Jump to content


Photo
* * * * * 13 votes

How To Set Up pfSense 2.3 for AirVPN

PFSENSE

  • Please log in to reply
376 replies to this topic

#361 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 1351 posts

Posted 31 August 2017 - 01:04 PM

For Step 4B part 3, should 'Gateway Action' also be ticked?  It looks similar to 'Gateway Monitoring' and I think it's a new option in pfSense.

 

Thanks

 

if gateway monitoring is disabled there's no reason to check option to disable gateway action as it's not monitored anyway.



#362 LazyLizard14

LazyLizard14

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts

Posted 01 September 2017 - 07:36 PM

I have pfsense running with WAN + 3 VPN connections and set up policy based routing. Certain destination IP ranges are accessed via different VPN connection ( = locations). That worked well for a few years but recently share-online stopped working and telling me that I am trying to use the account with different IP's or that my IP is already loading. They simply block VPN now or they can somehow detec that I have multiple WAN connections?



#363 dIecbasC

dIecbasC

    Advanced Member

  • Members
  • PipPipPip
  • 115 posts

Posted 02 September 2017 - 12:29 AM

I have pfsense running with WAN + 3 VPN connections and set up policy based routing. Certain destination IP ranges are accessed via different VPN connection ( = locations). That worked well for a few years but recently share-online stopped working and telling me that I am trying to use the account with different IP's or that my IP is already loading. They simply block VPN now or they can somehow detec that I have multiple WAN connections?

 

They can see you are accessing from 3 different addresses as each one has a different IP address. For some services I use use a selective routing rule to enforce traffic out of a specific gateway rather than gateway group which gets round this. 



#364 LazyLizard14

LazyLizard14

    Advanced Member

  • Members
  • PipPipPip
  • 71 posts

Posted 02 September 2017 - 09:02 AM

Can you explain in detail please. Under "Firewall / Rules / LAN" I have the following rule

airvpn_eu3as2h.jpg

 

Under the EU alias are all the destination IP ranges of the share-online servers. Worked well for but suddenly stopped and they seem to detect that I have multiple WAN setup.



#365 h3nchman24

h3nchman24

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 26 September 2017 - 06:45 PM

Need a little help, got the OpenVPN server working and shows to connect from outside fine, but the kicker is it has no network or internet access once I connect.  I know it is a rule but I cannot figure out the rule that I need to add to make traffic pass.  

 

 

Also, I had to disable any rule for OpenVPN server...to make sure it worked but it did connect but that is all it does.  Any help with a rule help the way it is setup would be great.  



#366 onebarrell

onebarrell

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 12 October 2017 - 06:07 PM

I upgraded to PFSense 2.4 today. It broke my PFSense connectivity completely. I have my PFSense configured as instructed in this thread by pfSense_fan.  I do, however use a 4 port nic and utilize all 4 ports. I have a WAN, LAN (open Internet),  AIRVPN 1 LAN, and AirVPN 2 LAN.  Everything has been working and updating fine since PFSense 2.3. After the update today to 2.4, I have lost all internet connectivity including the open internet lan port. The internet icon on my windows 7 taskbar shows that I do have internet but no web pages will load. I backed up my pPFSense configuration before upgrading and have now reloaded PFSense 2.3.4 along with my saved configuration file. Everything works again with PFSense 2.3.4. I have tried to upgrade to 2.4 a couple of times in the last couple of hours;  it just does not work me. If anyone has had the same problem, and found a solution, please post it in this thread.

 

EDIT: I finally got it working. It seems that if OpenVPN is configured to use port 1194 no connection will occur. If I use ports 53, 80, 443, or 2018, I can connect without any problem. I was using port 1194 without issue with PFSense 2.3.4.

 

EDIT 2: Now the only port that I can use to connect is 443. I can't get internet access using any other port. My speeds are also somewhat slower using  PFSense 2.4. I'm going back to 2.3.4. It is stable and I can connect using any port that AirVpn allows. I think PFSense 2.4 may have been released before it was ready.

 

EDIT 3: This will be my final edit.

 

I want to now post that apparently there was something wrong with my previous PFSense 2.3.4 configuration which prevented PFSense 2.4 from updating properly. After trying to use my saved 2.3.4 configuration files on both upgrades and fresh installs, I was never able to avoid problems.

 

Over the weekend, I did a fresh install of PFSense 2.4 and manually configured it using pfSense_fan’s 2.3 guide that I slightly modified only to use two AIRVPN interfaces as well as also an open LAN interface such as described in his PFSense 2.1 guide.  PFSense is again working as it should for me. It will now connect using any of the ports that AIRVPN allows. I don’t know what was wrong with my previous configuration, since it worked perfectly and upgraded from Pfsense 2.3 to 2.3.4 without any problems or DNS leaks, but I am pleased to say that Pfsense 2.4 is indeed working perfectly with AIRVPN after the fresh install and manual configuration. Thanks again to pfSense_fan for providing this GREAT and detailed guide.



#367 Blade Runner

Blade Runner

    Member

  • Members
  • PipPip
  • 17 posts
  • LocationLow Earth orbit

Posted 13 October 2017 - 09:11 AM

I upgraded to PFSense 2.4 today. It broke my PFSense connectivity completely. I have my PFSense configured as instructed in this thread by pfSense_fan.  I do, however use a 4 port nic and utilize all 4 ports. I have a WAN, LAN (open Internet),  AIRVPN 1 LAN, and AirVPN 2 LAN.  Everything has been working and updating fine since PFSense 2.3. After the update today to 2.4, I have lost all internet connectivity including the open internet lan port. The internet icon on my windows 7 taskbar shows that I do have internet but no web pages will load. I backed up my pPFSense configuration before upgrading and have now reloaded PFSense 2.3.4 along with my saved configuration file. Everything works again with PFSense 2.3.4. I have tried to upgrade to 2.4 a couple of times in the last couple of hours;  it just does not work me. If anyone has had the same problem, and found a solution, please post it in this thread.

 

EDIT: I finally got it working. It seems that if OpenVPN is configured to use port 1194 no connection will occur. If I use ports 53, 80, 443, or 2018, I can connect without any problem. I was using port 1194 without issue with PFSense 2.3.4.

 

EDIT 2: Now the only port that I can use to connect is 443. I can't get internet access using any other port. My speeds are also somewhat slower using  PFSense 2.4. I'm going back to 2.3.4. It is stable and I can connect using any port that AirVpn allows. I think PFSense 2.4 may have been released before it was ready.

It is difficult to suggest a solution without seeing your 2.3.4 configuration. Perhaps posting screenshots would be beneficial.

 

IIRC there were issues with DNS Forwarder and DNS Resolver when upgrading from 2.3.4 (with pfBlockerNG and Suricata) to 2.4-RC. Neither pfBlockerNG nor Suricata functioned properly in 2.4-RC. I installed 2.4-RC without packages, configured AirVPN, and installed updates when released. No issues upgrading from 2.4-RC to 2.4.0-RELEASE. I have not yet installed any packages.


Do not be afraid to fail.

#368 Judas4all

Judas4all

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 16 October 2017 - 04:37 PM

J8ust want to mention, pfSense 2.4 itself is ok. My upgrade worked without an issue



#369 smithhamadams

smithhamadams

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 18 October 2017 - 05:46 PM

I would like to add my thanks for the great guide to those of others before me.



#370 Wolf666

Wolf666

    Advanced Member

  • Members
  • PipPipPip
  • 61 posts

Posted 24 October 2017 - 06:06 PM

Using PfSense 2.4.2....Airvpn works great and I didn’t change my config.


Inviato dal mio iPad utilizzando Tapatalk
- Router/Firewall pfSense 2.3.2 (Supermicro A1SRi-2558, SSD Intel S3500, 8GB RAM ECC)
- Switch Cisco SG350-10
- AP Netgear R7000 (Stock FW)
- HTPC Intel NUC5i3RYH
- NAS Synology DS1515+ (5 x 5TB WD Red)
- NAS Synology DS213+ (2 x ST3000DM001)

#371 airvpnincongnito

airvpnincongnito

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 27 October 2017 - 08:09 PM

Great guide.

 

Given the recent WPA2 WiFi vulnerabilities, I think it would be prudent to add firewall rules to the guide as  an optional section to Restrict access to management interface... The default configuration of pfSense allows management access from any machine on the LAN and denies it to anything outside of the local network WAN. There is also the anti-lockout rule enabled by default that prevents firewall rules from being configured in a way that will lock the user out of the web interface..... Given that a lot of users connect a Wireless AP to pfSense, compromising the AP will give access to the pfSense GUI thus hardening access to the GUI would be prudent... 

 

I was thinking a good way to restrict access for most users would be to allow admin user(s) to join the PfSense control panel via an approved static IP on their Desktop and ban all other users.  So I guess you would need two rules on the firewall... one for approved IP and the other Block the rest.

 

How would you go about writing something like that and add it to the guide?

 

Cheers,



#372 JacksonLee

JacksonLee

    Member

  • Members
  • PipPip
  • 18 posts

Posted 12 November 2017 - 11:08 AM

Step 1: Disable IPv6 System Wide

 

Hi, any plans to write a new Guide for 2.4 including IPv6, as AirVPN will enable IPv6 "later this year" ?



#373 N3vrN3vr

N3vrN3vr

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 08 December 2017 - 06:57 AM

I am pretty new to all this stuff and I have everything up and running and am slowly learning the ins and outs.

I have spent the last couple days trying to get certain IPs / ranges to bypass the VPN. After much trial and reading I have yet to find a solution. I presume this is because of settings that are unique to this guide. I found this below and I think its the answer to my problems but I am unsure where to implement these rules.

 

  "I just finished figuring out how to split my subnet so IPs in the range of 192.168.1.2 to 192.168.1.127 go through the VPN while IPs 192.168.1.128 to 192.168.1.254 bypass the VPN.  As you stated, it does require NAT rules to be left in place when you switch to manual.

 

The trick is to duplicate each of the manually generated ones and simply change the interface to the VPN connection interface.  When finished, you should have pairs for:

  • Source: subnet, Destination port 500
  • Source: subnet, Destination port *
  • Source 127.0.0.0/8, Destination port *

The only difference between each entry in each pair is the interface.  They should appear in that order, with each interface being covered by each source/destination port:

  • Source: subnet, Destination port 500, Interface WAN
  • Source: subnet, Destination port 500, Interface VPN
  • Source: subnet, Destination port *, Interface WAN
  • Source: subnet, Destination port *, Interface VPN
  • Source 127.0.0.0/8, Destination port *, Interface WAN
  • Source 127.0.0.0/8, Destination port *, Interface VPN

I then use firewall rules to guide each half of the subnet through either the VPN or through the WAN interface gateway.  I think this is very useful for folks who want to send their media players (Apple TV, etc) through the VPN while leaving their computers passing through the regular interface.

 

That being said, each person's setup is going to be unique.  I did have to refer to the guide that worked for a previous VPN to figure out why my desired setup wouldn't work given the instructions here.  That's when I realized I was missing the six NAT rules." 

 

 

tl;dr  can someone tell me what how to do this in more detail ^

 

 

 

 

 

I understand the post but under NAT in the guide there is only 2 entry's instead of 3



#374 N3vrN3vr

N3vrN3vr

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 09 December 2017 - 10:51 AM

OK I solved the issue!

All I had to do was create a rule under Firewall>NAT> Outbound with interface set as WAN_DHCP and source set to any, and put this rule at the bottom of the list.  After that my firewall redirect rule under the LAN tab worked just fine.  I guess the guide had me deleting the default entry and that is what caused the issue,



#375 bobcat123

bobcat123

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 09 December 2017 - 08:37 PM

i searched this thread and i couldnt find much but
 

  1. VPN
  2. OpenVPN
  3. Clients
  4. Edit

    america.vpn.airdns.org sometimes doesnt work, i had this problem before and had to put in the server manually, but i want it to be able to reconnect

    what is the correct host name now?

 



#376 N3vrN3vr

N3vrN3vr

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 09 December 2017 - 11:07 PM

i searched this thread and i couldnt find much but
 

  1. VPN
  2. OpenVPN
  3. Clients
  4. Edit

    america.vpn.airdns.org sometimes doesnt work, i had this problem before and had to put in the server manually, but i want it to be able to reconnect

    what is the correct host name now?

I tried a couple different ones and wasn't able to get pfsense to work with any of them.  I just ended up putting several server IPs into the advanced box under clients.  This made more sense to me anyway because I can hand pick which servers I want in the list and still offer redundancy.



#377 clevoir

clevoir

    Member

  • Members
  • PipPip
  • 12 posts

Posted 10 December 2017 - 06:44 PM

I have set up as per the instructions, and it all works OK.

 

However how do a change the LAN setting to be PPPOE, as I want to use a UTM downstream that will handle to the PPPOE negociation.

 

In fact do I need to set LAN as PPPOE, is there a PPPOE Relay setting like there is in DD-WRT?







Similar Topics Collapse


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13840 - BW: 44859 Mbit/sYour IP: 54.227.104.40Guest Access.