Jump to content


Photo
* * * * * 15 votes

How To Set Up pfSense 2.3 for AirVPN

PFSENSE

  • Please log in to reply
399 replies to this topic

#21 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 13 April 2016 - 02:18 AM

RESERVED FOR FUTURE USE

DISCUSSION IS OPEN!


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#22 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 13 April 2016 - 02:35 PM

An upgrade from 2.2.6 went smoothly on 3 production boxes, after reboot OpenVPN kept working as usual.

Should be safe unless you don't have special configuration.

 

Note that stunnel is still not available as a pfSense package, you will have to manually add it via pkg or ports,

if you need it. Also there are multiple reports of broken pfBlockerNG.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#23 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 13 April 2016 - 09:08 PM

pfBlockerNG worked for me on all of my VM's while testing 2.3.

 

I had some oddities with system tunables when going the upgrade route, but when I did a clean install everything worked well, beyond well. I did not restore all settings. I restored my aliases, but manually programmed everything else. I feel it was worth it.

 

There were some buggy issues on 2.2.6 with the DNS Resolver not taking the settings that were input all of the time, this seems to be fixed in 2.3. That bug carried over on upgrades, but is non existent with the clean install.

 

 

I cannot stress how much I recommend upgrading for all of the security and performance upgrades this offers.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#24 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 1656 posts

Posted 14 April 2016 - 12:40 AM

pfBlockerNG worked for me on all of my VM's while testing 2.3.

 

I had some oddities with system tunables when going the upgrade route, but when I did a clean install everything worked well, beyond well. I did not restore all settings. I restored my aliases, but manually programmed everything else. I feel it was worth it.

 

There were some buggy issues on 2.2.6 with the DNS Resolver not taking the settings that were input all of the time, this seems to be fixed in 2.3. That bug carried over on upgrades, but is non existent with the clean install.

 

 

I cannot stress how much I recommend upgrading for all of the security and performance upgrades this offers.

 

how are you testing for the DNS bugs?  problems with system tunables that are important?  at this point I'm hesitant to do a clean install. 



#25 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 14 April 2016 - 12:46 AM

Actually the only system tunable that was removed from upstream FreeBSD 10.3 is

net.inet.ip.fastforwarding.

The reason why it was removed, and why a better approach was required, can be

found in this post: https://blog.pfsense.org/?p=1866


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#26 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 14 April 2016 - 02:09 AM

pfBlockerNG worked for me on all of my VM's while testing 2.3.

 

I had some oddities with system tunables when going the upgrade route, but when I did a clean install everything worked well, beyond well. I did not restore all settings. I restored my aliases, but manually programmed everything else. I feel it was worth it.

 

There were some buggy issues on 2.2.6 with the DNS Resolver not taking the settings that were input all of the time, this seems to be fixed in 2.3. That bug carried over on upgrades, but is non existent with the clean install.

 

 

I cannot stress how much I recommend upgrading for all of the security and performance upgrades this offers.

 

how are you testing for the DNS bugs?  problems with system tunables that are important?  at this point I'm hesitant to do a clean install. 

 

I have multiple hardware installs as well as VM's that I test on prior to implementing. 

I didn't say bugs with tunables, I said oddities - nor did I say they were important. The list of default tunables on 2.2.x are different from those on 2.3. I found that when I upgraded, it kept the list from 2.2.x and did not "update" the tunables list. At first i assumed it was because I have a highly customized group of settings, but that behavior stayed even if I performed a restore to factory defaults prior to upgrading. That being said, the correct upgraded values were there when queried from the command prompt. None the less it takes little effort to install fresh. I restored the settings that would have taken the most time to re-enter manually, my aliases. The rest took me less than an hour to set back up, including activating TRIM for my SSD.

 

Your takeaway of being afraid to upgrade is backwards though. The actual bugs are in the old software and have been addressed. You absolutely should upgrade. I always recommend backing up all settings.and doing a fresh install if possible. Not just backing up the whole system setting, but each individual area as well. Then you can try upgrading. If that works out... GREAT! If you see anomalies, you can do a clean install and restore what you need from your settings.

 

Just understand that the issues I am speaking of are on 2.2.x, so even if, and that is only an if because they may not, but even if they carry over, you are still more secure than now due to all the other updates to the base system etc.

 

 

Actually the only system tunable that was removed from upstream FreeBSD 10.3 is

net.inet.ip.fastforwarding.

The reason why it was removed, and why a better approach was required, can be

found in this post: https://blog.pfsense.org/?p=1866

 

That is not at all what i was referring to. Our short conversation on that tunable was only due to my trying to have a portion of the guide touch base on tunables. I was auditing that list last night prior to releasing and came across that.  The oddities I spoke of are not related, at all.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#27 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 1656 posts

Posted 14 April 2016 - 03:26 AM

I'm already on 2.3 Release via upgrade from 2.2.6.  I'm just hesitant to do a clean install because everything seems to be working.  That's why I asked how you're testing DNS and if the tunables problem was important.



#28 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 1656 posts

Posted 14 April 2016 - 03:33 AM

just want to thank you again and say that more people should take advantage of your guide here and begin using a pfsense machine with decent CPU.  I can now run my AMD APU at 1400MHz (minimum state in powerd) and still max out my ISP line through openvpn tunnel to Air (120mbit/s).  that's only 200MHz faster than my router which struggled to do 50mbit/s and it runs nice and cool.  and my build was only $127, cheaper than a nice router.



#29 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 15 April 2016 - 01:21 AM

I'm already on 2.3 Release via upgrade from 2.2.6. I'm just hesitant to do a clean install because everything seems to be working. That's why I asked how you're testing DNS and if the tunables problem was important.

 

Ahh, I see now.

 

You would know right away if it had the bug by entering only one DNS on the general settings page. You would either have no DNS at all, be unable to change DNS (the entry would show as changed, but it would not use it), or have DNS leaks galore (due to reverting to the root.hints file) if it bugged on you. If none of those, you are good. It revolved around having to enter all four DNS forwarding entries instead of just one, which was discussed in the preview/beta guides private thread.

 

I am able to just use one entered DNS, 10.4.0.1, no issues at all.

 

just want to thank you again and say that more people should take advantage of your guide here and begin using a pfsense machine with decent CPU. I can now run my AMD APU at 1400MHz (minimum state in powerd) and still max out my ISP line through openvpn tunnel to Air (120mbit/s). that's only 200MHz faster than my router which struggled to do 50mbit/s and it runs nice and cool. and my build was only $127, cheaper than a nice router.

 

It's nice to hear that powerd is working with the AMD. A few years ago they were not compatible.


Care to share the hardware you are using? I would love to know myself what hardware is working well for others.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#30 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 1656 posts

Posted 15 April 2016 - 02:15 AM

Went to a local store and purchased the parts.  With manufacturer rebate bundles the price was cheap.

 

Got an AMD A6-7400K with an MSI A68HM-E33 V2 motherboard.  Unfortunately this comes with a realtek NIC (gigabit) but it was basically free after rebates.  my other NIC is a D-Link DGE-560T that I've had for a while.  Since this is my first try I didn't want to go all out and get Intel.  so far I haven't noticed a problem.

 

got a cheap used hdd for only $4 also, and a cheap 2GB stick of RAM.

 

It's not small form factor so if space is important to you this isn't the way to go.

 

Regarding temperatures and powerd.  Somewhere in the all the builds released leading up to 2.3 thermal sensors started to work.  However, it seems pfsense reads temperatures wrong.  I'm wondering if some part thinks the readout is in Fahrenheit and is converting to Celsius.  Most of the time it reads temps 6-8C, which is impossible. 

 

Powerd definitely works.  I can see the frequency change (in dashboard info) if in adaptive mode and also watch the temperature rise so I'm pretty sure the frequency readout is true.  One thing to note is that for this hardware it seems that "cool n quiet" has to be turned on in the BIOS for powerd to work.



#31 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 15 April 2016 - 02:39 AM

Powerd definitely works.  I can see the frequency change (in dashboard info) if in adaptive mode and also watch the temperature rise so I'm pretty sure the frequency readout is true.  One thing to note is that for this hardware it seems that "cool n quiet" has to be turned on in the BIOS for powerd to work.

 

Good to know. I had an AMD APU as my first build, cool n quiet caused it to crash, and powerd did not work. Other users here had the same issue. It ran at full power at all times, something like 110 watts with hard drive and fans, and lead me to use intel.

 

My Rangeley with drive and 120mm fan uses something like 18 watts and maxes at about 30. I keep it in a rack mount 4u case which is bigger than it needs, but allows a silent 120mm fan. Power efficiency really does add up, so I didn't mind spending $500 for all new motherboard, memory, platinum rated PSU and server case. The electricity bill savings will cover the difference over a few years, which I will certainly still be using it.

 

It actually uses less power than my wireless access point.

 

 


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#32 eurodedik

eurodedik

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 16 April 2016 - 03:20 AM

Hi! I setup pfsense 2.3 with this manual, but no internet. i think problem in firewall configuration 



#33 SumRndmDude

SumRndmDude

    Advanced Member

  • Members
  • PipPipPip
  • 60 posts

Posted 16 April 2016 - 03:32 AM

Hi! I setup pfsense 2.3 with this manual, but no internet. i think problem in firewall configuration 

 

That's a hugely vague description. Or would it be minimally vague? Dunno, whatever.

 

Main status page for pfSense. Do your WAN and AirVPN_WAN interfaces both have IP addresses?



#34 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 16 April 2016 - 04:26 AM

Hi! I setup pfsense 2.3 with this manual, but no internet. i think problem in firewall configuration 

 

That's a hugely vague description. Or would it be minimally vague? Dunno, whatever.

 

Main status page for pfSense. Do your WAN and AirVPN_WAN interfaces both have IP addresses?

 

 

Yes, please check if your gateways have an IP address.

 

If they do, can you verify that on "Step 6-I: Sixth AirVPN_LAN Firewall Rule" that you did indeend set the AirVPN_WAN gateway in the advanced area of that rules settings page?


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#35 Anon64

Anon64

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 16 April 2016 - 05:53 PM

I had never worked with pfSense or any other advanced routing software before, but with this guide I was able to get pfSense, running in a VM, 100% functional on my first try!

Thanks a lot for taking the time to write such an elaborate and detailed guide.

 

I was able to spot some very minor errors however. You might want to change these in order to prevent some confusion for people who know even less about networking than I do:

1. In step 6-H.3, The destination fields are empty, I believe these should be "Single host or alias" and "PRIVATE_NETWORKS".

2. Same thing as 6-H.3 in step 6-I.3, where the first destination field should be "any".

3. In step 6-K.2, the rules that were generated for DNS & NTP redirect had "AirVPN_LAN net" as source for me, while the guide said it should be "*". Not sure if I did something wrong that caused this or if the source was simply missing from the example in the guide. Also, the description of "REJECT LOCAL" featured an underscore in step 6-K.2, but a space in step 6-J.3.

4. In Step 7-D.2, the "Direction" setting is missing from the guide example.

 

These errors probably won't cause any problems, since most people will be able to determine what the settings should be, like I did, but I thought you would want to know anyway.

Again, thanks a lot for writing this guide, it would have taken me ages to setup my network without it.



#36 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 17 April 2016 - 03:31 AM

I had never worked with pfSense or any other advanced routing software before, but with this guide I was able to get pfSense, running in a VM, 100% functional on my first try!
Thanks a lot for taking the time to write such an elaborate and detailed guide.
 
I was able to spot some very minor errors however. You might want to change these in order to prevent some confusion for people who know even less about networking than I do:
1. In step 6-H.3, The destination fields are empty, I believe these should be "Single host or alias" and "PRIVATE_NETWORKS".
2. Same thing as 6-H.3 in step 6-I.3, where the first destination field should be "any".
3. In step 6-K.2, the rules that were generated for DNS & NTP redirect had "AirVPN_LAN net" as source for me, while the guide said it should be "*". Not sure if I did something wrong that caused this or if the source was simply missing from the example in the guide. Also, the description of "REJECT LOCAL" featured an underscore in step 6-K.2, but a space in step 6-J.3.
4. In Step 7-D.2, the "Direction" setting is missing from the guide example.
 
These errors probably won't cause any problems, since most people will be able to determine what the settings should be, like I did, but I thought you would want to know anyway.
Again, thanks a lot for writing this guide, it would have taken me ages to setup my network without it.

Glad to hear it helped you out!

All issues should be fixed now. Thank you for pointing them out. It's hard to notice these things in the text editor. It's a giant wall of text.

Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#37 hammerman

hammerman

    Advanced Member

  • Members
  • PipPipPip
  • 31 posts

Posted 18 April 2016 - 04:04 AM

all is good now.

followed the guide to a "t" and it worked without a hitch.

 

thanks !



#38 wunderbar

wunderbar

    Advanced Member

  • Members
  • PipPipPip
  • 45 posts

Posted 18 April 2016 - 07:58 AM

Great work! :yes:

 

Do you have experience/knowledge about setting up TOR on pfSense and configure AirVPN over TOR directly on the pfSense?



#39 MrConducter

MrConducter

    Advanced Member

  • Members
  • PipPipPip
  • 96 posts

Posted 18 April 2016 - 04:35 PM

Planning on trying this out soon, but my mini PC wireless isn't supported by pf-sense apparently. How can I setup PF-sense without wireless then run it into my router to broadcast? With DHCP turned on? Is that how I would even do it?



#40 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 19 April 2016 - 02:09 AM

Yes, for best results set your router to access point mode. Most new-ish routers have this option. In access point mode, NAT is turned off on your router and it essentially runs as a switch. Plug it in to an interface and DHCP will pass right through it. This is the best way to do this, wireless support in FreeBSD and hence pfSense leaves something to be desired, but that really all depends on your personal use case.

 

You could also look into something more professional such as the Unifi access points from Ubiquiti Networks.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!






Similar Topics Collapse


1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Google (1)
Servers online. Online Sessions: 14863 - BW: 54294 Mbit/sYour IP: 54.224.150.24Guest Access.