Search the Community
Showing results for tags 'pfsense 2.4.3'.
Found 2 results
After years of trying open source routers and VPN services I'm coming to the conclusion that pfSense and AirVPn are a great combination. Following some problems withe the server I was connected to in Sweden today, I've realised I need a fallback solution. Basically, is it possible to set up a second openVPN connection to a different AirVPN server if the default connection falls i.e. openVPN disconnects on server 1, pfSense 2.4 brings up connetion to server 2 automatically. If this can't be done automatically, is it just a matter of creating a second VPN connection/internface and activating/deactivating manually base on which server is performing well? Thanks
In the guide for setting up pfSense 2.3 with AirVPN, there are several OpenVPN options that he's got going into the pfSense Custom Option area that I'm wondering about for pfSense 2.4.3. If anyone can help with these, I'd appreciate it: - "keepalive 5 30": That's supposed to be a shortcut type of option to help set OpenVPN's --ping and --ping-restart options. Does anyone know what the defaults are or what, if anything, AirVPN pushes from its servers? Do I actually need "keepalive" in my client's setup? - "keysize 256": First, this has been deprecated and will be removed in OpenVPN 2.6. But, regardless, since we pick specific encryption algorithms and keysizes in the menus of pfSense 2.4.3 (VPN > OpenVPN > Clients > Encryption Algorithm (and NCP Algorithms)), is this even needed? More importantly, couldn't it lead to conflicits? - "key-method 2": As with "keysize" this has been deprecated and removed in OpenVPN 2.5. Apparently, it specifies the data channel key negotiation method. It looks like this might be handled by pfSense's "TLS Key Usage Mode". Anyone know if that's true and what it should be set to for AirVPN? - "mlock": Disables paging so someone can't use the swap file to gather secured information. But according to the OpenVPN manual, it requires that OpenVPN be initially run as root. Does anyone know if pfSense 2.4.3 even does that? Should I use this? - "prng sha512 64": According to the OpenVPN manual, that's using sha512 as the digest algorithm with a nonce size of 64 bytes. I really don't even know what that means. But, my default AirVPN hardware key uses SHA1 and pfSense's "Auth digest algorithm" is set to SHA1. Is this a conflict?