OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7
-
@walternet , Same problem and also contact vpnsecure.me but no result. I did find some patches for pfsense but also no result.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
at2.vpnsecure.me:1282 (Name does not resolve)
well because its not resolving - only get back SOA
;; QUESTION SECTION: ;at2.vpnsecure.me. IN A ;; AUTHORITY SECTION: vpnsecure.me. 3600 IN SOA darwin.ns.cloudflare.com. dns.cloudflare.com. 2317476893 10000 2400 604800 1800So there is no record for that in dns..
Without the host the domain resolves, and so does www.
;; QUESTION SECTION: ;vpnsecure.me. IN A ;; ANSWER SECTION: vpnsecure.me. 3600 IN A 104.21.58.111 vpnsecure.me. 3600 IN A 172.67.203.149 ;; QUESTION SECTION: ;www.vpnsecure.me. IN A ;; ANSWER SECTION: www.vpnsecure.me. 3600 IN A 172.67.203.149 www.vpnsecure.me. 3600 IN A 104.21.58.111Do they provide another endpoint to use? But yeah that at2 is not resolving on the public internet, so no you wouldn't be able to connect to it.
I tried a bunch of their locations listed here
https://www.vpnsecure.me/vpn-locations/None of them were resolving - maybe they changed the domain name? Or maybe they are just having a dns problem with all of their endpoints. But the error is correct, they are not resolving on the public internet..
-
@johnpoz , thanx a lot for this confirmation
however, i don't understand the reason why this situation appeared JUST AFTER upgrade 2.6 -> 2.7
If someone could test on 2.6 ...Regards
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
UST AFTER upgrade 2.6 -> 2.7
Called coincidence.. Doesn't matter what pfsense version you use, what you use for dns, the fqdn for all of their locations are currently not resolving.. Pfsense has zero to do with it..
;; QUESTION SECTION: ;at2.vpnsecure.me. IN A ;; AUTHORITY SECTION: vpnsecure.me. 1800 IN SOA darwin.ns.cloudflare.com. dns.cloudflare.com. 2317476893 10000 2400 604800 1800 ;; Query time: 58 msec ;; SERVER: 8.8.8.8#53(8.8.8.8)They currently have a problem with their DNS.. Or they have changed the domain they are using for their locations? And didn't let their users know..
What I can tell you is that fqdn, nor any of the many others I tried on their locations list are working.. It has nothing to do with pfsense.
As to why it might of been working before you updated, is you had the IP cached in dns for whatever the length of the TTL was the last time you checked.. But when you upgraded, or if you would of restarted unbound or the forwarder on pfsense the cache would of been lost.. And currently those fqdns are not resolving for anyone on the planet..
Here - if you don't believe me
Clearly its not something with cloudflare - which is what they are using for dns doing any sort of geoip thing - dns servers all over the planet are not resolving that fqdn.
https://www.whatsmydns.net/#A/at2.vpnsecure.me
You need to contact them - which I am sure every single one of their users are, or will be when their dns cache expires.. Maybe the reason they are not answering you is they are busy working on the problem?
-
I don't believe coincidence ... :-) but I believe tests and yours results
But I'm afraid you're right, because I made same observations ...Despite several requests, they don't answer ... servers are probably off line ... only website is up ...
The company must have closed their doors ...
W.
-
@walternet I love how their locations page shows all of their nodes up ;) Yeah they might be up, but nobody can get to them because dns is borked.
As to you not believing coincidence - Here is how it could of gone down.. You last looked up that fqdn at 1pm, it had a ttl off say 24 hours, or even just 2 hours, etc.. The dns on pfsense would cache that result, lets say its 1.2.3.4
So until your cache expired, you could ask pfsense or pfsense itself looking up that fqdn would get it from its cache say 1.2.3.4.. Even if public dns broke.. You would still resolve it to 1.2.3.4.
Now you did an upgrade of pfsense, which going to reboot, and clear the dns cache.. So when pfsense comes back up, it will not be able to resolve that fqdn.. Because the dns is not working currently.
So working at 1pm, dns broke at 130pm, you updated pfsense at 2pm - now it looks like to you that the update to pfsense broke it. But that is not the case, the case was that dns broke at 130 and you just didn't notice because you had it cached.
edit: It could of even been longer than their ttl.. Once the connection is made, its not like pfsense has to look up that fqdn again.. It would of not had to look up that fqdn again until for whatever reason the vpn connection had to be remade.. Either way its just coincidence that you only noticed the problem when you updated pfsense.
For all we know their dns might of been broken for days or even weeks? But since you had an active connection didn't matter, you would of not noticed the dns is down until you needed to resolve it.. Which is currently not working.
-
yes, your explanation is coherent
maybe they provide new infrastructures ...
the last version of their Android app dates from August 30th 2023
They explain in the release list "server list updated" ...but I cannot get the server list in the app, because I cannont open it ...
to be continued after some additional tests ..
W.
-
I did find the vpnsecure app running on my ipad and see the same problem. Can not receive server list. So vpnsecure has a big problem and communicate nothing about it. It seems they are still selling accounts while there infrastructure is not working!
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
but I cannot get the server list in the app, because I cannont open it ...
Does the app work? If that was the case, then yeah that would point to they changed maybe the domain so maybe its now at2.newdomain.tld which might be working??
If the app works, unless its doing something like doh or dot or something, it would be easy enough to get the fqdn they are connecting to.. Or maybe their app only uses hard coded IPs now?
What I can say for sure - is that domain your trying to resolve in your vpn log, the error is spot on because that does not resolve.. And I tried many of their other location names, like they have us1, 2 and 3 and many more all over the place.. but using that domain vpnsecure.me and all of the names they have on the other nodes, none of the ones I tried resolved.
-
I connect to my private area on the vpnsecure website
I find in servers item following informations, for example : proxy-at1.vpnsecure.me
each server has for prefix "proxy-" with port 8080 but ... nothing else better in results !! :'-)
I maybe have to read some docs before have some ideas ...
to be continued ...
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
proxy-at1.vpnsecure.me
that doesn't resolve either, and that is not what the log says it was trying to connect too.. So if their plan is to move to naming scheme like that - its isn't currently working..
-
that doesn't resolve either, and that is not what the log says it was trying to connect too.. So if their plan is to move to naming scheme like that - its isn't currently working..
I saw that, yes ... :'-(
-
J johnpoz referenced this topic on
-
Some one any news on this problem?
grt
Pierre
-
-
Still nothing found?
-
@heuvep I still do not show them resolving..
Contact the company - sure hope you didn't pay for a year in advance..
-
I did install the app on my phone and then the vpn did work. So there is something wrong in the settings icw pfsense. Does anyone has the right serverlist?
grt
Pierre
-
@heuvep said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
here is something wrong in the settings icw pfsense
Maybe the app uses a hard coded IP? What I can tell you is the names they list on their sites for the end points do not resolve on the public internet. That is just fact..
Its quite possible maybe they changed them - what I would be really concerned with is zero answer to support request.. If they changed their fqdn they use for their end points, they clearly should list them or let their clients know etc..
Per their own instructions says to use a list from here.
https://www.vpnsecure.me/vpn-locations//
None of those resolve..
$ dig us1.vpnsecure.me ; <<>> DiG 9.16.44 <<>> us1.vpnsecure.me ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55199 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;us1.vpnsecure.me. IN A ;; AUTHORITY SECTION: vpnsecure.me. 3600 IN SOA darwin.ns.cloudflare.com. dns.cloudflare.com. 2321840821 10000 2400 604800 1800 ;; Query time: 42 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Mon Oct 09 14:35:39 Central Daylight Time 2023 ;; MSG SIZE rcvd: 109So no it would not be possible for pfsense to connect to some fqdn that does not resolve on the public internet. That is not something wrong with pfsense.
-
I did find out that they not use dns anymore but hard ip adres. I did regenerate a new config zip file and then you get a email with the config files and then you see it uses ip adres and not dns.
client
proto udp
dev tun
remote 212.83.133.203 1281
cipher AES-128-CBC
verb 3
mute 20
keepalive 10 120
comp-lzo
float
persist-key
persist-tun
resolv-retry infinite
nobind
auth-nocache
remote-cert-tls server -
@heuvep well that would explain the problem - so nice of them to let their users know ;)
So you should update your config on pfsense to use IP vs fqdn (that doesn't resolve) and you should be good to go then.