OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7
-
@heuvep said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
here is something wrong in the settings icw pfsense
Maybe the app uses a hard coded IP? What I can tell you is the names they list on their sites for the end points do not resolve on the public internet. That is just fact..
Its quite possible maybe they changed them - what I would be really concerned with is zero answer to support request.. If they changed their fqdn they use for their end points, they clearly should list them or let their clients know etc..
Per their own instructions says to use a list from here.
https://www.vpnsecure.me/vpn-locations//
None of those resolve..
$ dig us1.vpnsecure.me ; <<>> DiG 9.16.44 <<>> us1.vpnsecure.me ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55199 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;us1.vpnsecure.me. IN A ;; AUTHORITY SECTION: vpnsecure.me. 3600 IN SOA darwin.ns.cloudflare.com. dns.cloudflare.com. 2321840821 10000 2400 604800 1800 ;; Query time: 42 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Mon Oct 09 14:35:39 Central Daylight Time 2023 ;; MSG SIZE rcvd: 109So no it would not be possible for pfsense to connect to some fqdn that does not resolve on the public internet. That is not something wrong with pfsense.
-
I did find out that they not use dns anymore but hard ip adres. I did regenerate a new config zip file and then you get a email with the config files and then you see it uses ip adres and not dns.
client
proto udp
dev tun
remote 212.83.133.203 1281
cipher AES-128-CBC
verb 3
mute 20
keepalive 10 120
comp-lzo
float
persist-key
persist-tun
resolv-retry infinite
nobind
auth-nocache
remote-cert-tls server -
@heuvep well that would explain the problem - so nice of them to let their users know ;)
So you should update your config on pfsense to use IP vs fqdn (that doesn't resolve) and you should be good to go then.
-
Thats correct, if you login with your account ont there portal and generate a new config for your self it uses ip adres instead of fqdn. it will be update in the back in the app but they have not communicate at all. Yesterday i did receive a mail and that triggert me. I will test today to see if it works.
So if you do not use the app you need the new ip adresses and hope they do no change all the time! -
Yes it works now. So you need to use the ipadres.
-
@heuvep & all
Hi guys !
Thanx for this tip / generation of new config
I tested with success with remote 212.83.133.203 1281 => I have connexion, but a very bad rate ... :-(Of course, I asked a new config server, but I just receive .. nothing !
So, can we share a list of IP adresses please ? Besides 212.83.133.203, do we know another IP adresses ?
Can we also share location for each IP ?Have a nice day !
Regards
W.
-
When you login the portal you can generate the config file your self. You then get a zip file with lot of ovpn files from diffrent country's. You can find the ipadres in that file
-
usa -> 216.105.168.250
-
I did receive a anwser from helpdesk :
========= RESPOND ABOVE THIS LINE =========
Yes this is normal, DNS is not working at the moment.
Please go there:
https://www.vpnsecure.me/members/index.php?do=profile
And click "Generate Server Configs", you'll receive them by email.
Best Regards,
Adrian. -
Hi @heuvep
I finally received an answer by mail last friday (with
however, after revisiting my pfSense configuration with following params (see below), OpenVpn Tunnel is up, but none traffic can be routed inside ... :-(
of course, no modif in pfSense FW rules between old config (down) and new (up)client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert m_nge.crt
key m_nge.key
remote 151.80.148.150 1281
cipher AES-128-CBC
verb 2
mute 20
keepalive 3 10
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
auth-nocache
remote-cert-tls serverDid I miss something ? Can you please confirm each field ?
Regards !!
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
but none traffic can be routed inside
What can not be routed where?
-
no traffic inside VPN.S OpenVPN tunnel whereas flux should be OK (no change in menu Firewall / Rules / LAN )
I think I missed something in my VPN.S client configuration (menu services / VPN / openvpn / client) ; I look for what, so my question ...
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
no traffic inside VPN.S OpenVPN tunnel whereas flux should be OK
Not helping to be honest, its more like you just had a stroke or something.. "whereas flux should be OK " ???
I think I missed something in my VPN.S client configuration
How would you have missed something.. If all you did was upgrade there wouldn't be any changes, etc..
-
I try to check each param
client
proto udp => field protocol
dev tun => field device mode
ca ca.crt => field ...
dh dh2048.pem => field ...
cert m_nge.crt => field ...
key m_nge.key => field client certificate
remote 151.80.148.150 1281 => fields server host + server port
cipher AES-128-CBC => field data encryption algorithms
verb 2 => field ...
mute 20 => field ...
keepalive 3 10 => field ...
comp-lzo => field ...
persist-key => field ...
persist-tun => field ...
float => field ...
resolv-retry infinite => field ...
nobind => field ...
auth-nocache => field ...
remote-cert-tls server => field ...a screenshot or precisions would be appreciate to be sure ...
Regards
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
I try to check each param
You said you connected, none of those settings would have anything to do with "routing" or not routing.. If you wan some clients to use your vpn connection, that would be setup via a policy route in your firewall rules.
If you want all of your traffic to go out this vpn that could also be set in your gateways and what is set as default..
-
@johnpoz said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
I try to check each param
You said you connected, none of those settings would have anything to do with "routing" or not routing.. If you wan some clients to use your vpn connection, that would be setup via a policy route in your firewall rules.
Perhaps, but not sure ... I really appreciate to have a verif for each field ... only because I didn't change anything in my firewall rules ...
However, I never said I want some client to use my vpn connection
If you really want to help me, please check with me each field in the conf ...If you want all of your traffic to go out this vpn that could also be set in your gateways and what is set as default..
That's no either the subject ... but thx !
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
If you really want to help me, please check with me each field in the conf ...
Why would I waste such time.. Again none of those have anything to do with routing.. Just a quick glance your not actually showing the config anyway.. Here is a client config from pfsense for openvpn
[23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3: cat config.ovpn dev ovpnc3 disable-dco verb 1 dev-type tun dev-node /dev/tun3 writepid /var/run/openvpn_client3.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 209.snipped tls-client lport 0 management /var/etc/openvpn/client3/sock unix remote 209.snipped 1194 udp4 pull capath /var/etc/openvpn/client3/ca cert /var/etc/openvpn/client3/cert key /var/etc/openvpn/client3/key tls-crypt /var/etc/openvpn/client3/tls-crypt data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM data-ciphers-fallback AES-128-GCM allow-compression no resolv-retry infinite route-noexec tls-version-min 1.3 route-nopull [23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3:Not sure what you posted - but clearly its not complete, nor a screenshot even from your gui setup of your client, etc.
So how do I know if you even put in what you posted, etc.
-
@johnpoz said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
Please note we are in a particular case, around VPN.S provider ...
Regarding my post, I only share information communicated by provider ; as I said, I just try WITH PEOPLE WHO SHARES THE SAME DIFFICULTIES WITH THIS PROVIDER to confront configurations and experience return@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
If you really want to help me, please check with me each field in the conf ...
Why would I waste such time.. Again none of those have anything to do with routing.. Just a quick glance your not actually showing the config anyway.. Here is a client config from pfsense for openvpn
If you answer, it's because you have solution ... or not !
If you don't want to waste such time, don't answer ... I didn't ping you, but @heuvep[23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3: cat config.ovpn dev ovpnc3 disable-dco verb 1 dev-type tun dev-node /dev/tun3 writepid /var/run/openvpn_client3.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 209.snipped tls-client lport 0 management /var/etc/openvpn/client3/sock unix remote 209.snipped 1194 udp4 pull capath /var/etc/openvpn/client3/ca cert /var/etc/openvpn/client3/cert key /var/etc/openvpn/client3/key tls-crypt /var/etc/openvpn/client3/tls-crypt data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM data-ciphers-fallback AES-128-GCM allow-compression no resolv-retry infinite route-noexec tls-version-min 1.3 route-nopull [23.05.1-RELEASE][admin@sg4860.local.lan]/var/etc/openvpn/client3:Not sure what you posted - but clearly its not complete, nor a screenshot even from your gui setup of your client, etc.
see above ...
So how do I know if you even put in what you posted, etc.
I didn't catch your point, but thx anyway for your efforts
Regards
W.
-
I found my issue : compression param was misconfigured ! :-)
I was able to find thanks to @johnpoz config share !
Regards
W.
-
@walternet said in OpenVPN Client Issue with VPN.S (VPNSecure.me) after upgrading 2.6 -> 2.7:
compression param was misconfigured
which has nothing to do with "routing" which was your question.. Glad you got it sorted!
