open vpn ip
-
@vusqq
You're pretty miserly with details. Still not clear to me, what you intend to achieve, what you configured already and what the actual problem is now. -
@viragomann to setup a vpn on my pfsense box so all connected devices via ethernet are hiding ip
-
@vusqq said in open vpn ip:
connected devices via ethernet are hiding ip
No idea, what this should tell me.
Okay, very last try.
VPN server or client?
What is your recent setup?
Do you get a connection?
If so, do you get anywhere across the VPN?
What is the problem? -
@viragomann okay maybe I got this all wrong
im under the assumption openvpn is a free vpn service that I can use on pfsense -
@vusqq
It is. But it can be used in different ways.
So without any information about what you intend, we can’t give support. -
@viragomann I intend to use it as a regular vpn thats installed on my router (netgate which is connected to my isp) to give my connected devices a different ip
after exporting file, this is the error message that im getting
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
im a newbie so im not familiar with any of this but thanks for the assist, if it gets too complicated I will just proceed to purchase express -
@vusqq
This error message indicates that the client does not get a response from the server. Most probably reason for this is that the server is not reachable.Does the pfSense have a real public WAN IP?
Or maybe it is behind an ISP router or the ISP provides only a CG-NAT to you? -
@viragomann yes, it has a real public wan ip
-
@vusqq
I assume, you're able to determine this, but refer to https://en.wikipedia.org/wiki/Private_network, which describes what are non-public IPs.For investigation you can go to Diagnostic > Packet Capture on pfSense and sniff the traffic on WAN interface. Set the port filter to that one you use for OpenVPN (e.g. 1194), start the capture and try to connect from the internet.
After stopping the capture, you should see packets, if they arrived at your WAN.
-
@vusqq said in open vpn ip:
@viragomann okay maybe I got this all wrong
im under the assumption openvpn is a free vpn service that I can use on pfsenseWhat server are you trying to connect to?
You do realize that this is not a VPN service such as being advertised out there to hide you on the internet.. correct? although there are services that allow you to use OpenVPN to connect to them..
-
@chpalmer I was under the assumption, but now im realizing. thanks for the clarification.
-
@chpalmer I just tried installing expressvpn on my netgate1100 and was told by a express rep that its not compatible? is wireguard a vpn that will hide my ip?
-
@vusqq said in open vpn ip:
I just tried installing expressvpn on my netgate1100 and was told by a express rep that its not compatible?
Hummm.
Install Google ad fire it up.
Enter pfsense expressvpnand admire the results.
The very first link is www.expressvpn.com - this might actually be the site of ExpressVPN.
I'll leave it up to you to see if that's true.
Expressvpn : Setup Tutorials : How to set up ExpressVPN on pfSense (OpenVPN)The thing is : ExpressVPN, or not, they want you should install on any device, your phone, PC, whatever, their 'app'. They control and develop that app, they tested it for you.
If you decide to use ExpressVPN (any VPN) on your own router, like pfSense, you need to handle this :dev tun fast-io persist-key persist-tun nobind remote netherlands-amsterdam-ca-version-2.expressnetw.com 1195 remote-random pull comp-lzo no tls-client verify-x509-name Server name-prefix ns-cert-type server key-direction 1 route-method exe route-delay 2 tun-mtu 1500 fragment 1300 mssfix 1200 verb 3 cipher AES-256-CBC keysize 256 auth SHA512 sndbuf 524288 rcvbuf 524288 auth-user-pass etc etc etcyourself.
I know, you are paying every month, but they are not going to help with that.I'm using ExpresVPN right now, with pfSense as a OpenVPN client.
That is, it's connected. I'm routing nothing over it, it's just a spare WAN-IP connection.
-
@gertjan appreciate the help
I will try to do it right now, just hope there isn't an issue with my openvpn server (in learning) -
@gertjan expressvpn status shows down
the tunnel ip I used for openvpn server is 192.168.2.0/24, my lan is default pfsense
is the firewall aliases Network or FQDN: Enter 192.168.1.0 suppose to match?
also there was 2 steps on the setup guide that I did not see on pfsense
enable nap-uncheck this box and Compression: Select Adaptive LZO Compression [Legacy, comp-lzo adaptive]. -
@vusqq :
This is what I have :
And these are the custom settings :
@vusqq said in open vpn ip:
expressvpn status shows down
In that case, go have a look why
Check the last line of Status > System Logs > OpenVPN
Now (re)start the OpenVPN express vpn client instance (on the dashboard).
Check again Status > System Logs > OpenVPN : everything that was added is probably from the openvpn client trying to connect to expressvpn : what does it say ? -
@gertjan thanks a lot for the screenshot
guide didn't state I have to change "allow compression" so it didn't give me the option to choose "adaptive lzo compression"
but now it shows expressvpn is up but status shows "Reconnecting (Auth Failure)"
im pretty sure my ovpn server isn't configured right which ive been messing around with.
should I leave it "peer2peer or last option even though I won't be needing to log in outside my home?
also what ip should I insert for tunnel on a default network? and im leaving local blank if thats okay. -
do I have to have openvpn server up and running in order for expressvpn to work or can I just delete openvpn completely?
-
@vusqq said in open vpn ip:
do I have to have openvpn server up and running in order for expressvpn to work
OpenVPN server and OpenVPN client are two different programs.
See the OpenVPN server as a web server. You can use it to connect you phone to your home network, when your out there in the world.
OpenVPN client is the browser. You use the OpenVPN client to connect another OpenVPN server, like ExpressVPN or another pfSense with Open server.@vusqq said in open vpn ip:
can I just delete openvpn completely?
What do you mean ? OpenVPN server ? If you don't need or use the server, you can delete it.
@vusqq said in open vpn ip:
status shows "Reconnecting (Auth Failure)"
The logs lines say ?
Auth failure = one of these is wrong :
or your crypto settings :
@vusqq said in open vpn ip:
also what ip should I insert for tunnel on a default network?
Your client connects to a Express VPN server, and that one will send over the details.
Btw : to understand why there are slight differences with the settings on the express vpn web page, and pfSense : pfsense uses openVPN (OpenSSL) version 2.6.x. Express is using another, older (?) version. They probably also compiled their own optimized version.
@vusqq said in open vpn ip:
im pretty sure my ovpn server
? OpenVPN client is used to connect to ExpressVPN.
What is your goal ?
Using the OpenVPN server ?
I was understanding you wanted to use ExpressVPN. -
@gertjan thanks for explaining.
yes just to use express vpn. i deleted the openvpn server as i dont have any use for it and its ca/cert.
i followed a guide last night for my systems version (23.01), (though it mightve worked if i wouldve checked my cryptographic settings) and now its connected and giving me a virtual ip but still showing my current ip on browser?
these are first 4 log linesMANAGEMENT: Client disconnected
Mar 28 07:17:48 openvpn 95571 MANAGEMENT: CMD 'status 2'
Mar 28 07:17:48 openvpn 95571 MANAGEMENT: CMD 'state 1'
Mar 28 07:17:48 openvpn 95571 MANAGEMENT: Client connected from /var/etc/openvpn/client3/sockand these are the 2 warnings that i see
VERIFY WARNING: depth=1, unable to get certificate CRL: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Mar 28 07:17:43 openvpn 95571 VERIFY WARNING: depth=0, unable to get certificate CRL: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-10802-0a, emailAddress=support@expressvpn.com
