Jump to content
Not connected, Your IP: 3.231.229.89

Search the Community

Showing results for tags 'PFSENSE'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Frequently asked questions
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 54 results

  1. Hi, If you want to port-forward and not use the upnp in pfsense, then follow this instruction: In the pfsense browser navigate to Firewall ------> NAT -------> Port Forward Click on the Plus button and follow the instructions in the picture (in the Redirect Target IP section, fill in your client's IP (192.168.0.115 for example) running the program (utorrent for example)In the port sections fill in the forwarded port created on the airvpn websiteIn the Filter rule association section select: create new associated filter rule (this will create a rule for the firewall automatically) Click save and navigate to the Outbound tab and click on the lowest Plus button and follow instructions on the picture (in the Destination IP section, fill in your router's IP)(in the Redirect Target IP section, fill in your client's IP (192.168.0.115 for example) running the program (utorrent for example)In the port sections fill in the forwarded port created on the airvpn website Click Save As you can see in the green light in the below picture, I'm connected: Up and running! Good luck, knicker
  2. pfSense_fan's Guide How To Set Up pfSense 2.3 for AirVPN Guide is updated to pfSense Version 2.3 This guide will work on 2 or more interfaces. Please inform me of any and all errors found! Feedback is appreciated! Please rate this post or leave a comment to share if this worked for you! Table of Contents: Step 1: Disable IPv6 System WideStep 2: Entering our AirVPN CA, Certificate and Key General Settings and PreparationStep 3: Setting up the OpenVPN ClientStep 4: Assigning the OpenVPN Interface & Setting the AirVPN GatewayStep 5: IP and Port Alias Creation to Aid Interface SetupStep 6: Setting up an AirVPN Routed InterfaceStep 7: General Settings, Advanced Settings and Other TweaksStep 8: Setting up the DNS Resolver-----
  3. I have tried to use an ovpn-config from my pfsense with the Eddie-app. I have tried several client export formats on the pfsense, but Eddie does not accept the opvn-files. So I assume mulit-provider-suppurt is not available in the android app right now?
  4. I have configured pfSense using one of the guides and the connection is working fine over port 443. However, I've learnt that it is better to use tls-crypt over TCP from my location and I was wondering what changes would I need to make to pfSense for this. Also, the speed right now is already a tad bit slow (comparing to to PIA that I am also testing). I am based in Dubai and connecting to the new UK/Manchester server. Does anyone have epxerience with a faster server?
  5. Hello, I have been using AirVPN for quite some time now... I was previously using the Eddie client on a single machine, but decided to build a PFSense box and configure the VPN there. I am located in Canada, and setting a connection to a single VPN server in Toronto. It seems to give the best connection and reliability rather then going for the ca.airvpn (I seem to always end up at a BC server using this entry) My issue is.... I currently have a 150mbps connection with my ISP. Using PFSense without AirVPN I am able to reach my advertised speeds With AirVPN configured, I am only ever seeing a max of about 30mbps. My hardware setup is quite decent. Intel® Core i5 CPU 650 @ 3.20GHz 4gb DDR3 memory120gb SSD2 Intel NICs (both showing as igb) My speeds using Eddie were very very good, much better then the PFSense speeds; so I can only assume that I have a configuration error (my hardware seems to be quite good from what I have been reading) Some research from other posts did not help better my issue, so I am hoping that posting my own thread on this topic can being me closer to a conclusion with mine. I followed the guide by "pfSense_fan"https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ I can post any diagnostics or logs as necessary, I just do not know what you guys would like to see. Any help with this would be appreactiated Regards
  6. If you are looking on how to configure AirVPN on pfSEnse, please follow this great post The following are just a few changes I made that worked for me and that might help someone with the same problems I had. Mostly, avoiding a DNS leak. Note that I am not an expert so anyone is welcome to comment if you think I'm doing something wrong. What follows is just a patch of multiple ideas on the net that led me to a working solution. 1. Create the VPN Certificates you need Go to AirVPN and download a config file (.ovpn) https://airvpn.org/generator/ Now go to pfSense and create a CA for AirVPN Descriptive name: [AirVPN CA] Method: [import an existing Certificate Authority] Certificate data: [Open .ovpn file and insert data found between <ca> and </ca>] Save Now open the Certificates tab and create a new certificate Method: [import an existing certificate] Descriptive name: [AirVPN Client] Certificate data: [Open .ovpn file and insert data found between <cert> and </cert>] Private key data: [Open .ovpn file and insert data found between <key> and </key>] 2. Create an OpenVPN connection https://rtr.noh.lan/vpn_openvpn_server.php Follow the document mentioned above and make the following modifications to it, Go to the Clients tab and make sure that: - You use an IP as the Server host to make sure you can re-connect if the line goes down. If the DNS you use is the one from AirVPN, the VPN connection has to be up before you can access it... - Add the following options: server-poll-timeout 10; explicit-exit-notify 5; auth-nocache mlock; fast-io; key-direction 1; prng SHA512 64; tls-version-min 1.2; key-method 2; tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384; tls-timeout 2; remote-cert-tls server; remote 185.206.225.58 443 # no.vpn.airdns.org remote 82.102.27.194 443 # no.vpn.airdns.org remote 91.207.102.162 443 # ro.vpn.airdns.org remote 86.105.9.66 443 # ro.vpn.airdns.org The "remote" entries allow your VPN to connect to another server if the VPN connection drops. 3. The resolver settings I have General Settings Enable: [X] Listen Port: [Blank] Network Interfaces: [LAN] + any other local network you may have Outgoing Network Interfaces: [Your VPN Interface] System Domain Local Zone Type: [Transparent] DNSSEC: [X] DNS Query Forwarding: [ ] DHCP Registration: [ ] Static DHCP: [X] OpenVPN Clients: [ ] Custom options: forward-zone: name: "." forward-addr: 10.4.0.1 Note that the Custom settings forward to an AirVPN internal DNS. Depending on the type of connection you use, the IP will change so check our it will fail. Advanced Settings Hide Identity: [x] Hide Version: [X] Prefetch Support: [X] Prefetch DNS Key Support: [X] Harden DNSSEC Data: [X] Serve Expired : [ ] The rest I have left as default. Now go to DNSLeakTest and test! I hope this helped someone.
  7. Hi everyone, Here's what happened. I have set up my pfSense Firewall Appliance almost two months ago. Using the pfSense Tutorial that AirVPN provides. It worked flawlessly until last Thursday. Suddenly my pfSense router wasn't transferring data anymore and I went on doing some tweaking and noticed that AirDNS (10.4.0.1 wasn't resolving DNS queries anymore. I replaced it with Google, Cisco, Cloudfare, you name DNSs and was back online. I wonder if someone else here has also encountered (or is encountering) this situation? This is very weird. I am positively sure that wasn't any loss of data (my Firewall Appliance is connected to a brand new UPS) Please, let me know. Regards
  8. I just added in IPv6 support on my pfSense box, using AirVPN and a VLAN. Note that I already had the VPN VLAN setup and working correctly with IPv4, so this guide is only about what needed to be changed to add in IPv6 support. Recently, AirVPN has implemented IPv6 across their servers. Provided you are running a recent version of OpenVPN (>= 2.4), and you adjust your client configuration properly, you will be assigned an IPv6 address along with the typical IPv4 address. In my setup, I’m using pfSense as my firewall / router, and have several VLANs configured for various purposes. One of these VLANs is specifically for VPN usage. So the question becomes, how to take the single IPv6 address assigned from AirVPN and make it usable on a VLAN, for multiple hosts. This setup is severely sub-optimal, as IPv6 was designed to avoid NAT (there are what, 3.4x10^38 available addresses?). Given that the design of the protocol and AirVPN’s implementation are at odds, there are some problems that you will encounter. The most annoying being that browsers don’t want to use your IPv6 address, and you will continue to use IPv4, despite having everything setup “correctly.” It may be possible to overcome this with some per-host modifications (on Linux, look to /etc/gai.conf), but that is perhaps not maintainable in the long run. This problem stems from the fact that the address Air is providing is a Unique Local Address (ULA), which, by definition, is not globally routable. This address gets translated at Air’s servers into a normal, globally routable, address. But what the software on your machine sees is a ULA, and since that isn’t a globally routable IP address, the software will prefer the IPv4 address, where it is understood that NAT will probably be used. Given this implementation, I am not convinced it is worth it to setup IPv6 in this type of configuration. Having said all that, here is how I configured things to get IPv6 “working” with AirVPN on a pfSense VLAN: 1: Get an IPv6 address from AirVPN Assuming you are running a recent release of pfSense, you should have the necessary OpenVPN version for this to work (I’m on pfSense 2.4.4, which is using OpenVPN 2.4.6). Go into your OpenVPN client configuration and set “Protocol” to “UDP IPv4 and IPv6 on all interfaces (multihome)” scroll down to “Custom options” and make sure you have these 2 lines: push-peer-info; setenv UV_IPV6 yes; Save, and possibly restart the service. You should now have both IPv4 and IPv6 addresses assigned to your VPN connection 2: Create a new Gateway I can’t remember if the gateway was automatically created at this point. If not, Add a new gateway. If one was auto created, edit it. Then Make sure Interface is set to the VPN Address family is IPv6 Give it a name (VPN1_WAN_IPv6 in my case) I’ve left everything else at default settings, then set a description, and Save and reload 3: Modify your VPN VLAN From the “Interfaces” menu, select your VPN VLAN entry, then Set “IPv6 Configuration Type” to “Static IPv6” Scroll down to the “Static IPv6 Configuration” section and set an address and prefix. I chose a “random” ULA (FDxx:xxxx:xxxx:10::1). Obviously, choose hex characters in place of the “x”s and the “10” matches my vlan number. Set the prefix to /64 Leave the “use IPv4 connectivity” unchecked and the gateway set to “None” Save and reload 4: Configure Router Advertisements and/or DHCPv6 From the “Services” menu, select “DHCPv6 Server & RA” - then choose your VLAN. In my setup, I’m not bothering with DHCP, just using SLACC, so I go directly to the “Router Advertisements” tab. Set Router Mode to unmanaged Priority to Normal You may choose to put your IPv6 DNS server into the DNS configuration section (I believe Air’s server is fde6:7a:7d20:4::1 Leave everything else as is (blank) Save and reload 5: Set NAT Rules From the “Firewall” menu, select “NAT”, then go to the “Outbound” tab Click the second “Add” button Set “Interface” to your VPN gateway “Address Family” is “IPv6” Source type is “network” Source network is the ULA you setup earlier (“Fdxx:xxxx:xxxx:10::/64”) I did this using an alias. Note that the subnet drop down doesn’t list anything above a /32 (it’s meant for IPv4), so I left it at /32. Seems to work anyway. The Translation Address should be set to “Interface Address” Add in a description, if you wish, and Save and reload 6: Set Firewall Rules From the “Firewall” menu, select “Rules” and then the appropriate VLAN tab Click the second “Add” button “Action” is “Pass” “Interface” is your VLAN “Address Family” is “IPv6” Set the rules appropriately for your situation. In my case, just to get things working, I set “Protocol” to “Any” “Source” to “[VLAN] net” Click the “Display Advanced” button Scroll down to “Gateway” and select your previously configured VPN IPv6 gateway Save and reload NOTE: Be sure to move the rule you just created into the correct spot in your rules list! Remember, the rules are checked in order, so if you have a deny rule above your new pass rule in the list, it won’t work. At this point I rebooted pfSense and my VPN client machine. I now have an IPv6 address, assigned from the ULA block I setup. Visiting https://ipleak.net shows I have both IPv4 and IPv6 connectivity. Going to https://test-ipv6.com gives me a 10/10, but with the note that the browser is avoiding using the IPv6 address. See the note from AirVPN Staff about this: https://airvpn.org/topic/25140-the-issue-your-browser-is-avoiding-ipv6/ Hopefully this is helpful to someone out there. MrFricken
  9. Good Morning, I've noticed over the past week since i have started installing development version of pfsense (currently 2.4.5.a.20180918.0149): i did this remotely at work yesterday and i lost internet at home entirely.. since my network being down is quite a bad thing i started trying to fix it remotely. spectrum has a feature to login to their site and reboot the modem. i did that AND i logged into my airvpn account and under client area i disconnected my session. 5 minutes later my internet was backup. this morning there was another update. i applied the update and it automatically rebooted. i lost connection again. this time i simply disconnected my session under client area. 5 minutes later my connection was backup. not pointing fingers at all here. i just wanted to share my experience and hopefully this will save someone some driving
  10. I have AirVPN all set up and running great on a pf Sense router that my home network sits behind. I am trying to get port forwarding set up for torrenting on a server running Windows Server 2016. As far as I can tell everything is set up exactly as it should be but I just can't get it to work. I am connected to Metallah. I have created the forwarded port on the AirVPN site. I have the port open in my Windows firewall. I have the port forwarded in pfSense. I have my torrent client configured to listen on the port I've set up in AirVPN and pfSense and I have my torrent client running with an active torrent trying to download. I have verified that the port is open and can be connected to on my LAN. I have tried 2 different torrent clients (qBittorrent and Deluge) as well as a port listener tool that simply opens any port you specify on TCP or UDP and just listens for connections. When I check the port on the AirVPN site I get error 110 timeout. I've also tried other sites and tools for performing external tests on that port and they all indicate that the port is not open. I have tried creating several new ports on AirVPN (at least 4) and tested on multiple computers on my network all with new corresponding NAT rules in pfSense. No matter what I do I can't get port forwarding to work and I'm at my wits end. I hope someone can help me figure this out. Here is a screenshot of my NAT rule in pfSense.
  11. Hi, I've been trying to get a Gen 2 Server working on my pfSense 2.4 without much success. It seems I am getting no resonse from the VPN Server. I downloaded a config file for Linux for version 2.4 and above and for ipv4/6 with an ipv4 connection. I mention two ip addresses bellow 100.200.100.100 is the modded ip of Alphirk 80.60.1.70 is my WAN The following is my VPN settings: Server Mode = Peer to Peer (SSL/TLS) Protocol = UDP on IPv4 only Device mode = tun - Layer 3 Tunnel Mode Interface = WAN Local Port = Server host = 100.200.100.100 Server port = 443 Proxy host or address = empty Proxy Port = empty Proxy authentication = none Description = AirVPN client User Authentication Settings Username = Empty Password = Empty Cryptographic settings TLS Key = [From file] TLS Key Usage Mode = TLS Authentication Peer certificate authority = AirVPN_CA Peer certificate revocation list = No Lists defined Client certificate = AirVPN_cert (CA: AirVPN_CA) Encryption algorithm = AES-256-CBC (256bit key, 128 bit block) Allowed NCP Encryption Algorithms: AES-256-GCM, AES-256-CBC Auth digest Algorithm = SHA512 Hardware crypto = Intel RDRAND (aI have intel hw) Tunnel Settings IPv4 Tunnel Network = Empty IPv6 Tunnel Network = Empty IPv4 Remote Network(s) = Empty IPv6 Remote Network(s) = Empty Limit outgoing bandwidth = Default Compression = No LZO compression Topology = Subnet - One IP address per client in a common subnet Type-of-Service = Disabled Dont pull routes = Enabled Dont add/remove routes = Enabled Advanced Configuration Custom Options = resolv-retry infinite; persist-key; persist-tun; auth-nocache; route-delay 5; explicit-exit-notify 5; push-peer-info; setenv UV_IPV6 yes; remote-cert-tls server; client; key-method 2; key-direction 1; mlock; keepalive 5 30; Send/Receive Buffer = 512KiB I have tried with and without the added Custom Options. When I do a tcpdump, I don't seem to get a reply from the server. # tcpdump -vv -i pppoe0 dst host 100.200.100.100 tcpdump: listening on pppoe0, link-type NULL (BSD loopback), capture size 262144 bytes 09:33:50.140639 IP (tos 0x0, ttl 64, id 61213, offset 0, flags [none], proto UDP (17), length 114) 80.60.1.70.14587 > 100.200.100.100.https: [udp sum ok] UDP, length 86 09:33:52.678718 IP (tos 0x0, ttl 64, id 55421, offset 0, flags [none], proto UDP (17), length 114) 80.60.1.70.14587 > 100.200.100.100.https: [udp sum ok] UDP, length 86 09:33:56.509027 IP (tos 0x0, ttl 64, id 21398, offset 0, flags [none], proto UDP (17), length 114) 80.60.1.70.14587 > 100.200.100.100.https: [udp sum ok] UDP, length 86 This is a dump of a VPN connection attempt. Sep 11 09:33:55 openvpn[50510]: MANAGEMENT: Client disconnected Sep 11 09:33:55 openvpn[50510]: MANAGEMENT: CMD 'state 1' Sep 11 09:33:55 openvpn[50510]: MANAGEMENT: Client connected from /var/etc/openvpn/client6.sock Sep 11 09:33:55 openvpn[87430]: MANAGEMENT: Client disconnected Sep 11 09:33:55 openvpn[87430]: MANAGEMENT: CMD 'status 2' Sep 11 09:33:55 openvpn[87430]: MANAGEMENT: CMD 'state 1' Sep 11 09:33:55 openvpn[87430]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Sep 11 09:33:52 openvpn[50510]: UDPv4 WRITE [86] to [AF_INET]100.200.100.100:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Sep 11 09:33:50 openvpn[50510]: UDPv4 WRITE [86] to [AF_INET]100.200.100.100:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Sep 11 09:33:50 openvpn[50510]: SENT PING Sep 11 09:33:50 openvpn[50510]: TLS Warning: no data channel send key available: [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] Sep 11 09:33:50 openvpn[50510]: UDPv4 link remote: [AF_INET]100.200.100.100:443 Sep 11 09:33:50 openvpn[50510]: UDPv4 link local (bound): [AF_INET]80.60.1.70:0 Sep 11 09:33:50 openvpn[50510]: Socket Buffers: R=[42080->524288] S=[57344->524288] Sep 11 09:33:50 openvpn[50510]: TCP/UDP: Preserving recently used remote address: [AF_INET]100.200.100.100:443 Sep 11 09:33:50 openvpn[50510]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server' Sep 11 09:33:50 openvpn[50510]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client' Sep 11 09:33:50 openvpn[50510]: calc_options_string_link_mtu: link-mtu 1622 -> 1602 Sep 11 09:33:50 openvpn[50510]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes Sep 11 09:33:50 openvpn[50510]: calc_options_string_link_mtu: link-mtu 1622 -> 1602 Sep 11 09:33:50 openvpn[50510]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes Sep 11 09:33:50 openvpn[50510]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Sep 11 09:33:50 openvpn[50510]: RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0 Sep 11 09:33:50 openvpn[50510]: MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450 Sep 11 09:33:50 openvpn[50510]: Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ] Sep 11 09:33:50 openvpn[50510]: PID packet_id_init seq_backtrack=64 time_backtrack=15 Sep 11 09:33:50 openvpn[50510]: PID packet_id_init seq_backtrack=64 time_backtrack=15 Sep 11 09:33:50 openvpn[50510]: PID packet_id_init seq_backtrack=64 time_backtrack=15 Sep 11 09:33:50 openvpn[50510]: PID packet_id_init seq_backtrack=64 time_backtrack=15 Sep 11 09:33:50 openvpn[50510]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 72 bytes Sep 11 09:33:50 openvpn[50510]: Incoming Control Channel Authentication: HMAC size=64 block_size=64 Sep 11 09:33:50 openvpn[50510]: Incoming Control Channel Authentication: HMAC KEY: a1198ef6 49f1c238 61a2a19f 2c6b27aa 5e43be76 1e0c71e9 c2e8d33b 75af289e ffb1b1e4 ec603d86 5f74e2b4 348ff631 c5c81202 d90003ed 263dca40 22aa9861 Sep 11 09:33:50 openvpn[50510]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sep 11 09:33:50 openvpn[50510]: Outgoing Control Channel Authentication: HMAC size=64 block_size=64 Sep 11 09:33:50 openvpn[50510]: Outgoing Control Channel Authentication: HMAC KEY: f2763f8a 62ca5983 d145faa2 276532ae 5e18459a 0b729dc6 7f41b928 e592b394 67ec3d79 c7020559 5718b1bc e56ca4ff 58e692ce 09c8282d 2770d2bf 5c217c06 Sep 11 09:33:50 openvpn[50510]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sep 11 09:33:50 openvpn[50510]: PRNG init md=SHA1 size=36 Sep 11 09:33:50 openvpn[50510]: Initializing OpenSSL support for engine 'rdrand' Sep 11 09:33:50 openvpn[50510]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 11 09:33:50 openvpn[50510]: mlockall call succeeded Sep 11 09:33:50 openvpn[50510]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client6.sock Sep 11 09:33:50 openvpn[50251]: library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10 Sep 11 09:33:50 openvpn[50251]: OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 16 2018 Sep 11 09:33:50 openvpn[50251]: auth_user_pass_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: pull = ENABLED Sep 11 09:33:50 openvpn[50251]: client = ENABLED Sep 11 09:33:50 openvpn[50251]: port_share_port = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: port_share_host = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: auth_token_lifetime = 0 Sep 11 09:33:50 openvpn[50251]: auth_token_generate = DISABLED Sep 11 09:33:50 openvpn[50251]: auth_user_pass_verify_script_via_file = DISABLED Sep 11 09:33:50 openvpn[50251]: auth_user_pass_verify_script = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: max_routes_per_client = 256 Sep 11 09:33:50 openvpn[50251]: max_clients = 1024 Sep 11 09:33:50 openvpn[50251]: cf_per = 0 Sep 11 09:33:50 openvpn[50251]: cf_max = 0 Sep 11 09:33:50 openvpn[50251]: duplicate_cn = DISABLED Sep 11 09:33:50 openvpn[50251]: enable_c2c = DISABLED Sep 11 09:33:50 openvpn[50251]: push_ifconfig_ipv6_remote = :: Sep 11 09:33:50 openvpn[50251]: push_ifconfig_ipv6_local = ::/0 Sep 11 09:33:50 openvpn[50251]: push_ifconfig_ipv6_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: push_ifconfig_remote_netmask = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: push_ifconfig_local = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: push_ifconfig_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: tmp_dir = '/tmp' Sep 11 09:33:50 openvpn[50251]: ccd_exclusive = DISABLED Sep 11 09:33:50 openvpn[50251]: client_config_dir = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: client_disconnect_script = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: learn_address_script = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: client_connect_script = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: virtual_hash_size = 256 Sep 11 09:33:50 openvpn[50251]: real_hash_size = 256 Sep 11 09:33:50 openvpn[50251]: tcp_queue_limit = 64 Sep 11 09:33:50 openvpn[50251]: n_bcast_buf = 256 Sep 11 09:33:50 openvpn[50251]: ifconfig_ipv6_pool_netbits = 0 Sep 11 09:33:50 openvpn[50251]: ifconfig_ipv6_pool_base = :: Sep 11 09:33:50 openvpn[50251]: ifconfig_ipv6_pool_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: ifconfig_pool_persist_refresh_freq = 600 Sep 11 09:33:50 openvpn[50251]: ifconfig_pool_persist_filename = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: ifconfig_pool_netmask = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: ifconfig_pool_end = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: ifconfig_pool_start = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: ifconfig_pool_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: server_bridge_pool_end = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: server_bridge_pool_start = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: server_bridge_netmask = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: server_bridge_ip = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: server_netbits_ipv6 = 0 Sep 11 09:33:50 openvpn[50251]: server_network_ipv6 = :: Sep 11 09:33:50 openvpn[50251]: server_netmask = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: server_network = 0.0.0.0 Sep 11 09:33:50 openvpn[50251]: tls_crypt_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: tls_auth_file = '/var/etc/openvpn/client6.tls-auth' Sep 11 09:33:50 openvpn[50251]: tls_exit = DISABLED Sep 11 09:33:50 openvpn[50251]: push_peer_info = ENABLED Sep 11 09:33:50 openvpn[50251]: single_session = DISABLED Sep 11 09:33:50 openvpn[50251]: transition_window = 3600 Sep 11 09:33:50 openvpn[50251]: handshake_window = 60 Sep 11 09:33:50 openvpn[50251]: renegotiate_seconds = 3600 Sep 11 09:33:50 openvpn[50251]: renegotiate_packets = 0 Sep 11 09:33:50 openvpn[50251]: renegotiate_bytes = -1 Sep 11 09:33:50 openvpn[50251]: tls_timeout = 2 Sep 11 09:33:50 openvpn[50251]: ssl_flags = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_eku = 'TLS Web Server Authentication' Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 0 Sep 11 09:33:50 openvpn[50251]: remote_cert_ku[i] = 65535 Sep 11 09:33:50 openvpn[50251]: ns_cert_type = 0 Sep 11 09:33:50 openvpn[50251]: crl_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: verify_x509_name = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: verify_x509_type = 0 Sep 11 09:33:50 openvpn[50251]: tls_export_cert = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: tls_verify = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: cipher_list = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: pkcs12_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: priv_key_file = '/var/etc/openvpn/client6.key' Sep 11 09:33:50 openvpn[50251]: extra_certs_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: cert_file = '/var/etc/openvpn/client6.cert' Sep 11 09:33:50 openvpn[50251]: dh_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: ca_path = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: ca_file = '/var/etc/openvpn/client6.ca' Sep 11 09:33:50 openvpn[50251]: key_method = 2 Sep 11 09:33:50 openvpn[50251]: tls_client = ENABLED Sep 11 09:33:50 openvpn[50251]: tls_server = DISABLED Sep 11 09:33:50 openvpn[50251]: test_crypto = DISABLED Sep 11 09:33:50 openvpn[50251]: use_iv = ENABLED Sep 11 09:33:50 openvpn[50251]: packet_id_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: replay_time = 15 Sep 11 09:33:50 openvpn[50251]: replay_window = 64 Sep 11 09:33:50 openvpn[50251]: mute_replay_warnings = DISABLED Sep 11 09:33:50 openvpn[50251]: replay = ENABLED Sep 11 09:33:50 openvpn[50251]: engine = ENABLED Sep 11 09:33:50 openvpn[50251]: keysize = 0 Sep 11 09:33:50 openvpn[50251]: prng_nonce_secret_len = 16 Sep 11 09:33:50 openvpn[50251]: prng_hash = 'SHA1' Sep 11 09:33:50 openvpn[50251]: authname = 'SHA512' Sep 11 09:33:50 openvpn[50251]: ncp_ciphers = 'AES-256-GCM:AES-256-CBC' Sep 11 09:33:50 openvpn[50251]: ncp_enabled = ENABLED Sep 11 09:33:50 openvpn[50251]: ciphername = 'AES-256-CBC' Sep 11 09:33:50 openvpn[50251]: key_direction = 2 Sep 11 09:33:50 openvpn[50251]: shared_secret_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: management_flags = 256 Sep 11 09:33:50 openvpn[50251]: management_client_group = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: management_client_user = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: management_write_peer_info_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: management_echo_buffer_size = 100 Sep 11 09:33:50 openvpn[50251]: management_log_history_cache = 250 Sep 11 09:33:50 openvpn[50251]: management_user_pass = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: management_port = 'unix' Sep 11 09:33:50 openvpn[50251]: management_addr = '/var/etc/openvpn/client6.sock' Sep 11 09:33:50 openvpn[50251]: allow_pull_fqdn = DISABLED Sep 11 09:33:50 openvpn[50251]: route_gateway_via_dhcp = DISABLED Sep 11 09:33:50 openvpn[50251]: route_nopull = ENABLED Sep 11 09:33:50 openvpn[50251]: route_delay_defined = ENABLED Sep 11 09:33:50 openvpn[50251]: route_delay_window = 30 Sep 11 09:33:50 openvpn[50251]: route_delay = 5 Sep 11 09:33:50 openvpn[50251]: route_noexec = ENABLED Sep 11 09:33:50 openvpn[50251]: route_default_metric = 0 Sep 11 09:33:50 openvpn[50251]: route_default_gateway = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: route_script = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: comp.flags = 0 Sep 11 09:33:50 openvpn[50251]: comp.alg = 1 Sep 11 09:33:50 openvpn[50251]: fast_io = ENABLED Sep 11 09:33:50 openvpn[50251]: sockflags = 0 Sep 11 09:33:50 openvpn[50251]: sndbuf = 524288 Sep 11 09:33:50 openvpn[50251]: rcvbuf = 524288 Sep 11 09:33:50 openvpn[50251]: occ = ENABLED Sep 11 09:33:50 openvpn[50251]: status_file_update_freq = 60 Sep 11 09:33:50 openvpn[50251]: status_file_version = 1 Sep 11 09:33:50 openvpn[50251]: status_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: gremlin = 0 Sep 11 09:33:50 openvpn[50251]: mute = 0 Sep 11 09:33:50 openvpn[50251]: verbosity = 7 Sep 11 09:33:50 openvpn[50251]: nice = 0 Sep 11 09:33:50 openvpn[50251]: machine_readable_output = DISABLED Sep 11 09:33:50 openvpn[50251]: suppress_timestamps = DISABLED Sep 11 09:33:50 openvpn[50251]: log = DISABLED Sep 11 09:33:50 openvpn[50251]: inetd = 0 Sep 11 09:33:50 openvpn[50251]: daemon = ENABLED Sep 11 09:33:50 openvpn[50251]: up_delay = DISABLED Sep 11 09:33:50 openvpn[50251]: up_restart = DISABLED Sep 11 09:33:50 openvpn[50251]: down_pre = DISABLED Sep 11 09:33:50 openvpn[50251]: down_script = '/usr/local/sbin/ovpn-linkdown' Sep 11 09:33:50 openvpn[50251]: up_script = '/usr/local/sbin/ovpn-linkup' Sep 11 09:33:50 openvpn[50251]: writepid = '/var/run/openvpn_client6.pid' Sep 11 09:33:50 openvpn[50251]: cd_dir = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: chroot_dir = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: groupname = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: username = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: resolve_in_advance = DISABLED Sep 11 09:33:50 openvpn[50251]: resolve_retry_seconds = 1000000000 Sep 11 09:33:50 openvpn[50251]: passtos = DISABLED Sep 11 09:33:50 openvpn[50251]: persist_key = ENABLED Sep 11 09:33:50 openvpn[50251]: persist_remote_ip = DISABLED Sep 11 09:33:50 openvpn[50251]: persist_local_ip = DISABLED Sep 11 09:33:50 openvpn[50251]: persist_tun = ENABLED Sep 11 09:33:50 openvpn[50251]: remap_sigusr1 = 0 Sep 11 09:33:50 openvpn[50251]: ping_timer_remote = ENABLED Sep 11 09:33:50 openvpn[50251]: ping_rec_timeout_action = 2 Sep 11 09:33:50 openvpn[50251]: ping_rec_timeout = 30 Sep 11 09:33:50 openvpn[50251]: ping_send_timeout = 5 Sep 11 09:33:50 openvpn[50251]: inactivity_timeout = 0 Sep 11 09:33:50 openvpn[50251]: keepalive_timeout = 30 Sep 11 09:33:50 openvpn[50251]: keepalive_ping = 5 Sep 11 09:33:50 openvpn[50251]: mlock = ENABLED Sep 11 09:33:50 openvpn[50251]: mtu_test = 0 Sep 11 09:33:50 openvpn[50251]: shaper = 0 Sep 11 09:33:50 openvpn[50251]: ifconfig_ipv6_remote = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: ifconfig_ipv6_netbits = 0 Sep 11 09:33:50 openvpn[50251]: ifconfig_ipv6_local = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: ifconfig_nowarn = DISABLED Sep 11 09:33:50 openvpn[50251]: ifconfig_noexec = DISABLED Sep 11 09:33:50 openvpn[50251]: ifconfig_remote_netmask = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: ifconfig_local = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: topology = 1 Sep 11 09:33:50 openvpn[50251]: lladdr = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: dev_node = '/dev/tun6' Sep 11 09:33:50 openvpn[50251]: dev_type = 'tun' Sep 11 09:33:50 openvpn[50251]: dev = 'ovpnc6' Sep 11 09:33:50 openvpn[50251]: ipchange = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: remote_random = DISABLED Sep 11 09:33:50 openvpn[50251]: Connection profiles END Sep 11 09:33:50 openvpn[50251]: explicit_exit_notification = 5 Sep 11 09:33:50 openvpn[50251]: mssfix = 1450 Sep 11 09:33:50 openvpn[50251]: fragment = 0 Sep 11 09:33:50 openvpn[50251]: mtu_discover_type = -1 Sep 11 09:33:50 openvpn[50251]: tun_mtu_extra_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: tun_mtu_extra = 0 Sep 11 09:33:50 openvpn[50251]: link_mtu_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: link_mtu = 1500 Sep 11 09:33:50 openvpn[50251]: tun_mtu_defined = ENABLED Sep 11 09:33:50 openvpn[50251]: tun_mtu = 1500 Sep 11 09:33:50 openvpn[50251]: socks_proxy_port = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: socks_proxy_server = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: connect_timeout = 120 Sep 11 09:33:50 openvpn[50251]: connect_retry_seconds = 5 Sep 11 09:33:50 openvpn[50251]: bind_ipv6_only = DISABLED Sep 11 09:33:50 openvpn[50251]: bind_local = ENABLED Sep 11 09:33:50 openvpn[50251]: bind_defined = DISABLED Sep 11 09:33:50 openvpn[50251]: remote_float = DISABLED Sep 11 09:33:50 openvpn[50251]: remote_port = '443' Sep 11 09:33:50 openvpn[50251]: remote = '100.200.100.100' Sep 11 09:33:50 openvpn[50251]: local_port = '0' Sep 11 09:33:50 openvpn[50251]: local = '80.60.1.70' Sep 11 09:33:50 openvpn[50251]: proto = udp4 Sep 11 09:33:50 openvpn[50251]: Connection profiles [0]: Sep 11 09:33:50 openvpn[50251]: connect_retry_max = 0 Sep 11 09:33:50 openvpn[50251]: show_tls_ciphers = DISABLED Sep 11 09:33:50 openvpn[50251]: key_pass_file = '[UNDEF]' Sep 11 09:33:50 openvpn[50251]: genkey = DISABLED Sep 11 09:33:50 openvpn[50251]: show_engines = DISABLED Sep 11 09:33:50 openvpn[50251]: show_digests = DISABLED Sep 11 09:33:50 openvpn[50251]: show_ciphers = DISABLED Sep 11 09:33:50 openvpn[50251]: mode = 0 Sep 11 09:33:50 openvpn[50251]: config = '/var/etc/openvpn/client6.conf' Sep 11 09:33:50 openvpn[50251]: Current Parameter Settings: Sep 11 09:33:47 openvpn[87430]: MANAGEMENT: Client disconnected Sep 11 09:33:47 openvpn[87430]: MANAGEMENT: CMD 'status 2' Sep 11 09:33:47 openvpn[87430]: MANAGEMENT: CMD 'state 1' Sep 11 09:33:47 openvpn[87430]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Can soneone see what it is I am doing wrong?
  12. Hi and good morning to all, I am here because,like so many others i am at the end of my tether and need help and assistance from those of you in the know. I need to open ports for my Gameserver bypassing the VPN. I will keep my first description as short as possible of my current setup and anybody whom wishes to help may ask for further details, I have 2X instances of Pfsense running on a windows 2012 R2 server machine in Hyper-V, one is configured using this tut https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ and the other handles the DHCP and Squid, my reasoning for this is, Squid does not play nice with Vpn's, i have tried everything to get them to work together but pfsense wants to use the default WAN when squid is installed so this was my workaround, i have tried others like pfBlockerNG but it does not have the level of control that Squid offers. Now to the complicated bit, for the purpose of this i will refer to Pfsense 1 VPN as "Firewall" and Pfsense 2 DHCP & Squid as "Proxy", The proxy has 2X LAN subnets 192.168.1.1 which is the local LAN network and is hooked to Squid, and 192.168.3.1 which is an isolated Lan i wish to use for a gameserver which has an Ip of 3.5 Then i have 2X wans 192.168.2.2 static which is bridged to 2.1 on the firewall, and 192.168.4.2 Vlan-Id=10 which connects to 4.1 Vlan-Id=10 on the Firewall, my 192.168.3.5 is routed out this interface in order for it to be passed to the firewall and onto the WAN The Firewall is set up as described in the tut above and works as intended with the exception that the default LAN has changed to 192.168.2.1 is now a Virtual LAN interface and is bridged with the Virtual WAN interface of the proxy which is 2.2, It also has a another LAN interface VLAN of 192.168.4.1 Id =10 which is hooked up to the 4.2 of the proxy, this interface is to bypass the VPN and is routed out the WAN. Up until this point everything works as intended normal LAN clients can access the internet through the VPN, and my isolated Subnet can access the web through the WAN, i can also access any game servers i have running locally, and this is where the fun ends, for the life of me i cant get ports open to the outside world, it is strange to me that my Gameserver can access the web and servers can contact steam but beyond that, there seems to be no ports open, i have tried many things such as forwarding ports using nat out the various gateways. According to the various port checking sites i have visited all my ports are closed, even port 80 and i know this can not be because i can access the web just fine. I appreciate that i may have many extra steps to take with my currant configuration in order to get this to work, and i am very much looking forward to any help than can be given. Thanks in Advance.
  13. Good morning! Sorry if I posted this in the wrong area, but I've been looking for a guide to help setup IPV6 on PfSense over AirVPN's updated servers. No, I don't want IPV6 from my ISP (I already have that and have been testing that); instead, I would like someone who is knowledgeable about the subject to help me (and other people) out with setting it up. If I figure something out in the meantime, I will post w/ my results. Thanks in advance! ------- Mods: please move the topic if I put it in the wrong area. I is sorry in advance.
  14. Hi, I am getting several alert entries in my pfsense firewall. There are connections denied to 4 different TOR relays in the US, Switzerland, Germany and the Netherlands. I never had these entries before so I am a bit worried. Example: AirVPN_LAN Source: 192.168.1.xxx:476xx Destination:176.10.104.240:443 Any ideas?
  15. I have set up AirVPn on Pfsense according to the guide here in the forums and running well for many years. Also port forwarding worked flawless in the past. Some days ago I started Vuze to do some torrenting and and wondering about the slow speeds. The NAT/Firewall test revealed that only the port forwarding for UDP packets seem to work. The test for incoming TCP connection always times out. Please see attached NAT-rule from my pfsense box. Worked flawless in the past and I have not changed any configuration. Whats wrong ?
  16. I have chronic packet loss on the VPN. It's 2-10% and enough to cause problems with voice chat over discord. I get a solid 0% packet loss on the WAN Gateway. How do I go about troubleshooting and fixing this? It seems to persist regardless of the US server I try.
  17. I've managed to get a pfSense VM working with AirVPN's Serpentis server via Stunnel. Given the importance of using the latest versions of Stunnel and OpenSSL, I used pfSense 2.2-BETA x64, which is based on FreeBSD 10.1-RELEASE x64. Working in a FreeBSD 10.1 x64 VM, I made the stunnel-5.07 package and its dependencies from ports. See <http://www.freshports.org/security/stunnel/>. Also see <https://forums.freebsd.org/threads/howto-setting-up-stunnel-in-freebsd.1717/>. pfSense 2.2-BETA x64 VM: 512 MB RAM 7 MB video RAM 2 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (NAT) Adapter 2: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults FreeBSD 10.1 x64 VM 1024 MB RAM 7 MB video RAM 10 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults Debian 7.6 x64 workspace VM 1024 MB RAM 128 MB video RAM 20 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults legacy Gnome desktop installed openssh-server Working in FreeBSD VM: # portsnap fetch extract # mkdir /usr/ports/packages # cd /usr/ports/security/stunnel # make config [x] DOCS [x] EXAMPLES [ ] FIPS [ ] IPV6 [ ] LIBWRAP [x] SSL_PORT [ ] FORK [x] PTHREAD [ ] UCONTEXT # make package-recursive [use default openssl-1.0.1_16 settings] [use default perl5-5.18.4_10 settings] # cd /usr/ports/packages/All # ls openssl-1.0.1_16.txz pkg-1.3.8_3.txz perl5-5.18.4_10.txz stunnel-5.07.txz # sftp user@192.168.10.11 [Debian VM] # put * # exit # shutdown -p now Working in Debian VM: login pfSense webGUI browse "Diagnostics: Command Prompt" upload openssl-1.0.1_16.txz and move to /root/ upload pkg-1.3.8_3.txz and move to /root/ upload perl5-5.18.4_10.txz and move to /root/ upload stunnel-5.07.txz and move to /root/ Working in pfSense VM console: : pkg install *.txz The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y ... New packages to be INSTALLED: openssl-1.0.1_16 perl5-5.18.4_10 stunnel: 5.07 The process will require 61 MB more space. Proceed with this action? [y/N]: y [1/3] Installing openssl-1.0.1_16: 100% [2/3] Installing perl5-5.18.4_10: 100% makewhatis: not found makewhatis: not found pkg: POST-INSTALL script failed ===> Creating users and/or groups. Creating group 'stunnel' with gid '341'. Creating user 'stunnel' with uid '341'. [3/3] Installing stunnel-5.07: 100% Message for openssl-1.0.1_16: Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf and edit it to fit your needs. [DON'T DO THAT. USE EXISTING openssl.cnf] Message for stunnel-5.07: *************************************************************************** To create and install a new certificate, type "make cert" And don't forget to check out the FAQ at http://www.stunnel.org/ *************************************************************************** : mkdir /usr/local/etc/stunnel/run : chown stunnel:stunnel /usr/local/etc/stunnel/run : chmod 0622 /usr/local/etc/stunnel/run Working in Debian VM: login pfSense webGUI browse "Diagnostics: Edit File" browse "/usr/local/etc/stunnel/stunnel.conf-sample" and open to edit save as "/usr/local/etc/stunnel/stunnel.conf" replace content with this and save: ................................... ; create local jail chroot = /usr/local/etc/stunnel/run ; set own UID and GID setuid = stunnel setgid = stunnel client = yes foreground = no options = NO_SSLv2 [openvpn] accept = 1413 connect = 178.248.30.133:443 TIMEOUTclose = 0 ................................... browse "/etc/defaults/rc.conf" and open to edit add this at end and save: ......................................................... stunnel_enable="YES" stunnel_pid_file="/usr/local/etc/stunnel/run/stunnel.pid" ......................................................... browse "Diagnostics: Command Prompt" run "mv /usr/local/etc/rc.d/stunnel /usr/local/etc/rc.d/stunnel.sh" Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: System logs: General" should see: ................................................................................................... ... ... php-fpm[243]: /rc.start_packages: Restarting/Starting all packages. ... kernel: done. ... stunnel: LOG5[34393318400]: stunnel 5.07 on amd64-portbld-freebsd10.1 platform ... stunnel: LOG5[34393318400]: Compiled/running with OpenSSL 1.0.1j 15 Oct 2014 ... stunnel: LOG5[34393318400]: Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP ... stunnel: LOG5[34393318400]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf ... stunnel: LOG5[34393318400]: UTF-8 byte order mark not detected ... stunnel: LOG5[34393318400]: Configuration successful ... ................................................................................................... browse "System: General Setup" specify desired third-party DNS servers on WAN_DHCP [x] Do not use the DNS Forwarder as a DNS server for the firewall browse "Services: DNS Forwarder" [ ] Enable DNS forwarder browse "System: Advanced: Networking" [ ] Allow IPv6 [x] Prefer to use IPv4 even if IPv6 is available browse "System: Advanced: Miscellaneous" [x] Skip rules when gateway is down [x] Enable gateway monitoring debug logging browse "System: Certificate Authority Manager" add ca.crt browse "System: Certificate Manager" add client.crt|client.key browse "VPN: OpenVPN: Client" Protocol: TCP Interface: Localhost Server host or address: 127.0.0.1 Server port: 1413 Server host name resolution: don't "Infinitely resolve server" Encryption algorithm: AES-256-CBC Compression: Disabled - No Compression Disable IPv6: Don't forward IPv6 traffic Advanced: persist-key;persist-tun;remote-cert-tls server; route 178.248.30.133 255.255.255.255 net_gateway Verbosity level: 5 browse "Status: System logs: General" should see: ................................................................................................... ... ... openvpn[86987]: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1413 ... openvpn[86987]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) ... openvpn[86987]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1, dhcp-option DNS 10.50.0.1,comp-lzo no,route 10.50.0.1,topology net30,ping 10, ping-restart 60,ifconfig 10.50.2.74 10.50.2.73' ... ... openvpn[86987]: /sbin/ifconfig ovpnc1 10.50.2.74 10.50.2.73 mtu 1500 netmask 255.255.255.255 up ... openvpn[86987]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 10.50.2.74 10.50.2.73 init ... openvpn[86987]: /sbin/route add -net 127.0.0.1 10.0.2.2 255.255.255.255 ... openvpn[86987]: /sbin/route add -net 0.0.0.0 10.50.2.73 128.0.0.0 ... openvpn[86987]: /sbin/route add -net 128.0.0.0 10.50.2.73 128.0.0.0 ... openvpn[86987]: /sbin/route add -net 178.248.30.133 10.0.2.2 255.255.255.255 ... openvpn[86987]: /sbin/route add -net 10.50.0.1 10.50.2.73 255.255.255.255 ... openvpn[86987]: Initialization Sequence Completed ................................................................................................... browse "Services: DHCP Server" set 10.50.0.1 as DNS server browse "Interfaces: Assign Network Ports" add OPT1 browse "Interfaces: OPT1" enable and rename "AIRVPN" browse "Firewall: NAT: Outbound" select "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" save and apply changes leave localhost rules alone "Auto created rule for ISAKMP - localhost to WAN" "Auto created rule - localhost to WAN" change interface for LAN rules from WAN to AIRVPN "Rule for ISAKMP - LAN to AIRVPN" "Rule - LAN to AIRVPN" apply changes browse "Firewall: Rules: LAN" delete IPv6 rule edit IPv4 rule specify AIRVPN_VPNV4 as Gateway\ rename as "Allow LAN to any rule via AIRVPN_VPNV4" apply changes Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: OpenVPN" should see that Client TCP is up Done Edit: I've added rules on WAN, and required aliases. Aliases are needed for three types of outbound traffic: 1) the DNS server IPs specified in “System: General Setup”; 2) the pfSense NTP server hostname specified in “System: General Setup”; and 3) the connect server IP specified in the Stunnel configuration. In Firewall: Aliases: IP, create three aliases, using the + button to add the values: Name Values Description dnssvr 208.67.220.220 208.67.222.222 DNS server IP addresses ntpsvr 0.pfsense.pool.ntp.org default pfSense NTP server sslsvr 178.248.30.133 Stunnel server Using these aliases, you then add rules for the WAN interface to pass necessary outbound traffic, and then a final rule to block everything else. In "Firewall: Rules: WAN", create these rules, specifying “Single host or address” for the pass rules: Action TCP/IP Proto Source Port Dest Port Gateway Queue Description pass IPv4 TCP/UDP WAN address * dnssvr * * none Allow to DNS servers pass IPv4 UDP WAN address * ntpsvr * * none Allow to NTP server pass IPv4 TCP/UDP WAN address * sslsvr * * none Allow to SSL server block IPv4 * WAN address * * * * none Block all other IPv4 block IPv6 * WAN address * * * * none Block all IPv6 Then reboot from the console window, by entering 5 and then y to confirm.
  18. I am running pfSense 2.4.0-RC which has OpenVPN 2.4 and supports AES-256-GCM. When I try to connect to Switzerland I can connect with AES-256-GCM but no traffic is passed, when I switch back to AES-256-CBC it connects and passes traffic. I can connect to my pfSense box from my computer or phone using AES-256-GCM so I do not think this is a pfSense issue. Is anyone else having problems with AES-256-GCM? I would like to switch to GCM for performance reasons and this super annoying.
  19. Here is my log file. I can't make sense of it why keeps disconnecting I changed the VERB to 4 Sep 10 12:05:07 openvpn 6958 MANAGEMENT: CMD 'status 2' Sep 10 12:05:07 openvpn 6958 MANAGEMENT: Client disconnected Sep 10 12:05:17 openvpn 6958 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Sep 10 12:05:17 openvpn 6958 MANAGEMENT: CMD 'state 1' Sep 10 12:05:17 openvpn 6958 MANAGEMENT: CMD 'status 2' Sep 10 12:05:17 openvpn 6958 MANAGEMENT: Client disconnected Sep 10 12:05:27 openvpn 6958 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Sep 10 12:05:27 openvpn 6958 MANAGEMENT: CMD 'state 1' Sep 10 12:05:27 openvpn 6958 MANAGEMENT: CMD 'status 2' Sep 10 12:05:27 openvpn 6958 MANAGEMENT: Client disconnected Sep 10 12:05:36 openvpn 6958 event_wait : Interrupted system call (code=4) Sep 10 12:05:36 openvpn 6958 SIGTERM received, sending exit notification to peer Sep 10 12:05:37 openvpn 6958 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Sep 10 12:05:37 openvpn 6958 MANAGEMENT: CMD 'state 1' Sep 10 12:05:37 openvpn 6958 MANAGEMENT: CMD 'status 2' Sep 10 12:05:37 openvpn 6958 MANAGEMENT: Client disconnected Sep 10 12:05:40 openvpn 36512 Current Parameter Settings: Sep 10 12:05:40 openvpn 36512 config = '/var/etc/openvpn/client1.conf' Sep 10 12:05:40 openvpn 36512 mode = 0 Sep 10 12:05:40 openvpn 36512 show_ciphers = DISABLED Sep 10 12:05:40 openvpn 36512 show_digests = DISABLED Sep 10 12:05:40 openvpn 36512 show_engines = DISABLED Sep 10 12:05:40 openvpn 36512 genkey = DISABLED Sep 10 12:05:40 openvpn 36512 key_pass_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 show_tls_ciphers = DISABLED Sep 10 12:05:40 openvpn 36512 Connection profiles [default]: Sep 10 12:05:40 openvpn 36512 proto = udp Sep 10 12:05:40 openvpn 36512 local = '67.173.152.223' Sep 10 12:05:40 openvpn 36512 local_port = 0 Sep 10 12:05:40 openvpn 36512 remote = '173.234.159.194' Sep 10 12:05:40 openvpn 36512 remote_port = 443 Sep 10 12:05:40 openvpn 36512 remote_float = DISABLED Sep 10 12:05:40 openvpn 36512 bind_defined = DISABLED Sep 10 12:05:40 openvpn 36512 bind_local = ENABLED Sep 10 12:05:40 openvpn 36512 connect_retry_seconds = 5 Sep 10 12:05:40 openvpn 36512 connect_timeout = 10 Sep 10 12:05:40 openvpn 36512 connect_retry_max = 0 Sep 10 12:05:40 openvpn 36512 socks_proxy_server = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 socks_proxy_port = 0 Sep 10 12:05:40 openvpn 36512 socks_proxy_retry = DISABLED Sep 10 12:05:40 openvpn 36512 tun_mtu = 1500 Sep 10 12:05:40 openvpn 36512 tun_mtu_defined = ENABLED Sep 10 12:05:40 openvpn 36512 link_mtu = 1500 Sep 10 12:05:40 openvpn 36512 link_mtu_defined = DISABLED Sep 10 12:05:40 openvpn 36512 tun_mtu_extra = 0 Sep 10 12:05:40 openvpn 36512 tun_mtu_extra_defined = DISABLED Sep 10 12:05:40 openvpn 36512 mtu_discover_type = -1 Sep 10 12:05:40 openvpn 36512 fragment = 0 Sep 10 12:05:40 openvpn 36512 mssfix = 1450 Sep 10 12:05:40 openvpn 36512 explicit_exit_notification = 5 Sep 10 12:05:40 openvpn 36512 Connection profiles END Sep 10 12:05:40 openvpn 36512 remote_random = DISABLED Sep 10 12:05:40 openvpn 36512 ipchange = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 dev = 'ovpnc1' Sep 10 12:05:40 openvpn 36512 dev_type = 'tun' Sep 10 12:05:40 openvpn 36512 dev_node = '/dev/tun1' Sep 10 12:05:40 openvpn 36512 lladdr = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 topology = 1 Sep 10 12:05:40 openvpn 36512 tun_ipv6 = DISABLED Sep 10 12:05:40 openvpn 36512 ifconfig_local = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 ifconfig_remote_netmask = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 ifconfig_noexec = DISABLED Sep 10 12:05:40 openvpn 36512 ifconfig_nowarn = DISABLED Sep 10 12:05:40 openvpn 36512 ifconfig_ipv6_local = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 ifconfig_ipv6_netbits = 0 Sep 10 12:05:40 openvpn 36512 ifconfig_ipv6_remote = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 shaper = 0 Sep 10 12:05:40 openvpn 36512 mtu_test = 0 Sep 10 12:05:40 openvpn 36512 mlock = ENABLED Sep 10 12:05:40 openvpn 36512 keepalive_ping = 10 Sep 10 12:05:40 openvpn 36512 keepalive_timeout = 60 Sep 10 12:05:40 openvpn 36512 inactivity_timeout = 0 Sep 10 12:05:40 openvpn 36512 ping_send_timeout = 10 Sep 10 12:05:40 openvpn 36512 ping_rec_timeout = 60 Sep 10 12:05:40 openvpn 36512 ping_rec_timeout_action = 2 Sep 10 12:05:40 openvpn 36512 ping_timer_remote = ENABLED Sep 10 12:05:40 openvpn 36512 remap_sigusr1 = 0 Sep 10 12:05:40 openvpn 36512 persist_tun = ENABLED Sep 10 12:05:40 openvpn 36512 persist_local_ip = DISABLED Sep 10 12:05:40 openvpn 36512 persist_remote_ip = DISABLED Sep 10 12:05:40 openvpn 36512 persist_key = ENABLED Sep 10 12:05:40 openvpn 36512 passtos = DISABLED Sep 10 12:05:40 openvpn 36512 resolve_retry_seconds = 1000000000 Sep 10 12:05:40 openvpn 36512 username = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 groupname = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 chroot_dir = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 cd_dir = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 writepid = '/var/run/openvpn_client1.pid' Sep 10 12:05:40 openvpn 36512 up_script = '/usr/local/sbin/ovpn-linkup' Sep 10 12:05:40 openvpn 36512 down_script = '/usr/local/sbin/ovpn-linkdown' Sep 10 12:05:40 openvpn 36512 down_pre = DISABLED Sep 10 12:05:40 openvpn 36512 up_restart = DISABLED Sep 10 12:05:40 openvpn 36512 up_delay = DISABLED Sep 10 12:05:40 openvpn 36512 daemon = ENABLED Sep 10 12:05:40 openvpn 36512 inetd = 0 Sep 10 12:05:40 openvpn 36512 log = DISABLED Sep 10 12:05:40 openvpn 36512 suppress_timestamps = DISABLED Sep 10 12:05:40 openvpn 36512 nice = 0 Sep 10 12:05:40 openvpn 36512 verbosity = 4 Sep 10 12:05:40 openvpn 36512 mute = 0 Sep 10 12:05:40 openvpn 36512 gremlin = 0 Sep 10 12:05:40 openvpn 36512 status_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 status_file_version = 1 Sep 10 12:05:40 openvpn 36512 status_file_update_freq = 60 Sep 10 12:05:40 openvpn 36512 occ = ENABLED Sep 10 12:05:40 openvpn 36512 rcvbuf = 0 Sep 10 12:05:40 openvpn 36512 sndbuf = 0 Sep 10 12:05:40 openvpn 36512 sockflags = 0 Sep 10 12:05:40 openvpn 36512 fast_io = ENABLED Sep 10 12:05:40 openvpn 36512 lzo = 1 Sep 10 12:05:40 openvpn 36512 route_script = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 route_default_gateway = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 route_default_metric = 0 Sep 10 12:05:40 openvpn 36512 route_noexec = DISABLED Sep 10 12:05:40 openvpn 36512 route_delay = 0 Sep 10 12:05:40 openvpn 36512 route_delay_window = 30 Sep 10 12:05:40 openvpn 36512 route_delay_defined = DISABLED Sep 10 12:05:40 openvpn 36512 route_nopull = ENABLED Sep 10 12:05:40 openvpn 36512 route_gateway_via_dhcp = DISABLED Sep 10 12:05:40 openvpn 36512 max_routes = 100 Sep 10 12:05:40 openvpn 36512 allow_pull_fqdn = DISABLED Sep 10 12:05:40 openvpn 36512 management_addr = '/var/etc/openvpn/client1.sock' Sep 10 12:05:40 openvpn 36512 management_port = 0 Sep 10 12:05:40 openvpn 36512 management_user_pass = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 management_log_history_cache = 250 Sep 10 12:05:40 openvpn 36512 management_echo_buffer_size = 100 Sep 10 12:05:40 openvpn 36512 management_write_peer_info_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 management_client_user = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 management_client_group = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 management_flags = 256 Sep 10 12:05:40 openvpn 36512 shared_secret_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 key_direction = 2 Sep 10 12:05:40 openvpn 36512 ciphername_defined = ENABLED Sep 10 12:05:40 openvpn 36512 ciphername = 'AES-256-CBC' Sep 10 12:05:40 openvpn 36512 authname_defined = ENABLED Sep 10 12:05:40 openvpn 36512 authname = 'SHA1' Sep 10 12:05:40 openvpn 36512 prng_hash = 'SHA512' Sep 10 12:05:40 openvpn 36512 prng_nonce_secret_len = 64 Sep 10 12:05:40 openvpn 36512 keysize = 32 Sep 10 12:05:40 openvpn 36512 engine = ENABLED Sep 10 12:05:40 openvpn 36512 replay = ENABLED Sep 10 12:05:40 openvpn 36512 mute_replay_warnings = DISABLED Sep 10 12:05:40 openvpn 36512 replay_window = 64 Sep 10 12:05:40 openvpn 36512 replay_time = 15 Sep 10 12:05:40 openvpn 36512 packet_id_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 use_iv = ENABLED Sep 10 12:05:40 openvpn 36512 test_crypto = DISABLED Sep 10 12:05:40 openvpn 36512 tls_server = DISABLED Sep 10 12:05:40 openvpn 36512 tls_client = ENABLED Sep 10 12:05:40 openvpn 36512 key_method = 2 Sep 10 12:05:40 openvpn 36512 ca_file = '/var/etc/openvpn/client1.ca' Sep 10 12:05:40 openvpn 36512 ca_path = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 dh_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 cert_file = '/var/etc/openvpn/client1.cert' Sep 10 12:05:40 openvpn 36512 extra_certs_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 priv_key_file = '/var/etc/openvpn/client1.key' Sep 10 12:05:40 openvpn 36512 pkcs12_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 cipher_list = 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384' Sep 10 12:05:40 openvpn 36512 tls_verify = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 tls_export_cert = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 verify_x509_type = 0 Sep 10 12:05:40 openvpn 36512 verify_x509_name = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 crl_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 ns_cert_type = 1 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 160 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 136 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_ku[i] = 0 Sep 10 12:05:40 openvpn 36512 remote_cert_eku = 'TLS Web Server Authentication' Sep 10 12:05:40 openvpn 36512 ssl_flags = 192 Sep 10 12:05:40 openvpn 36512 tls_timeout = 2 Sep 10 12:05:40 openvpn 36512 renegotiate_bytes = -1 Sep 10 12:05:40 openvpn 36512 renegotiate_packets = 0 Sep 10 12:05:40 openvpn 36512 renegotiate_seconds = 3600 Sep 10 12:05:40 openvpn 36512 handshake_window = 60 Sep 10 12:05:40 openvpn 36512 transition_window = 3600 Sep 10 12:05:40 openvpn 36512 single_session = DISABLED Sep 10 12:05:40 openvpn 36512 push_peer_info = DISABLED Sep 10 12:05:40 openvpn 36512 tls_exit = DISABLED Sep 10 12:05:40 openvpn 36512 tls_auth_file = '/var/etc/openvpn/client1.tls-auth' Sep 10 12:05:40 openvpn 36512 server_network = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 server_netmask = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 server_network_ipv6 = :: Sep 10 12:05:40 openvpn 36512 server_netbits_ipv6 = 0 Sep 10 12:05:40 openvpn 36512 server_bridge_ip = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 server_bridge_netmask = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 server_bridge_pool_start = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 server_bridge_pool_end = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 ifconfig_pool_defined = DISABLED Sep 10 12:05:40 openvpn 36512 ifconfig_pool_start = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 ifconfig_pool_end = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 ifconfig_pool_netmask = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 ifconfig_pool_persist_filename = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 ifconfig_pool_persist_refresh_freq = 600 Sep 10 12:05:40 openvpn 36512 ifconfig_ipv6_pool_defined = DISABLED Sep 10 12:05:40 openvpn 36512 ifconfig_ipv6_pool_base = :: Sep 10 12:05:40 openvpn 36512 ifconfig_ipv6_pool_netbits = 0 Sep 10 12:05:40 openvpn 36512 n_bcast_buf = 256 Sep 10 12:05:40 openvpn 36512 tcp_queue_limit = 64 Sep 10 12:05:40 openvpn 36512 real_hash_size = 256 Sep 10 12:05:40 openvpn 36512 virtual_hash_size = 256 Sep 10 12:05:40 openvpn 36512 client_connect_script = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 learn_address_script = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 client_disconnect_script = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 client_config_dir = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 ccd_exclusive = DISABLED Sep 10 12:05:40 openvpn 36512 tmp_dir = '/tmp' Sep 10 12:05:40 openvpn 36512 push_ifconfig_defined = DISABLED Sep 10 12:05:40 openvpn 36512 push_ifconfig_local = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 push_ifconfig_remote_netmask = 0.0.0.0 Sep 10 12:05:40 openvpn 36512 push_ifconfig_ipv6_defined = DISABLED Sep 10 12:05:40 openvpn 36512 push_ifconfig_ipv6_local = ::/0 Sep 10 12:05:40 openvpn 36512 push_ifconfig_ipv6_remote = :: Sep 10 12:05:40 openvpn 36512 enable_c2c = DISABLED Sep 10 12:05:40 openvpn 36512 duplicate_cn = DISABLED Sep 10 12:05:40 openvpn 36512 cf_max = 0 Sep 10 12:05:40 openvpn 36512 cf_per = 0 Sep 10 12:05:40 openvpn 36512 max_clients = 1024 Sep 10 12:05:40 openvpn 36512 max_routes_per_client = 256 Sep 10 12:05:40 openvpn 36512 auth_user_pass_verify_script = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 auth_user_pass_verify_script_via_file = DISABLED Sep 10 12:05:40 openvpn 36512 port_share_host = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 port_share_port = 0 Sep 10 12:05:40 openvpn 36512 client = ENABLED Sep 10 12:05:40 openvpn 36512 pull = ENABLED Sep 10 12:05:40 openvpn 36512 auth_user_pass_file = '[UNDEF]' Sep 10 12:05:40 openvpn 36512 OpenVPN 2.3.14 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 3 2017 Sep 10 12:05:40 openvpn 36512 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10 Sep 10 12:05:40 openvpn 36593 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Sep 10 12:05:40 openvpn 36593 mlockall call succeeded Sep 10 12:05:40 openvpn 36593 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 10 12:05:40 openvpn 36593 Initializing OpenSSL support for engine 'cryptodev' Sep 10 12:05:40 openvpn 36593 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Sep 10 12:05:40 openvpn 36593 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 10 12:05:40 openvpn 36593 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 10 12:05:40 openvpn 36593 LZO compression initialized Sep 10 12:05:40 openvpn 36593 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ] Sep 10 12:05:40 openvpn 36593 Socket Buffers: R=[42080->42080] S=[57344->57344] Sep 10 12:05:40 openvpn 36593 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Sep 10 12:05:40 openvpn 36593 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Sep 10 12:05:40 openvpn 36593 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Sep 10 12:05:40 openvpn 36593 Local Options hash (VER=V4): '9e7066d2' Sep 10 12:05:40 openvpn 36593 Expected Remote Options hash (VER=V4): '162b04de' Sep 10 12:05:40 openvpn 36593 UDPv4 link local (bound): [AF_INET]67.173.152.223 Sep 10 12:05:40 openvpn 36593 UDPv4 link remote: [AF_INET]173.234.159.194:443 Sep 10 12:05:40 openvpn 36593 TLS: Initial packet from [AF_INET]173.234.159.194:443, sid=50645ec5 49590908 Sep 10 12:05:40 openvpn 36593 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Sep 10 12:05:40 openvpn 36593 VERIFY OK: nsCertType=SERVER Sep 10 12:05:40 openvpn 36593 Validating certificate key usage Sep 10 12:05:40 openvpn 36593 ++ Certificate has key usage 00a0, expects 00a0 Sep 10 12:05:40 openvpn 36593 VERIFY KU OK Sep 10 12:05:40 openvpn 36593 Validating certificate extended key usage Sep 10 12:05:40 openvpn 36593 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sep 10 12:05:40 openvpn 36593 VERIFY EKU OK Sep 10 12:05:40 openvpn 36593 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Miaplacidus, emailAddress=info@airvpn.org Sep 10 12:05:40 openvpn 36593 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sep 10 12:05:40 openvpn 36593 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 10 12:05:40 openvpn 36593 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sep 10 12:05:40 openvpn 36593 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 10 12:05:40 openvpn 36593 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Sep 10 12:05:40 openvpn 36593 [Miaplacidus] Peer Connection Initiated with [AF_INET]173.234.159.194:443 Sep 10 12:05:42 openvpn 36593 SENT CONTROL [Miaplacidus]: 'PUSH_REQUEST' (status=1) Sep 10 12:05:42 openvpn 36593 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.6.126 255.255.0.0,peer-id 68' Sep 10 12:05:42 openvpn 36593 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Sep 10 12:05:42 openvpn 36593 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Sep 10 12:05:42 openvpn 36593 OPTIONS IMPORT: timers and/or timeouts modified Sep 10 12:05:42 openvpn 36593 OPTIONS IMPORT: LZO parms modified Sep 10 12:05:42 openvpn 36593 OPTIONS IMPORT: --ifconfig/up options modified Sep 10 12:05:42 openvpn 36593 OPTIONS IMPORT: route-related options modified Sep 10 12:05:42 openvpn 36593 OPTIONS IMPORT: peer-id set Sep 10 12:05:42 openvpn 36593 OPTIONS IMPORT: adjusting link_mtu to 1561 Sep 10 12:05:42 openvpn 36593 TUN/TAP device ovpnc1 exists previously, keep at program end Sep 10 12:05:42 openvpn 36593 TUN/TAP device /dev/tun1 opened Sep 10 12:05:42 openvpn 36593 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Sep 10 12:05:42 openvpn 36593 /sbin/ifconfig ovpnc1 10.4.6.126 10.4.0.1 mtu 1500 netmask 255.255.0.0 up Sep 10 12:05:42 openvpn 36593 /sbin/route add -net 10.4.0.0 10.4.0.1 255.255.0.0 Sep 10 12:05:42 openvpn 36593 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1561 10.4.6.126 255.255.0.0 init Sep 10 12:05:42 openvpn 36593 Initialization Sequence Completed
  20. Any1 know when will pfsense support AES-256-GCM with HMAC-SHA384 for authentication ?
  21. *****THIS GUIDE SHOULD NOW BE CONSIDERED OBSOLETE***** pfSense 2.3 WAS RELEASED APRIL 12, 2016 WITH THAT RELEASE, I TOO RELEASED AN UPDATED GUIDE FOR 2.3 THE NEW GUIDE CAN BE FOUND HERE: How To Set Up pfSense 2.3 for AirVPN I HIGHLY RECOMMEND BACKING UP ALL SETTINGS, AS WELL AS EACH INDIVIDUAL BACKUP AREA AFTER BACKING UP, I RECOMMEND A CLEAN INSTALL OF 2.3, BUT AN UPGRADE SHOULD BE OK FOR MOST pfSense_fan's Guide How To Set Up pfSense 2.1 for AirVPN Using Three or more NIC's Have only two NIC's? Follow the guide through step 5, then go to the alternate step 6+7!! Table of Contents: PrefaceUnderstanding Certificates and OpenVPN Config Files on pfSenseUnderstanding OpenVPN Settings on pfSenseStep 1: Entering our AirVPN CA (Certificate Authority)Step 2: Entering our AirVPN Certificate and KeyStep 3: Setting up the OpenVPN ClientStep 4: Assigning the OpenVPN InterfaceStep 5: Setting up the AirVPN GatewayStep 6: Setting up the DNS ForwarderStep 7: Setting up the LAN InterfaceStep 8: Setting up the AirVPN_LAN InterfaceStep 9: Setting Misc Advanced Options (Optional)Step 10: Setting Bootloader and System Tunables (Optional)Step 11: Setting Advanced OpenVPN Options (Optional)Alternate Step 6+7 For Dual (Two) NIC installs
  22. hello all I have some trouble with airvpn on pfsense 2.3 I setup on esxi 6 pfsense and followed the instruction to route all my hosts trough airvpn the problem now is that all my hosts don't have an internet example windows server 2012 R2 shows that I have internet, but I can't open a single page I used almighty PING to troubleshooting the problem and I can ping the pfsense, but I can't ping the cable modem(I am not sure that I suppose to ping the cable modem) I follow the the steps once again and I found something in "Step 4-b: Setting the AirVpn Gateway" Gateways After Editing AirVPN_WAN System: Gateways | Gateways | ______________________________________________________________________________________________________________________________________________ | Name | Interface | Gateway | Monitor IP | Description | Actions | | | | | | | | |_____________________|________________|___________________________|___________________________|________________________________|____________| | WAN_DHCP | WAN | 192.168.1.1 | 192.168.1.1 | Interface WAN_DHCP Gateway | | | (default) | | | | | ✐ ☐ Ø π | |_____________________|________________|___________________________|___________________________|________________________________|____________| | AirVPN_WAN | AirVPN_WAN | | | AirVPN_WAN | | | | | | | | ✐ ☐ Ø π | |_____________________|________________|___________________________|___________________________|________________________________|____________| in main WAN_DHCP (default) is under the AirVPN_WAN Is that going to make a difference ?????? Thank you
  23. Using the Pfsense 2.3 install guide https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ When I get to step 3A, "Step 3-A: Setting up the OpenVPN Client" I get the following error: "An IPv4 protocol was selected, but the selected interface has no IPv4 address." After Googling some, I see that this error *might* be a bug in PfSense 2.3 and how it uses OpenVPN? Or something else? I checked steps 1-2 thoroughly, and I am pretty sure I am following the instrux. Thanks for any guidance.
  24. Greetings, Long Story short; I have a Netgate APU with pfSense configured with one "Clear" Network, i.e. no VPN connection, and one VPN Network connected to AirVPN. The clear network has the WiFi AP on it, and most of the time, my laptop (Fedora 25) is connected to the Clear network, but is connected to another VPN provider separately. However, running DNS leak test (dnsleaktest.org, whoer.net etc) sometimes shows the AirVPN DNS on the Clear network, both then devices are connected to a seperate VPN on the clear network, and when they are not. Is this an AirVPN issue, or some sort of lacking pfSense configuration? Would this perhaps be a questions better suited for the pfSense forum? Thanks for any help.
  25. Unfortunately, this is a bit of a multi-disciplinary question that has to be prefaced with some background. I've got my connection to AirVPN set up on my pfSense box and am using the Resolver there in the default, non-forwarding mode. That means for DNS lookups, pfSense (through Resolver) is supposed to directly query the top-level DNS servers for name resolution without using any specified, lower-level DNS servers. In one sense, it seems to be working in that none of the leak-testing sites (like ipleak.net) show any DNS servers other than AirVPNs. On the other hand, I don't understand how those sites even see those AirVPN DNS servers at all since pfSense isn't set up to use them. Worse, I recently found out that DNS queries through Resolver in the default, non-forwarding mode do NOT get routed through the NAT/Firewall rules: they're sent out the default gateway (my WAN, not my VPN tunnel). So, theoretically, my DNS lookups are in the open instead of through AirVPN. If that's true, why do places like ipleak.net not show a DNS leak? How do they determine what DNS server I'm using? Does it just ask my server what DNS is associated with it? Or, does it look for the DNS requests coming from my system? But, if Resolver is sending its own DNS requests over the WAN, then would places like ipleak.net even see them?
×
×
  • Create New...