Search the Community

Hi, I've seen several threads on this subject but none with any definitive answers or solutions. I'm on pfSense 2.4.5, and I've setup a remote port forward for 40756 I've setup an NAT port forwarding rule on pfSense as described here. Here's the rule... The TCP test on AirVPN stays grey and never turns green. I've tried deleting the remote post and creating a new on several times, I've never managed to get this to work. I have set the same port in my Torrent client, which is always reported as being closed. I wouldn't say I'm hugely technically savvy but I can usually mange to figure things out by googling for hours and reading A LOT but I'm drawing a blank here. Why doesn't this work? Here's a packet capture I did from pfSense while running the TCP test, I set it level of detail to "Full": 20:00:06.108044 AF IPv4 (2), length 80: (tos 0x0, ttl 54, id 10076, offset 0, flags [DF], proto UDP (17), length 76) 188.166.175.60.59010 > XX.XX.XXX.XX.40756: [udp sum ok] UDP, length 48 20:00:11.284073 AF IPv4 (2), length 64: (tos 0x0, ttl 54, id 5974, offset 0, flags [DF], proto TCP (6), length 60) 188.166.175.60.53688 > XX.XX.XXX.XX.40756: Flags , cksum 0xb10f (correct), seq 1850573718, win 29200, options [mss 1285,nop,nop,TS val 1356960960 ecr 0,nop,wscale 6], length 0 20:00:12.308635 AF IPv4 (2), length 64: (tos 0x0, ttl 54, id 5975, offset 0, flags [DF], proto TCP (6), length 60) 188.166.175.60.53688 > XX.XX.XXX.XX.40756: Flags , cksum 0xb00f (correct), seq 1850573718, win 29200, options [mss 1285,nop,nop,TS val 1356961216 ecr 0,nop,wscale 6], length 0 20:00:14.323413 AF IPv4 (2), length 64: (tos 0x0, ttl 54, id 5976, offset 0, flags [DF], proto TCP (6), length 60) 188.166.175.60.53688 > XX.XX.XXX.XX.40756: Flags , cksum 0xae17 (correct), seq 1850573718, win 29200, options [mss 1285,nop,nop,TS val 1356961720 ecr 0,nop,wscale 6], length 0 Anyone have any ideas?

After years of trying open source routers and VPN services I'm coming to the conclusion that pfSense and AirVPn are a great combination. Following some problems withe the server I was connected to in Sweden today, I've realised I need a fallback solution. Basically, is it possible to set up a second openVPN connection to a different AirVPN server if the default connection falls i.e. openVPN disconnects on server 1, pfSense 2.4 brings up connetion to server 2 automatically. If this can't be done automatically, is it just a matter of creating a second VPN connection/internface and activating/deactivating manually base on which server is performing well? Thanks

In the guide for setting up pfSense 2.3 with AirVPN, there are several OpenVPN options that he's got going into the pfSense Custom Option area that I'm wondering about for pfSense 2.4.3. If anyone can help with these, I'd appreciate it: - "keepalive 5 30": That's supposed to be a shortcut type of option to help set OpenVPN's --ping and --ping-restart options. Does anyone know what the defaults are or what, if anything, AirVPN pushes from its servers? Do I actually need "keepalive" in my client's setup? - "keysize 256": First, this has been deprecated and will be removed in OpenVPN 2.6. But, regardless, since we pick specific encryption algorithms and keysizes in the menus of pfSense 2.4.3 (VPN > OpenVPN > Clients > Encryption Algorithm (and NCP Algorithms)), is this even needed? More importantly, couldn't it lead to conflicits? - "key-method 2": As with "keysize" this has been deprecated and removed in OpenVPN 2.5. Apparently, it specifies the data channel key negotiation method. It looks like this might be handled by pfSense's "TLS Key Usage Mode". Anyone know if that's true and what it should be set to for AirVPN? - "mlock": Disables paging so someone can't use the swap file to gather secured information. But according to the OpenVPN manual, it requires that OpenVPN be initially run as root. Does anyone know if pfSense 2.4.3 even does that? Should I use this? - "prng sha512 64": According to the OpenVPN manual, that's using sha512 as the digest algorithm with a nonce size of 64 bytes. I really don't even know what that means. But, my default AirVPN hardware key uses SHA1 and pfSense's "Auth digest algorithm" is set to SHA1. Is this a conflict?