Search the Community
Showing results for tags 'pfsense'.
Found 54 results
Hello, I have a DD-WRT router which had its WiFi functionality quit, so I'm looking to replace it with a PFSense device. I've got about $70 to buy a PFSense device (used is fine), so I've got a few questions. I have speed of ~40mbps up and ~4mbps down on my network connection. What specs would you suggest to run an always-on connection to Air with 3-5 computers behind the PFSense device (the computers wouldn't be running 24/7)? How much RAM, CPU, etc.? I'd like to buy something that can handle the load of OpenVPN without spending too much or significantly slowing down (ie not <50% of current speed) my web access. Here are the devices I'm considering: http://www.ebay.com/itm/Pfsense-2-1-Instagate-EX2-Firewall-VPN-Router-/301114026875?pt=US_Firewall_VPN_Devices&hash=item461bcb6b7b http://www.ebay.com/itm/Router-Firewall-VPN-QOS-appliance-running-pfSense-LAN-and-WAN-ports-/181379828147?pt=US_Wired_Routers&hash=item2a3b1489b3 http://www.ebay.com/itm/pfSense-2-1-2-Router-Firewall-VPN-QOS-appliance-LAN-and-WAN-ports-/181385843068?pt=US_Wired_Routers&hash=item2a3b70517c http://www.ebay.com/itm/pfSense-2-1-2-ROUTER-FIREWALL-1GHz-SSD-Flash-VPN-DMZ-DUAL-GIGABIT-WAN-GUI-3-port-/360909880045?pt=US_Thin_Clients&hash=item5407e7baed Please let me know which you think is best. I look forward to hearing from you soon. Best regards, anonym
Hi all, I've build a pfsense router myself because I found that speeds were dramatically dropping through my Linksys router (EA6500) or through my client. By building my own router I had more control over the hardware and firmware. I have a 200 Mb/s - 10 Mb/s ISP connection. My router build as follows: Shutlle DS61 V1.1 mini ITX barebone / socket 1155 / 2 x Gbit LAN2 x 4 GB SO DDR3 Kingston HyperXIntel XEON E3-1230 V2 3.10 GHz (has no graphic chip)Kingston 60 GB SSDIn order to get graphics (which I'll need for installation, since the mini ITX motherboard doesn't support an extra graphics card) I bought an old Celeron 2.70 GHz with graphic chip. Now pfsense is installed, I will be using the Celeron for a while in case something goes wrong in pfsense settings and I'll be needing graphics again. So after I'm done with installing packages, setting up everything, I will replace it with the XEON. Speedtest with the Celeron while connected to VPN I think that is pretty impressive since I had around 60 Mb/s - 9.5 Mb/s before I had this router. If you forget about the XEON and keep the Celeron (for 24/7 use, I'll take the XEON also because of it's 'AES NI' instruction within the chipset) it will cost you about 500 dollars or about 370 euro's. The XEON included adds an extra 250 dollars or 195 euro's. This is a better investment than buying any other consumer router with a 600 MHz Broadcom processor. This is a kick ass router! For a proper installation of pfsense I can recommend this video: (good packages: squid, havp, snort (get a paid oinkcode for 27 dollars/year, otherwise you'll have a 10 days delay in updates)) SET UP AIRVPN IN PFSENSE Configure an airvpn *.ovpn file (use a region, airvpn will connect to the best server automatically)From the pfSense interface, navigate to the dropdown menus: System ---> Cert Manager and stay in the first tab.Click the button as seen here to create a new certificate. Give it a description like: cert airvpn. Ensure that "Import an existing certificate authority" is selected. Open the *.ovpn file and copy/paste the first certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 1st fieldClick save (leave the orher field empty)Click on the tab Certificates and click on the plus button as seen here Give it a description like: certificate airvpn. Ensure that "Import an existing certificate authority" is selected.Open the *.ovpn file and copy/paste the second certificate (starting with: ---- CERTIFICATE:----- and ending with: -----END CERTIFICATE-----) into the 1st fieldSo in the file it looks like this: -----END CERTIFICATE----- (end of the first certificate we've just imported) </ca> <cert> Certificate: The second copy/paste should start at: Certificate: copy/paste the third certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 3d fieldClick saveNavigate to the system dropdown menus: VPN ---> OpenVPNClick the Client tab and click on the Plus buttonFollow below settings in the pictures where: 1. serverhost or host adres can be found in the *.ovpn file ending with probably airvpn.org, 2.The serverport can be found in the top of the *ovpn file as well. Navigate to the system dropdown menus Interfaces ----> (assign) and click on the Plus button -Note in the previous screenshot you will notice a StrongVPN interface. you will NOT have that on your box yet, so dont worry. After clicking on the plus button pfSense will tell you it has successfully added a new interface. the network port name will most likley be named "ovpnc1". Ensure that the new interface is selected as "ovpnc1" (it could be ovpnc2, ovpnc3, etc... depends if you have other ovpn interfaces or not)navigate to the system dropdown menus Interfaces ---> OPT1 (or whatever your new interface from the previous step is) and follow steps in below picture Click saveNavigate to the system dropdown menus System ---> Routing and click on the Plus button Follow the settings in the picture below -Note 1: The ip seen in the picture 18.104.22.168 is the ip of OpenDNS -Note 2: By selecting "Default Gateway", the connection to the internet drops if the VPN connection drops. You'll have to set the WAN as default manually in the case if you need an internet connection. navigate to the system dropdown menus Firewall ---> Rules and click on the LAN tabClick on the Plus button to create a new ruleFollow instructions in the picture below Action: PASS -- Interface: LAN Protocol: ANY Source: LAN Subnet Destination: ANY -- Description: LAN to Internet force through VPN **IMPORTANT**: scroll down to "Gateway" under the "Advanced features" of the rule. Set gateway to your VPN interface (see above picture). After Clicking save, you should see something like this navigate to the system dropdown menus Firewall ---> NAT and click on the Outbound tabenable "Manual Outbound NAT rule generation" and select save. Reboot the router and you're done... If you want to/need to start manually, go to Status -----> Services and click on the Play button next to the VPN interface status. Check Status ------> Dashboard for connections as seen in the picture below (in the WAN section you'll see your ISP's IP, which is connection you're coming from to Airvpn (Note from AirVPN: We inevitably know it. Any reference will be deleted when the connection is closed). Don't worry, you're visible with a different IP on the internet. The reason I choose a XEON is the 10% watt reduction and the AES NI instructions in the chip (AirVPN is 256 bit AES encrypted). This will lower my CPU usage and speed up the process. Below you find a picture with system loads while having 10 torrents running and downloading a large file at full speed from usenet (ssl encrypted)... See the CPU usage on the Celeron. That will change I think with a XEON. Good luck and don't forget to install Snort, HAVP and Squit on your pfsense. Good guides out there on Google... knicker
Hi all, In the case of DNS leakage, within pfsense there's good way to prevent that from happening. In this case you don't need to tweak all your Windows machines ;-) In pfsense navigate to Systems ------> General Setup and set everything as in the below picture. Use the DNS servers from AirVPN. Note that with my settings (also described here and here), your internet will drop in case your vpn connection drops. Then you need to set the wan back to default manually. That's it. No more dns leakage! (I had 6 and 2 from my isp)... knicker
help !! i've set up pfsense to work with airvpn. my ip address shows as the desired location and it makes me think everything is set up correctly. but . . . when i do a dns test it shows my true ip address from the internet company. also, when i log on to this web site it indicates "not connected" and shows the same ip address. i have tried various combinations for the dns settings of general setup. for the dns server i have 10.0.5.1 and 10.0.4.1. i've tried various combinations of the "allow dns server list" box and the "do not use the dns forwarder" box. what am i missing? what settings do i need to mask my ip address with no dns leaks??? this noob appreciates any assistance.