompt" upload openssl-1.0.1_16.txz and move to /root/ upload pkg-1.3.8_3.txz and move to /root/ upload perl5-5.18.4_10.txz and move to /root/ upload stunnel-5.07.txz and move to /root/ Working in pfSense VM console: : pkg install *.txz The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y ... New packages to be INSTALLED: openssl-1.0.1_16 perl5-5.18.4_10 stunnel: 5.07 The process will require 61 MB more space. Proceed with this action? [y/N]: y [1/3] Installing openssl-1.0.1_16: 100% [2/3] Installing perl5-5.18.4_10: 100% makewhatis: not found makewhatis: not found pkg: POST-INSTALL script failed ===> Creating users and/or groups. Creating group 'stunnel' with gid '341'. Creating user 'stunnel' with uid '341'. [3/3] Installing stunnel-5.07: 100% Message for openssl-1.0.1_16: Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf and edit it to fit your needs. [DON'T DO THAT. USE EXISTING openssl.cnf] Message for stunnel-5.07: *************************************************************************** To create and install a new certificate, type "make cert" And don't forget to check out the FAQ at http://www.stunnel.org/ *************************************************************************** : mkdir /usr/local/etc/stunnel/run : chown stunnel:stunnel /usr/local/etc/stunnel/run : chmod 0622 /usr/local/etc/stunnel/run Working in Debian VM: login pfSense webGUI browse "Diagnostics: Edit File" browse "/usr/local/etc/stunnel/stunnel.conf-sample" and open to edit save as "/usr/local/etc/stunnel/stunnel.conf" replace content with this and save: ................................... ; create local jail chroot = /usr/local/etc/stunnel/run ; set own UID and GID setuid = stunnel setgid = stunnel client = yes foreground = no options = NO_SSLv2 [openvpn] accept = 1413 connect = 178.248.30.133:443 TIMEOUTclose = 0 ................................... browse "/etc/defaults/rc.conf" and open to edit add this at end and save: ......................................................... stunnel_enable="YES" stunnel_pid_file="/usr/local/etc/stunnel/run/stunnel.pid" ......................................................... browse "Diagnostics: Command Prompt" run "mv /usr/local/etc/rc.d/stunnel /usr/local/etc/rc.d/stunnel.sh" Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: System logs: General" should see: ................................................................................................... ... ... php-fpm[243]: /rc.start_packages: Restarting/Starting all packages. ... kernel: done. ... stunnel: LOG5[34393318400]: stunnel 5.07 on amd64-portbld-freebsd10.1 platform ... stunnel: LOG5[34393318400]: Compiled/running with OpenSSL 1.0.1j 15 Oct 2014 ... stunnel: LOG5[34393318400]: Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP ... stunnel: LOG5[34393318400]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf ... stunnel: LOG5[34393318400]: UTF-8 byte order mark not detected ... stunnel: LOG5[34393318400]: Configuration successful ... ................................................................................................... browse "System: General Setup" specify desired third-party DNS servers on WAN_DHCP [x] Do not use the DNS Forwarder as a DNS server for the firewall browse "Services: DNS Forwarder" [ ] Enable DNS forwarder browse "System: Advanced: Networking" [ ] Allow IPv6 [x] Prefer to use IPv4 even if IPv6 is available browse "System: Advanced: Miscellaneous" [x] Skip rules when gateway is down [x] Enable gateway monitoring debug logging browse "System: Certificate Authority Manager" add ca.crt browse "System: Certificate Manager" add client.crt|client.key browse "VPN: OpenVPN: Client" Protocol: TCP Interface: Localhost Server host or address: 127.0.0.1 Server port: 1413 Server host name resolution: don't "Infinitely resolve server" Encryption algorithm: AES-256-CBC Compression: Disabled - No Compression Disable IPv6: Don't forward IPv6 traffic Advanced: persist-key;persist-tun;remote-cert-tls server; route 178.248.30.133 255.255.255.255 net_gateway Verbosity level: 5 browse "Status: System logs: General" should see: ................................................................................................... ... ... openvpn[86987]: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1413 ... openvpn[86987]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) ... openvpn[86987]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1, dhcp-option DNS 10.50.0.1,comp-lzo no,route 10.50.0.1,topology net30,ping 10, ping-restart 60,ifconfig 10.50.2.74 10.50.2.73' ... ... openvpn[86987]: /sbin/ifconfig ovpnc1 10.50.2.74 10.50.2.73 mtu 1500 netmask 255.255.255.255 up ... openvpn[86987]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 10.50.2.74 10.50.2.73 init ... openvpn[86987]: /sbin/route add -net 127.0.0.1 10.0.2.2 255.255.255.255 ... openvpn[86987]: /sbin/route add -net 0.0.0.0 10.50.2.73 128.0.0.0 ... openvpn[86987]: /sbin/route add -net 128.0.0.0 10.50.2.73 128.0.0.0 ... openvpn[86987]: /sbin/route add -net 178.248.30.133 10.0.2.2 255.255.255.255 ... openvpn[86987]: /sbin/route add -net 10.50.0.1 10.50.2.73 255.255.255.255 ... openvpn[86987]: Initialization Sequence Completed ................................................................................................... browse "Services: DHCP Server" set 10.50.0.1 as DNS server browse "Interfaces: Assign Network Ports" add OPT1 browse "Interfaces: OPT1" enable and rename "AIRVPN" browse "Firewall: NAT: Outbound" select "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" save and apply changes leave localhost rules alone "Auto created rule for ISAKMP - localhost to WAN" "Auto created rule - localhost to WAN" change interface for LAN rules from WAN to AIRVPN "Rule for ISAKMP - LAN to AIRVPN" "Rule - LAN to AIRVPN" apply changes browse "Firewall: Rules: LAN" delete IPv6 rule edit IPv4 rule specify AIRVPN_VPNV4 as Gateway\ rename as "Allow LAN to any rule via AIRVPN_VPNV4" apply changes Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: OpenVPN" should see that Client TCP is up Done Edit: I've added rules on WAN, and required aliases. Aliases are needed for three types of outbound traffic: 1) the DNS server IPs specified in “System: General Setup”; 2) the pfSense NTP server hostname specified in “System: General Setup”; and 3) the connect server IP specified in the Stunnel configuration. In Firewall: Aliases: IP, create three aliases, using the + button to add the values: Name Values Description dnssvr 208.67.220.220 208.67.222.222 DNS server IP addresses ntpsvr 0.pfsense.pool.ntp.org default pfSense NTP server sslsvr 178.248.30.133 Stunnel server Using these aliases, you then add rules for the WAN interface to pass necessary outbound traffic, and then a final rule to block everything else. In "Firewall: Rules: WAN", create these rules, specifying “Single host or address” for the pass rules: Action TCP/IP Proto Source Port Dest Port Gateway Queue Description pass IPv4 TCP/UDP WAN address * dnssvr * * none Allow to DNS servers pass IPv4 UDP WAN address * ntpsvr * * none Allow to NTP server pass IPv4 TCP/UDP WAN address * sslsvr * * none Allow to SSL server block IPv4 * WAN address * * * * none Block all other IPv4 block IPv6 * WAN address * * * * none Block all IPv6 Then reboot from the console window, by entering 5 and then y to confirm.