open vpn ip

viragomann

@vusqq said in open vpn ip:

this is just for regular home setup.

I'd suggest to delete all OpenVPN settings and run the wizard. Go through it, it does all settings fine for this purpose and it's quite easy.

vusqq

@viragomann just did but how do I get my lan subnet for local network?

on status/openvpn it shows that its running but still doesn't hide my ip? I would like it to run through my 3 ethernet ports?

chpalmer

@vusqq said in open vpn ip:

@viragomann just did but how do I get my lan subnet for local network?

on status/openvpn it shows that its running but still doesn't hide my ip? I would like it to run through my 3 ethernet ports?

You are lacking an awful lot of information here for anyone to guess but Im going to take a swag and guess that you have a LAN on 192.168.1.0/24 (the default pfsense LAN address subnet)

correct?

vusqq

@chpalmer correct, though its 1.1

I think I just learnt how to set it up on pfsense

chpalmer

@vusqq

Good luck man!

vusqq

@chpalmer appreciate it

vusqq

@chpalmer still having a hard time here. I've tried using 10.50.100.0/30 as tunnel and many other ip but with no success.
as I mentioned this is just for home network, streaming/gaming/browsing, so not exactly sure what im doing wrong.

viragomann

@vusqq
You're pretty miserly with details. Still not clear to me, what you intend to achieve, what you configured already and what the actual problem is now.

vusqq

@viragomann to setup a vpn on my pfsense box so all connected devices via ethernet are hiding ip

viragomann

@vusqq said in open vpn ip:

connected devices via ethernet are hiding ip

No idea, what this should tell me.

Okay, very last try.
VPN server or client?
What is your recent setup?
Do you get a connection?
If so, do you get anywhere across the VPN?
What is the problem?

vusqq

@viragomann okay maybe I got this all wrong
im under the assumption openvpn is a free vpn service that I can use on pfsense

viragomann

@vusqq
It is. But it can be used in different ways.
So without any information about what you intend, we can’t give support.

vusqq

@viragomann I intend to use it as a regular vpn thats installed on my router (netgate which is connected to my isp) to give my connected devices a different ip
after exporting file, this is the error message that im getting
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
im a newbie so im not familiar with any of this but thanks for the assist, if it gets too complicated I will just proceed to purchase express

viragomann

@vusqq
This error message indicates that the client does not get a response from the server. Most probably reason for this is that the server is not reachable.

Does the pfSense have a real public WAN IP?
Or maybe it is behind an ISP router or the ISP provides only a CG-NAT to you?

vusqq

@viragomann yes, it has a real public wan ip

viragomann

@vusqq
I assume, you're able to determine this, but refer to https://en.wikipedia.org/wiki/Private_network, which describes what are non-public IPs.

For investigation you can go to Diagnostic > Packet Capture on pfSense and sniff the traffic on WAN interface. Set the port filter to that one you use for OpenVPN (e.g. 1194), start the capture and try to connect from the internet.

After stopping the capture, you should see packets, if they arrived at your WAN.

chpalmer

@vusqq said in open vpn ip:

@viragomann okay maybe I got this all wrong
im under the assumption openvpn is a free vpn service that I can use on pfsense

What server are you trying to connect to?

You do realize that this is not a VPN service such as being advertised out there to hide you on the internet.. correct? although there are services that allow you to use OpenVPN to connect to them..

vusqq

@chpalmer I was under the assumption, but now im realizing. thanks for the clarification.

vusqq

@chpalmer I just tried installing expressvpn on my netgate1100 and was told by a express rep that its not compatible? is wireguard a vpn that will hide my ip?

Gertjan

@vusqq said in open vpn ip:

I just tried installing expressvpn on my netgate1100 and was told by a express rep that its not compatible?

Hummm.
Install Google ad fire it up.
Enter pfsense expressvpn

and admire the results.
The very first link is www.expressvpn.com - this might actually be the site of ExpressVPN.
I'll leave it up to you to see if that's true.
Expressvpn : Setup Tutorials : How to set up ExpressVPN on pfSense (OpenVPN)

The thing is : ExpressVPN, or not, they want you should install on any device, your phone, PC, whatever, their 'app'. They control and develop that app, they tested it for you.
If you decide to use ExpressVPN (any VPN) on your own router, like pfSense, you need to handle this :

dev tun
fast-io
persist-key
persist-tun
nobind
remote netherlands-amsterdam-ca-version-2.expressnetw.com 1195
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
etc etc etc

yourself.
I know, you are paying every month, but they are not going to help with that.

I'm using ExpresVPN right now, with pfSense as a OpenVPN client.
That is, it's connected. I'm routing nothing over it, it's just a spare WAN-IP connection.