Jump to content


Photo
* * * * * 15 votes

How To Set Up pfSense 2.3 for AirVPN

PFSENSE

  • Please log in to reply
392 replies to this topic

#41 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 19 April 2016 - 02:13 AM

Great work! :yes:

 

Do you have experience/knowledge about setting up TOR on pfSense and configure AirVPN over TOR directly on the pfSense?

 

 

I do not.

 

That is far beyond the scope of what this guide is intended to be. This is just intended to be a point of entry and educational guide for people to gain the confidence to move away from lackluster and insecure consumer products. Nothing more.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#42 bama

bama

    Member

  • Members
  • PipPip
  • 11 posts

Posted 19 April 2016 - 11:37 AM

Hello Pfsense fan,great guides,I just have this question I originally setup all the pfsense rules and openvpn while still in 2.2.x versions so I updated to 2.3 but don't have time right now to setup all rules,are my previous version settings ok until I get all the other rules setup or am I in a security risk,I did have to make a couple of changes to my old settings so the openvpn would communicate with air remote server but everything else seems to be running just fine.and thanks again.

#43 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 20 April 2016 - 01:18 AM

Hello Pfsense fan,great guides,I just have this question I originally setup all the pfsense rules and openvpn while still in 2.2.x versions so I updated to 2.3 but don't have time right now to setup all rules,are my previous version settings ok until I get all the other rules setup or am I in a security risk,I did have to make a couple of changes to my old settings so the openvpn would communicate with air remote server but everything else seems to be running just fine.and thanks again.

 

 

The short answer is this: I updated the steps for a reason.

 

Conversely, nothing in this entire guide is "required" except steps 2/3/4. AirVPN will be fully functional on pfSense with those three steps alone.

 

Still, without further steps, many users, if not most still could not get clients to use the VPN. I was helping so many, I made the guide with the basic steps to further use the VPN on clients. The old guide was simply a guide on how to get started, and also avoid some DNS leaking. I actually consciously made it simple because there are so many different use cases that it is impossible for me to support/help users troubleshoot them. The old guide had zero, and I mean zero outbound firewall protection aside from DNS. The default allow outbound rule was migrated for use on whichever "LAN" was used in the old guide. This guide has some introductory examples on how to create local and outbound firewall rules. The old guide blocked all local traffic, this guide has examples on how to permit common local services.

 

Since that time my knowledge of this area has grown, and I am now sharing the basic knowledge of a "Deny all, only allow what you need" security policy. While this setup could be considered harder and will require more user interaction, it is the correct way to use the firewall.

tl;dr = With the old guide your outgoing traffic is slightly more secure than a consumer router, but not much. If you keep the rules, you keep that level of security. At the end of the day, its a personal preference. My opinion is that everyone who used the old guide should take the time to migrate, but to each their own.
 


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#44 flat4

flat4

    Advanced Member

  • Members
  • PipPipPip
  • 390 posts

Posted 20 April 2016 - 05:42 PM

upgraded to 2.3 no problems but I am going to redesign my network and start from scratch, I report any gotchas.



#45 nevr0sed

nevr0sed

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 20 April 2016 - 09:10 PM

Hey all,

 

Thank you very much for this new tutorial worked like a charm to me, did several attempts with the 'old' one with no success.

his one worked very well and I find it clearer also.

 

I have a couple of questions tho:

 

1) If I generate a TCP 443 certificate does it change something in particular besides the OpenVPN Client configuration ?

 

2) Is there any way to change 'easily' (with a minimum of steps) the AirVPN Server I connect to ?

 

 

Thank you very much for your time.

 

 

n.



#46 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 20 April 2016 - 09:50 PM

Hey all,

 

Thank you very much for this new tutorial worked like a charm to me, did several attempts with the 'old' one with no success.

his one worked very well and I find it clearer also.

 

I have a couple of questions tho:

 

1) If I generate a TCP 443 certificate does it change something in particular besides the OpenVPN Client configuration ?

 

2) Is there any way to change 'easily' (with a minimum of steps) the AirVPN Server I connect to ?

 

 

Thank you very much for your time.

 

 

n.

 

​You are welcome and I am glad to hear it went so well. Please take a moment to rate/like the post so other users may know the guide has been tested and works for those who have tried it!

​1) Any setting that is changed from the OVPN config you download compared to the "standard" OVPN config i used as an example would need to be adjusted accordingly. The guide shows where the settings go, just adjust as needed.

 

​2) All you need to do is change the entry IP on the "Server host or address" line in the OpenVPN client page on pfsense, then save. You may also need to reset states after saving:

​https://192.168.1.1/diag_resetstate.php
​

Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#47 MrConducter

MrConducter

    Advanced Member

  • Members
  • PipPipPip
  • 96 posts

Posted 21 April 2016 - 03:32 AM

Yes, for best results set your router to access point mode. Most new-ish routers have this option. In access point mode, NAT is turned off on your router and it essentially runs as a switch. Plug it in to an interface and DHCP will pass right through it. This is the best way to do this, wireless support in FreeBSD and hence pfSense leaves something to be desired, but that really all depends on your personal use case.

 

You could also look into something more professional such as the Unifi access points from Ubiquiti Networks.

 

Thanks I appreciate the response!



#48 MrConducter

MrConducter

    Advanced Member

  • Members
  • PipPipPip
  • 96 posts

Posted 22 April 2016 - 05:48 PM

Ugh I keep having problems with pfSense. I'm about to quit. :angry: 

 

When I try and boot up 2.3 is gets hung on "Trying to mount root from ufs:/dev/ufs/pfSense [ro]". It won't do anything after displaying that message.

 

When I boot up 2.2.6 I can install until it comes time to detect the WAN and I don't have one on that machine and I don't know how to skip it so I can't even get past that part. It just keeps asking me to detect the WAN. FML.  :no:



#49 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 22 April 2016 - 06:06 PM

Download again and reflash to usb stick if that is what you are doing. I had this happen to me as well. Downloaded again, reflashed using rufus and off I went. It does sit on that screen for a minute though.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#50 onebarrell

onebarrell

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 23 April 2016 - 05:54 PM

Hello, pfSense_fan,

I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile.

 

I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has.

 

Thanks again.



#51 Casper31

Casper31

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts

Posted 24 April 2016 - 07:55 AM

Installed PfblockerNG on 2.3 .Everthing seems to work oke.

I noticed that the url`s from iblocklist can take a lot of resources .

​Question about the configuration :if you mark openvpn on the general page ,how does it work with openvpn client.

​Because i do not see any firewall rule appear.

Don`t know if make sense to make use of a floating rule.

Any ideas ​?

​Gr,casper


xmpp.airvpn.org ; D70D4969 808093D5 ED232F8A 1764CFBC C020509B


#52 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 24 April 2016 - 12:55 PM

Hello, pfSense_fan,
I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile.

I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has.

Thanks again.

 

 

Thank you, it means lot to read such a wonderful compliment. I am so glad it has helped you. For anyone interested, updating the guide from the original to the new 2.3 took over 100 hours of research and and editing. The original guide took well over a few thousand hours including learning/upgrading it between iterations. I rushed this one out to have it ready for 2.3. There will be small edits over time to explain in more detail what and why settings are recommended the way they are. For now I need a break from it. There will also be some additional optional steps added.
 
I hope it lasts as long too, and i really hope, as I always have, that discussion will pick up in this thread among users and together we can evolve the discussion to make this better for everyone.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#53 Voodoo1965

Voodoo1965

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 26 April 2016 - 11:08 AM

Hi, I followed this guide through (nice guide btw)..have rechecked and afaik all settings are correct but I can't access any DNS servers, the openvpn log says can't resolve host address

 

Prior to this setup I had been connecting through the pfsense router
using the airvpn "eddie" and was connecting without issue.

The only real difference to the guideline setup is this pfsense router
(192.168.3.1) is behind a NAT ISP router (192.168.1.1) so I was
replacing the 192.168.1.1 entries in the guide with 192.168.3.1

 

I'm not too experienced with this stuff but have included DNS resolver log -

 

Apr 26 21:00:30     unbound     91287:3     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:30     unbound     91287:3     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:30     unbound     91287:2     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:30     unbound     91287:2     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:30     unbound     91287:2     debug: cache memory msg=77683 rrset=66072 infra=3130 val=66280
Apr 26 21:00:30     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:30     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:30     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:30     unbound     91287:2     info: 0.000000 0.000001 659
Apr 26 21:00:30     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:30     unbound     91287:2     info: [25%]=2.52656e-07 median[50%]=5.05311e-07 [75%]=7.57967e-07
Apr 26 21:00:30     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:30     unbound     91287:2     info: average recursion processing time 0.391632 sec
Apr 26 21:00:30     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 666 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:30     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:30     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:30     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:30     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:30     unbound     91287:2     info: validator operate: query db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:30     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:30     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:30     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:30     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:30     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:30     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:30     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:30     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:30     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:30     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:30     unbound     91287:2     info: processQueryTargets: db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:30     unbound     91287:2     debug: forwarding request
Apr 26 21:00:30     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:30     unbound     91287:2     info: resolving db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:30     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:30     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:30     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:30     unbound     91287:2     info: validator operate: query db.au.clamav.net.home. A IN
Apr 26 21:00:30     unbound     91287:2     debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Apr 26 21:00:30     unbound     91287:2     debug: mesh_run: start
Apr 26 21:00:30     unbound     91287:2     debug: udp request from ip4 127.0.0.1 port 37143 (len 16)
Apr 26 21:00:30     unbound     91287:2     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:29     unbound     91287:0     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:29     unbound     91287:0     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:29     unbound     91287:3     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:29     unbound     91287:3     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:2     debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280
Apr 26 21:00:28     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:28     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:28     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:28     unbound     91287:2     info: 0.000000 0.000001 658
Apr 26 21:00:28     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:28     unbound     91287:2     info: [25%]=2.5266e-07 median[50%]=5.05319e-07 [75%]=7.57979e-07
Apr 26 21:00:28     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:28     unbound     91287:2     info: average recursion processing time 0.392221 sec
Apr 26 21:00:28     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 665 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:28     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:28     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:28     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:28     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:28     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:28     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:28     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:28     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:28     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:28     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:28     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:28     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:28     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:28     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:28     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:28     unbound     91287:2     info: processQueryTargets: 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:28     unbound     91287:2     debug: forwarding request
Apr 26 21:00:28     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:28     unbound     91287:2     info: resolving 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:28     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:28     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:28     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:28     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. AAAA IN
Apr 26 21:00:28     unbound     91287:2     debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Apr 26 21:00:28     unbound     91287:2     debug: mesh_run: start
Apr 26 21:00:28     unbound     91287:2     debug: udp request from ip4 127.0.0.1 port 60673 (len 16)
Apr 26 21:00:28     unbound     91287:2     debug: answer from the cache failed
Apr 26 21:00:28     unbound     91287:2     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:0     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:0     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:28     unbound     91287:3     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:28     unbound     91287:3     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:2     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:2     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:2     debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280
Apr 26 21:00:27     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:27     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:27     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:27     unbound     91287:2     info: 0.000000 0.000001 657
Apr 26 21:00:27     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:27     unbound     91287:2     info: [25%]=2.52664e-07 median[50%]=5.05327e-07 [75%]=7.57991e-07
Apr 26 21:00:27     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:27     unbound     91287:2     info: average recursion processing time 0.392812 sec
Apr 26 21:00:27     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 664 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:27     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:27     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:27     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:27     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:27     unbound     91287:2     info: validator operate: query nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:27     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:27     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:27     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:27     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:27     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:27     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:27     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:27     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:27     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:27     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:27     unbound     91287:2     info: processQueryTargets: nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:27     unbound     91287:2     debug: forwarding request
Apr 26 21:00:27     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:27     unbound     91287:2     info: resolving nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:27     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:27     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:27     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:27     unbound     91287:2     info: validator operate: query nl.vpn.airdns.org. A IN
Apr 26 21:00:27     unbound     91287:2     debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Apr 26 21:00:27     unbound     91287:2     debug: mesh_run: start
Apr 26 21:00:27     unbound     91287:2     debug: udp request from ip4 127.0.0.1 port 1665 (len 16)
Apr 26 21:00:27     unbound     91287:2     debug: answer from the cache failed
Apr 26 21:00:27     unbound     91287:2     info: receive_udp on interface: 127.0.0.1
Apr 26 21:00:27     unbound     91287:3     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:27     unbound     91287:3     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:26     unbound     91287:0     info: send_udp over interface: 192.168.3.1
Apr 26 21:00:26     unbound     91287:0     info: receive_udp on interface: 192.168.3.1
Apr 26 21:00:26     unbound     91287:2     debug: cache memory msg=77508 rrset=66072 infra=3130 val=66280
Apr 26 21:00:26     unbound     91287:2     info: 0RDd mod1 rep 2.pool.ntp.org.home. A IN
Apr 26 21:00:26     unbound     91287:2     info: 128.000000 256.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 32.000000 64.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 16.000000 32.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 8.000000 16.000000 3
Apr 26 21:00:26     unbound     91287:2     info: 2.000000 4.000000 1
Apr 26 21:00:26     unbound     91287:2     info: 0.000000 0.000001 656
Apr 26 21:00:26     unbound     91287:2     info: lower(secs) upper(secs) recursions
Apr 26 21:00:26     unbound     91287:2     info: [25%]=2.52668e-07 median[50%]=5.05335e-07 [75%]=7.58003e-07
Apr 26 21:00:26     unbound     91287:2     info: histogram of recursion processing times
Apr 26 21:00:26     unbound     91287:2     info: average recursion processing time 0.393404 sec
Apr 26 21:00:26     unbound     91287:2     info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 663 recursion replies sent, 0 replies dropped, 0 states jostled out
Apr 26 21:00:26     unbound     91287:2     debug: query took 0.000000 sec
Apr 26 21:00:26     unbound     91287:2     info: send_udp over interface: 127.0.0.1
Apr 26 21:00:26     unbound     91287:2     debug: mesh_run: validator module exit state is module_finished
Apr 26 21:00:26     unbound     91287:2     debug: cannot validate non-answer, rcode SERVFAIL
Apr 26 21:00:26     unbound     91287:2     debug: validator: nextmodule returned
Apr 26 21:00:26     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. A IN
Apr 26 21:00:26     unbound     91287:2     debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 26 21:00:26     unbound     91287:2     debug: mesh_run: iterator module exit state is module_finished
Apr 26 21:00:26     unbound     91287:2     debug: return error response SERVFAIL
Apr 26 21:00:26     unbound     91287:2     debug: store error response in message cache
Apr 26 21:00:26     unbound     91287:2     debug: configured forward servers failed -- returning SERVFAIL
Apr 26 21:00:26     unbound     91287:2     debug: No more query targets, attempting last resort
Apr 26 21:00:26     unbound     91287:2     debug: rtt=120000
Apr 26 21:00:26     unbound     91287:2     debug: servselect ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:26     unbound     91287:2     debug: attempt to get extra 3 targets
Apr 26 21:00:26     unbound     91287:2     debug: ip4 10.4.0.1 port 53 (len 16)
Apr 26 21:00:26     unbound     91287:2     info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
Apr 26 21:00:26     unbound     91287:2     debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Apr 26 21:00:26     unbound     91287:2     info: processQueryTargets: 2.pool.ntp.org. A IN
Apr 26 21:00:26     unbound     91287:2     debug: iter_handle processing q with state QUERY TARGETS STATE
Apr 26 21:00:26     unbound     91287:2     debug: forwarding request
Apr 26 21:00:26     unbound     91287:2     debug: request has dependency depth of 0
Apr 26 21:00:26     unbound     91287:2     info: resolving 2.pool.ntp.org. A IN
Apr 26 21:00:26     unbound     91287:2     debug: iter_handle processing q with state INIT REQUEST STATE
Apr 26 21:00:26     unbound     91287:2     debug: process_request: new external request event
Apr 26 21:00:26     unbound     91287:2     debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Apr 26 21:00:26     unbound     91287:2     debug: mesh_run: validator module exit state is module_wait_module
Apr 26 21:00:26     unbound     91287:2     debug: validator: pass to next module
Apr 26 21:00:26     unbound     91287:2     info: validator operate: query 2.pool.ntp.org. A IN



#54 bama

bama

    Member

  • Members
  • PipPip
  • 11 posts

Posted 27 April 2016 - 09:52 PM

pfSense_fan,hope you are well,quick question,I have all settings in properly I believe and I have Internet access as well as vpn connection to air but when I try to run a dns leak test I can't get any result also in my tablet my router 192.168.1.1 is the same as my dns any chance you can help me find error by the way I used 10.4.0.1 as dns on general set up page.and thanks for your time.

#55 LazyLizard14

LazyLizard14

    Advanced Member

  • Members
  • PipPipPip
  • 78 posts

Posted 27 April 2016 - 10:05 PM

Great work pfSense_fan! I see there are some changes in the custom options / advanced configuration of the VPN client compared to the older guide. You noticed some changes in performance of the VPN connection compared to the old ones?



#56 bama

bama

    Member

  • Members
  • PipPip
  • 11 posts

Posted 28 April 2016 - 02:11 PM

Can anyone who has used the 2.3 to do a fresh install help me out,I'm noticing since I set it up that I my the router and dns fields in my iPad now display the same number my Vpn connection is to air servers seem to be working,but my dns seems to be off I can't run dnsleaktest the airvpn speed test no longer works,I have checked and rechecked settings all seem ok unless I just missed something.thanks for any help you can give,I know I'm not being specific but I'm describing what's happening.

#57 jds_uniphase

jds_uniphase

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 28 April 2016 - 07:11 PM

Great guide!

 

i followed the instructions and everything seems to be working.

except i can't ping python.org.

i can do it from the diagnostics, but not from the console.

 

any suggestions?



#58 isengar

isengar

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 28 April 2016 - 08:20 PM

have a question in

Step 4-A: Assigning the OpenVPN Interface

 

i followed the setup, but it will not allow me to save at this point. I get this error

 

The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.

 

but under IPv4 Configuration Type set to none.

ame as ip6 

 

i have checked the dhcp server it only active on my lan.

i have stop DHCP and rebooted. it still gives me the error 

but my internet feed from cogeco is set to dhcp (do not have a static ip from them )



#59 isengar

isengar

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 29 April 2016 - 12:32 AM

thanks for the guide,

solved my interface save problem

Bill



#60 MrConducter

MrConducter

    Advanced Member

  • Members
  • PipPipPip
  • 96 posts

Posted 29 April 2016 - 03:40 AM

Hello, pfSense_fan,
I want to thank you for your guide on how to setup PFSense 2.3 for use with AirVPN. I have my PFSense box setup following your detailed instructions, and it is working great. I appreciate the effort that you went to, providing myself and others with your guide. I know it was a lot of work that took many hours and days to compile.

I had been using your previous PFSense guide for AirVPN for the last couple of years without any problems. It still works perfectly by the way. It has always updated and continued working fine whenever a newer version of PFSense was released. I hope this guide will last as long as your previous one has.

Thanks again.

 

 

Thank you, it means lot to read such a wonderful compliment. I am so glad it has helped you. For anyone interested, updating the guide from the original to the new 2.3 took over 100 hours of research and and editing. The original guide took well over a few thousand hours including learning/upgrading it between iterations. I rushed this one out to have it ready for 2.3. There will be small edits over time to explain in more detail what and why settings are recommended the way they are. For now I need a break from it. There will also be some additional optional steps added.
 
I hope it lasts as long too, and i really hope, as I always have, that discussion will pick up in this thread among users and together we can evolve the discussion to make this better for everyone.

 

Great work dude I really am impressed. It took me 4 hours to get through it and then I messed something up so it didn't work anyways lol! There is no way in hell I would have the time/patience/knowledge to make something like this. It's invaluable to noobs like me. I'm still working through it...and I thought setting up DD-WRT was hard haha







Similar Topics Collapse


15 user(s) are reading this topic

0 members, 15 guests, 0 anonymous users

Servers online. Online Sessions: 12521 - BW: 35181 Mbit/sYour IP: 54.81.102.236Guest Access.