Jump to content
Not connected, Your IP:

Search the Community

Showing results for tags 'pfSense'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • AirVPN
    • News and Announcement
    • How-To
    • Frequently asked questions
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL







XMPP / Jabber




Found 54 results

  1. Hi, sorry to bother you guyes but I need some beginner help configuring my pfsense to route my selected netflix capable devices traffic outside the airvpn tunnel. Can some1 take me step by step thru the configuration?
  2. Hey All, I use PfSense with AirVPN and its set up to use AirVPN DNS ( IIRC) to prevent DNS leakage, however the "client" in Pfsense is configured to use europe.vpn.airdns.org which cannot resolve until the AirVPN is up. I've found out what europe.vpn.airdns.org CURRENTLY resolves to and used the IP instead to work around this, but i assume this changes frequently to manage load (correct?). So am i ok to just leave this as it is or should i be doing something else? Finally, download speed across the VPN are about 2-3Mbps when i have a 20Mbps connection - seems a little slow - anything i can check here?
  3. Hi, Since a day my pfSense connection suddenly won't work anymore without any real reason (nothing has changed in my setup). In Status / OpenVPN: Client UDP has status "down" The logs say: Nov 26 10:13:36 openvpn 16488 Server poll timeout, restartingNov 26 10:13:36 openvpn 16488 SIGUSR1[soft,server_poll] received, process restartingNov 26 10:13:36 openvpn 16488 NOTE: the current --script-security setting may allow this configuration to call user-defined scriptsNov 26 10:13:36 openvpn 16488 Socket Buffers: R=[42080->42080] S=[57344->57344]Nov 26 10:13:36 openvpn 16488 UDPv4 link local (bound): [AF_INET] 26 10:13:36 openvpn 16488 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194Nov 26 10:13:38 openvpn 16488 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sockNov 26 10:13:38 openvpn 16488 MANAGEMENT: CMD 'state 1'Nov 26 10:13:38 openvpn 16488 MANAGEMENT: Client disconnectedNov 26 10:13:41 openvpn 16488 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sockNov 26 10:13:41 openvpn 16488 MANAGEMENT: CMD 'state 1'Nov 26 10:13:41 openvpn 16488 MANAGEMENT: Client disconnected If anyone has an idea how to troubleshoot this, I'd be most thankful
  4. Hi there, I followed the pfsense tutorial and got it all working, except for the last step with dns forwarder. I'm connecting to "xx.vpn.airdns.org" instead of a IP. This provides some load balancing, since airvpn chooses a server for me. And a bit of extra security since it chooses a different server each time. My problem is that I need a working DNS to initially connect to xx.vpn.airdns.org. Is there a way I can allow this specific request via, but no other? What I do now is I use the DNS Forwarder and "Query DNS servers sequentially", I uncheck it when I connect, and check it once connected. Is there a way i can avoid having to do this manually? (My first dns server is airvpn's and the second is googles.) thanks!
  5. Hi all, I am trying to forward a port to a box on my LAN for p2p. Let me start by saying I do not understand what is meant by: “IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client.” Still, I did my best to get it to work but have failed miserably. My setup is this: I created a port forward on AVPN (port 12345). I then created a port forwarding entry in pfSense 2.3 following this guide: https://nguvu.org/pfsense/pfsense-port-forward/ After quite a bit of debugging, it seems the port test will reach my host but rather than return through the VPN tunnel, instead goes through my WAN. My setup only allows a few boxes to go through the VPN which all have a fixed IP set in the DHCP server. This is clearly not an AVPN issue but you all seem to have quite a bit of experience so someone might be able to help. What rule am I missing to force the forward back out through the VPN? Thanks!
  6. Hello, I haave been having a VERY weird issue. My Ip listed in PFsense under OpenVPN Client UDP is differnet than what is listed in the client area on www.airvpn.org/ ​For instance my Pfsense OpenVPN Client IP: Client UDP Thu Sep 29 5:40:06 2016 BUT when I go to www.AirVPN.org and go to the client area it shows my IP as: 1 Alwaid Canada, Toronto, Ontario 24m 58s ago 5 MB 2 MB 291 B/s 309 B/s ​also when I google "what is my ip" the shows up. AND again whenever I do a DNS test... How and Why is PFsense connecting to a different AirVPN IP? ​This hasn't always been this way, when I initially set all this up it was NOT like this... Very Weird. ​THANK YOU FOR ANY AND ALL HELP! ​
  7. ​Hi everyone ​ ​I have installed ESXI 6.0 on my home server and I am trying to access each host console, but when I open ssh tunnel to port 443, 902 and 903 with putty I still don't have control over the host's console. ​ is there any special rules that I have to add on my pfsense firewall to access the console on each host. ​ ​Thank you ​ ​ ​ ​EDIT: ​ ​with ubuntu terminal I get message : Privileged can only be forwarded by root ​I just add SUDO at the front so I can get root then message : Permission denied (publickey). ​Do I have to install ssh key pair for root and add public key to my access server? ​ ​EDIT: ​ ​I just generated a keys for root and logged in as root opened a ssh tunnel as root to ports 443,902 and 903 ​ ​ I can't login I've got this message "[object, Object] " ​Is anyone know how to fix that? ​
  8. Hello, first time posting in the forums here at AirVPN. I run AirVPN in PFsense as a OpenVPN client. I use the servers in the US (us.vpn.airdns.org:443). I use the AirVPN DNS servers & and have them listed in the “General Settings” of PFsense. I have a couple different issues and or problems. First one being, when I need to connect to a AirVPN server because of restarting PFsense or if I just want to switch to another server in the US, I have to switch the DNS settings in the “General Settings” to OpenDNS servers & to be able to connect to a AirVPN server. Once the connection to the server is made I go back into “General Settings” and switch back to & The whole ordeal is kind of a pain. I was wondering if this was the only way to connect to AirVPN servers let alone ensure no DNS leaks? I also have a problem with connecting to ipleak.net. I used to be able to connect all the time with no issue. The last couple of days I get a “We can’t reach this site” error. Another problem I have is; I have only been able to connect to 1 particular US server in Miami. I’d like to switch to another US server other than the Miami (I get real slow speeds on this server) one. I go into the Client Area and disconnect from the server. That’s when I have to go back into the “General Settings” within PFsense and switch to the OpenDNS DNS servers and restart PFsense to be able to connect again to a VPN server again. AND for the last couple days every time I do this I have been ending back onto the Miami server I don’t want to use… My question is there a way to avoid this server while still using US servers or do I have to just select 1 US server each time in PFsense instead of keeping the broad range of all US servers? I was also curious if anyone knew how a server was selected in US by Pfsense? Sorry for the lengthy post, I hope someone can help! Thank you in advance!
  9. Hi fellow Airvpn'ers, First I would like to thank pfSense_fan for the great guide and Airvpn for their mission and superb service! and ofcourse the community for their help! I have followed the 2.3 guide of pfSense_fan. When following the guide exactly everything works perfectly, but I am having a problem when trying to do things slight differently. The thing is that I have different interfaces for different purposes. For the other interfaces I wish to use different DNS servers. When following the guide it works, but when I adjust the DNS NAT rule to use those different DNS servers I am not having internet at all. I have tried to add the DNS servers through the DHCP servers menu and add it through there. I also created a alias with the DNS servers. I changed the NAT rule to use the alias with their respective DNS servers as target IP instead of the pfSense IP. I have been trying and trying, but the internet goes down when changing the NAT rule for DNS. I can reach the firewall through its IP. So my question is how I can use different DNS servers while following the guide of pfSense_fan? Can some of you share their expertise with me and perhaps tell me what I am doing wrong here? Thanks!
  10. I started the 3 day trial of AirVPN to test out its port forwarding, if it worked well I was willing to switch over from PIA but after looking around for the past few days I could not find a guide for port forwarding AirVPN on pfSense 2.3 that would work for me. I would like to address that first but I also need a solution to my chromecast no longer works even though everything else on the network seems to work fine. If there is any other information required from me I would be more than happy to provide it.
  11. I've recently started using AirVPN. I am connecting to AirVPN with a pfSense router (v2.3 using the DNS resolver). The problem I'm having is an intermittent failure to resolve www.airvpn.org from any device on the network. airvpn.org seems to be the only site impacted. When I try to go to the AirVPN site it will timeout. If I wait a minute or so, I am able to successfully load the AirVPN site. The next time I tried to go to the site, it times out again....wait a minute than I can get in again. This occurs over and over again. When the site won't load, nslookup fails, but a DNS query from the pfSense box succeeds, showing a response from the AirVPN DNS server. My pfSense is setup with two VLANS - one VLAN directing traffic to AirVPN and another VLAN that routes traffic out the standard WAN port (using OpenDNS DNS servers). This problem only happens on the VPN VLAN, using the other (non-VPN) VLAN works correctly. All of this makes me think the problem is somewhere in the pfSense configuration, but the fact that it only impacts airvpn.org when using the AirVPN DNS server makes me think I should start here. I've tried several different servers (Metallah, Rasalas, Pollux, Azha, Acamar, Zosma) with no change in the issue. If I try to go to the site using the IP address returned by nslookup I get a browser warning "Your connection is not secure". To connect I have to create a security exception in the browser. I don't get this error when I am able to browse the site using the name instead of the IP. If it matters, I'm using pfBlockerNG on the pfSense box, but I have this problem even when pfBlockerNG is disabled or even uninstalled. Has anyone ever seen this behavior or have any ideas how to resolve it?
  12. Hi All, I was just looking for a plug and play pfsense router and I found this amazing product: https://www.ovpn.se/en/box Its to bad it's from a another VPN provider but I just asked the support and they say that every OVPN config file will run on it. I now have a Asus ac3200 200/20 mbit connection with VPN I got 40mbits and I hope the speed are much higher with this router. Has anyone experiences with this product and idea what speed I would get ? I hope the airvpn config files will run smootly on it. Btw Air thanks for the new servers!!!!!
  13. Please see also here for an updated baseline guide : https://nguvu.org/pfsense/pfsense-baseline-setup/ pfSense_fan's Guide How To Set Up pfSense 2.3 for AirVPN Guide is updated to pfSense Version 2.3 This guide will work on 2 or more interfaces. Please inform me of any and all errors found! Feedback is appreciated! Please rate this post or leave a comment to share if this worked for you! Table of Contents: Step 1: Disable IPv6 System Wide Step 2: Entering our AirVPN CA, Certificate and Key General Settings and Preparation Step 3: Setting up the OpenVPN Client Step 4: Assigning the OpenVPN Interface & Setting the AirVPN Gateway Step 5: IP and Port Alias Creation to Aid Interface Setup Step 6: Setting up an AirVPN Routed Interface Step 7: General Settings, Advanced Settings and Other Tweaks Step 8: Setting up the DNS Resolver -----
  14. Before anyone flames me, yes i have search the forum and have pour over the guide, which by the way is great and it getting better by the day. But for the life of me i cannot get ports forwarded using air's service, i can forward ports all day long on clear net no prob and my clear net DynDNS works great. I have look at the pfsense forums and like i said clear net, works, air's no, All i get is a black circle it never turns green, the sad thing is plex is port forwarded on clear net and air would tell me it was reachable on my real ip but not air. the NAT statements were set the same ports different WAN's Any way if anyone has gotten this to work post some examples, I just want to port forward not doing bittorent or anything like that.
  15. I believe that passing as few hops as possible on the Internet is a good thing in terms of privacy, security and stability. So I was thinking about developing a setup where I would route traffic to IPs in to country X to the VPN exit node in country X, and traffic to country Y to a VPN exit node in country Y, and so on... This could easily be setup in a router like pfSense etc. I would love to hear your reflections/comments on the security and privacy in such a setup. BR
  16. Hi, I use pfsense to connect to VPN providers. I got a Multi Gateway Setup (One Lan - 6 WAN). 5 Of these 5 WAN adapters are VPN connections to a different VPN Provider and I use rules on the Firewall to route traffic to these Connections. They use the typical 10.x.0.1 Gateway, with a Subnet Mask. This all works as expected. Now I created another VPN Connection with AirVPN to this setup. I'm connected and this seems to be no Problem. I also get a 10.x.0.1 Gateways but with a subnet mask of So If I want to route traffic trough the AirVPN client, it's a ) slow and b ) does not work as expected. ( I guess that A is because of B ) If I check my IP using one of the normal websites and refresh the website, I see that it rotates between all !!! VPN Connections. This is strange. I checked my setup multiple times and don't see a reason why this happens. (I'm not using routing groups here) Again, this only happens if I use the AirVPN Gateway for this traffic. If I use one of my other VPN Gateways, I permanently use this VPN connection. ANY idea ?
  17. When I connect my VPN to america.vpn.airdns.org UDP port 443 and I enable infinitely resolve, I will connect to a 'random' server in that pool, right? I suppose 'random' being one of the servers with low load, load latency, so you can evenly distribute the incoming VPN's for your customers. Question 1: When I enable 'Infinitely resolve server' in the OpenVPN connection setup, does that automatically fail me over to another server when latencies are getting high or the server gets too high on load, or will that only fail me over to another server when the server I'm connected to goes down? Here's why I am asking. I initially setup 3 VPN connections each toa different port, in a load balanced group on PfSense, each directly to an IP address to one of your servers. I did it so that PfSense would fail over when latencies are getting too high, when there's ping loss or (obviously) when a VPN goes down. This worked, and when one server would see high latencies, I'd get an email stating PfSense was omitting it from the routing group. However, on several occasions for the past two days, all servers I was connected to were seeing high latencies but because I was connected directly to a AirVPN server IP I had nowhere else to fail over to. And that is a problem. So I recreated my VPN tunnels to connect to a region's DNS name, again each on a different UDP port. I am hoping it works as I described in the second alinea (fail over on high latencies with infinitely resolve server'). But what I'm seeing is that all three connections are now going to the same server. If that server goes down and my connection needs to failover, all my VPN tunnels will now go down at the same time, and connect to another server. But they would probably all connect to the same new server again, and I'm back to square one. This is also a problem. Here's what I would like: When I setup 3 simultaneous connections on a DNS name to a region from the same IP address, I would want each one to connect to a different server. Especially since I'm connecting to three different ports, this should be easy to to do right? Is this possible at all? Can I somehow force this from my end? If this is currently NOT possible, would you consider this as a feature request? Many thanks for your time!
  18. So I know this maybe over the top and a wee bit silly but what if you chained 2 VPNs together through virtualization (VPN 1 on host machine and VPN 2 on a virtual machine) but instead of running 1 virtual machine you installed a virtual machine inside of a virtual machine and installed VPN 2 inside that virtual machine thats installed inside the virtual machine then create another virtual machine seperate from the others and install pfsense and configure it and route the traffic through VM 2 (virtual machine inside the virtual machine) to VM 1 then back through the host? And of cousre run TOR too............ VPNception?
  19. Well, I had some disappointing results with DD-WRT (lack of stability on my router) so I'm planning to go back to stock firmware and place a firewall appliance between the router and the modem, to control which traffic goes where in a simple, GUI way. I saw some posts on here mentioning pFsense, but me being me I wanted to try out something else first. More Googling showed Sophos UTM is a popular Firewall with a great user interface. Has anyone had any success running AirVPN with Sophos UTM Firewall? I have the software installed but I can't seem to find a way to add an openVPN client connection, SSL or SSH connection. Perhaps I'm missing something? I'm also considering trying out Untangle, IPfire and finally pFsense if I don't find what I want with the others. Yeah, I'm scared off pFsense's interface..
  20. I have not had a chance to setup my pfsense box to connect strickly to airVpn. I have been trolling the pfSense forums and read the wiki and seen where a few developers split from pfSense because it was becoming too commercial. I downloaded the image and installed in a VM but have not done much to it. Just wanted to know how many here would move to this version of firewall in leu of pfSense. Dont get me wrong im sticking with pfsense since pfSense_fan did one heck of a job on the guide, i was just wondering.
  21. I have set up AirVPN on my pfSense router with the help of the instructions I found here on this forum. Unfortunately I experience some DNS problems with the AirVPN DNS server The AirVPN server is the first DNS (use VPN tunnel) and the other two OpenDNS server. Also the strict order option is set so se they are queried sequentially. I connect to german servers (UDP 443) but the problem not seems to be related to one certain server and may occur immediately after connecting to it or even after a day or two. Restarting the tunnel or the router itself fixes the problem, often needs a few tries. Surprisingly it is only a few websites that are affected and cannot resolve properly. Those are for example (ironically) airvpn.org, windowscentral.com, pandawill.com just to mention a few. If I omit AirVPN's DNS completely and only rely on the OpenDNS servers I not experience this issue at all and no DNS problems for weeks! I attached some information and would appreciate any help on this.
  22. I've managed to get a pfSense VM working with AirVPN's Serpentis server via Stunnel. Given the importance of using the latest versions of Stunnel and OpenSSL, I used pfSense 2.2-BETA x64, which is based on FreeBSD 10.1-RELEASE x64. Working in a FreeBSD 10.1 x64 VM, I made the stunnel-5.07 package and its dependencies from ports. See <http://www.freshports.org/security/stunnel/>. Also see <https://forums.freebsd.org/threads/howto-setting-up-stunnel-in-freebsd.1717/>. pfSense 2.2-BETA x64 VM: 512 MB RAM 7 MB video RAM 2 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (NAT) Adapter 2: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults FreeBSD 10.1 x64 VM 1024 MB RAM 7 MB video RAM 10 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults Debian 7.6 x64 workspace VM 1024 MB RAM 128 MB video RAM 20 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults legacy Gnome desktop installed openssh-server Working in FreeBSD VM: # portsnap fetch extract # mkdir /usr/ports/packages # cd /usr/ports/security/stunnel # make config [x] DOCS [x] EXAMPLES [ ] FIPS [ ] IPV6 [ ] LIBWRAP [x] SSL_PORT [ ] FORK [x] PTHREAD [ ] UCONTEXT # make package-recursive [use default openssl-1.0.1_16 settings] [use default perl5-5.18.4_10 settings] # cd /usr/ports/packages/All # ls openssl-1.0.1_16.txz pkg-1.3.8_3.txz perl5-5.18.4_10.txz stunnel-5.07.txz # sftp user@ [Debian VM] # put * # exit # shutdown -p now Working in Debian VM: login pfSense webGUI browse "Diagnostics: Command Prompt" upload openssl-1.0.1_16.txz and move to /root/ upload pkg-1.3.8_3.txz and move to /root/ upload perl5-5.18.4_10.txz and move to /root/ upload stunnel-5.07.txz and move to /root/ Working in pfSense VM console: : pkg install *.txz The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y ... New packages to be INSTALLED: openssl-1.0.1_16 perl5-5.18.4_10 stunnel: 5.07 The process will require 61 MB more space. Proceed with this action? [y/N]: y [1/3] Installing openssl-1.0.1_16: 100% [2/3] Installing perl5-5.18.4_10: 100% makewhatis: not found makewhatis: not found pkg: POST-INSTALL script failed ===> Creating users and/or groups. Creating group 'stunnel' with gid '341'. Creating user 'stunnel' with uid '341'. [3/3] Installing stunnel-5.07: 100% Message for openssl-1.0.1_16: Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf and edit it to fit your needs. [DON'T DO THAT. USE EXISTING openssl.cnf] Message for stunnel-5.07: *************************************************************************** To create and install a new certificate, type "make cert" And don't forget to check out the FAQ at http://www.stunnel.org/ *************************************************************************** : mkdir /usr/local/etc/stunnel/run : chown stunnel:stunnel /usr/local/etc/stunnel/run : chmod 0622 /usr/local/etc/stunnel/run Working in Debian VM: login pfSense webGUI browse "Diagnostics: Edit File" browse "/usr/local/etc/stunnel/stunnel.conf-sample" and open to edit save as "/usr/local/etc/stunnel/stunnel.conf" replace content with this and save: ................................... ; create local jail chroot = /usr/local/etc/stunnel/run ; set own UID and GID setuid = stunnel setgid = stunnel client = yes foreground = no options = NO_SSLv2 [openvpn] accept = 1413 connect = TIMEOUTclose = 0 ................................... browse "/etc/defaults/rc.conf" and open to edit add this at end and save: ......................................................... stunnel_enable="YES" stunnel_pid_file="/usr/local/etc/stunnel/run/stunnel.pid" ......................................................... browse "Diagnostics: Command Prompt" run "mv /usr/local/etc/rc.d/stunnel /usr/local/etc/rc.d/stunnel.sh" Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: System logs: General" should see: ................................................................................................... ... ... php-fpm[243]: /rc.start_packages: Restarting/Starting all packages. ... kernel: done. ... stunnel: LOG5[34393318400]: stunnel 5.07 on amd64-portbld-freebsd10.1 platform ... stunnel: LOG5[34393318400]: Compiled/running with OpenSSL 1.0.1j 15 Oct 2014 ... stunnel: LOG5[34393318400]: Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP ... stunnel: LOG5[34393318400]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf ... stunnel: LOG5[34393318400]: UTF-8 byte order mark not detected ... stunnel: LOG5[34393318400]: Configuration successful ... ................................................................................................... browse "System: General Setup" specify desired third-party DNS servers on WAN_DHCP [x] Do not use the DNS Forwarder as a DNS server for the firewall browse "Services: DNS Forwarder" [ ] Enable DNS forwarder browse "System: Advanced: Networking" [ ] Allow IPv6 [x] Prefer to use IPv4 even if IPv6 is available browse "System: Advanced: Miscellaneous" [x] Skip rules when gateway is down [x] Enable gateway monitoring debug logging browse "System: Certificate Authority Manager" add ca.crt browse "System: Certificate Manager" add client.crt|client.key browse "VPN: OpenVPN: Client" Protocol: TCP Interface: Localhost Server host or address: Server port: 1413 Server host name resolution: don't "Infinitely resolve server" Encryption algorithm: AES-256-CBC Compression: Disabled - No Compression Disable IPv6: Don't forward IPv6 traffic Advanced: persist-key;persist-tun;remote-cert-tls server; route net_gateway Verbosity level: 5 browse "Status: System logs: General" should see: ................................................................................................... ... ... openvpn[86987]: [server] Peer Connection Initiated with [AF_INET] ... openvpn[86987]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) ... openvpn[86987]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1, dhcp-option DNS,comp-lzo no,route,topology net30,ping 10, ping-restart 60,ifconfig' ... ... openvpn[86987]: /sbin/ifconfig ovpnc1 mtu 1500 netmask up ... openvpn[86987]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 init ... openvpn[86987]: /sbin/route add -net ... openvpn[86987]: /sbin/route add -net ... openvpn[86987]: /sbin/route add -net ... openvpn[86987]: /sbin/route add -net ... openvpn[86987]: /sbin/route add -net ... openvpn[86987]: Initialization Sequence Completed ................................................................................................... browse "Services: DHCP Server" set as DNS server browse "Interfaces: Assign Network Ports" add OPT1 browse "Interfaces: OPT1" enable and rename "AIRVPN" browse "Firewall: NAT: Outbound" select "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" save and apply changes leave localhost rules alone "Auto created rule for ISAKMP - localhost to WAN" "Auto created rule - localhost to WAN" change interface for LAN rules from WAN to AIRVPN "Rule for ISAKMP - LAN to AIRVPN" "Rule - LAN to AIRVPN" apply changes browse "Firewall: Rules: LAN" delete IPv6 rule edit IPv4 rule specify AIRVPN_VPNV4 as Gateway\ rename as "Allow LAN to any rule via AIRVPN_VPNV4" apply changes Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: OpenVPN" should see that Client TCP is up Done Edit: I've added rules on WAN, and required aliases. Aliases are needed for three types of outbound traffic: 1) the DNS server IPs specified in “System: General Setup”; 2) the pfSense NTP server hostname specified in “System: General Setup”; and 3) the connect server IP specified in the Stunnel configuration. In Firewall: Aliases: IP, create three aliases, using the + button to add the values: Name Values Description dnssvr DNS server IP addresses ntpsvr 0.pfsense.pool.ntp.org default pfSense NTP server sslsvr Stunnel server Using these aliases, you then add rules for the WAN interface to pass necessary outbound traffic, and then a final rule to block everything else. In "Firewall: Rules: WAN", create these rules, specifying “Single host or address” for the pass rules: Action TCP/IP Proto Source Port Dest Port Gateway Queue Description pass IPv4 TCP/UDP WAN address * dnssvr * * none Allow to DNS servers pass IPv4 UDP WAN address * ntpsvr * * none Allow to NTP server pass IPv4 TCP/UDP WAN address * sslsvr * * none Allow to SSL server block IPv4 * WAN address * * * * none Block all other IPv4 block IPv6 * WAN address * * * * none Block all IPv6 Then reboot from the console window, by entering 5 and then y to confirm.
  23. Hi, I'm using pfSense 2.1.4-RELEASE (amd64) + pfblocker + snort. When using AirVPN from a Win7-64bit machine inside my LAN network (official OpenVPN client v. 2.3.4-I001), after a few minutes, I get this messages in the Service --> Snort --> Blocked: (spp_frag3) Fragmentation overlap or(spp_frag3) Fragmentation overlap + (spp_frag3) Teardrop attack.In this situation the OpenVPN client on the Win7 machine stops working (yellow icon). Three days ago pfSense notified me "PF was wedged/busy and has been reset" I had to restart pfSense!!! :-( pfblocker filters: Bluetack IP FilterET blockrules compromisedET fwrules emerging Block IPsSNORT rules: VRT paid Subscriber + ETOpen. Thanks.
  24. Hello, I have a DD-WRT router which had its WiFi functionality quit, so I'm looking to replace it with a PFSense device. I've got about $70 to buy a PFSense device (used is fine), so I've got a few questions. I have speed of ~40mbps up and ~4mbps down on my network connection. What specs would you suggest to run an always-on connection to Air with 3-5 computers behind the PFSense device (the computers wouldn't be running 24/7)? How much RAM, CPU, etc.? I'd like to buy something that can handle the load of OpenVPN without spending too much or significantly slowing down (ie not <50% of current speed) my web access. Here are the devices I'm considering: http://www.ebay.com/itm/Pfsense-2-1-Instagate-EX2-Firewall-VPN-Router-/301114026875?pt=US_Firewall_VPN_Devices&hash=item461bcb6b7b http://www.ebay.com/itm/Router-Firewall-VPN-QOS-appliance-running-pfSense-LAN-and-WAN-ports-/181379828147?pt=US_Wired_Routers&hash=item2a3b1489b3 http://www.ebay.com/itm/pfSense-2-1-2-Router-Firewall-VPN-QOS-appliance-LAN-and-WAN-ports-/181385843068?pt=US_Wired_Routers&hash=item2a3b70517c http://www.ebay.com/itm/pfSense-2-1-2-ROUTER-FIREWALL-1GHz-SSD-Flash-VPN-DMZ-DUAL-GIGABIT-WAN-GUI-3-port-/360909880045?pt=US_Thin_Clients&hash=item5407e7baed Please let me know which you think is best. I look forward to hearing from you soon. Best regards, anonym
  25. *****THIS GUIDE SHOULD NOW BE CONSIDERED OBSOLETE***** pfSense 2.3 WAS RELEASED APRIL 12, 2016 WITH THAT RELEASE, I TOO RELEASED AN UPDATED GUIDE FOR 2.3 THE NEW GUIDE CAN BE FOUND HERE: How To Set Up pfSense 2.3 for AirVPN I HIGHLY RECOMMEND BACKING UP ALL SETTINGS, AS WELL AS EACH INDIVIDUAL BACKUP AREA AFTER BACKING UP, I RECOMMEND A CLEAN INSTALL OF 2.3, BUT AN UPGRADE SHOULD BE OK FOR MOST pfSense_fan's Guide How To Set Up pfSense 2.1 for AirVPN Using Three or more NIC's Have only two NIC's? Follow the guide through step 5, then go to the alternate step 6+7!! Table of Contents: PrefaceUnderstanding Certificates and OpenVPN Config Files on pfSenseUnderstanding OpenVPN Settings on pfSenseStep 1: Entering our AirVPN CA (Certificate Authority)Step 2: Entering our AirVPN Certificate and KeyStep 3: Setting up the OpenVPN ClientStep 4: Assigning the OpenVPN InterfaceStep 5: Setting up the AirVPN GatewayStep 6: Setting up the DNS ForwarderStep 7: Setting up the LAN InterfaceStep 8: Setting up the AirVPN_LAN InterfaceStep 9: Setting Misc Advanced Options (Optional)Step 10: Setting Bootloader and System Tunables (Optional)Step 11: Setting Advanced OpenVPN Options (Optional)Alternate Step 6+7 For Dual (Two) NIC installs
  • Create New...