OpenVPN client assistance

Antibiotic

@viragomann So your wifi devices get IPs in 192.168.10.0/24 from pfSense and hence also get the DNS server? YES
Screenshot_4-4-2024_213437_192.168.10.1.jpeg Screenshot_4-4-2024_213342_192.168.10.1.jpeg Screenshot_4-4-2024_21337_192.168.10.1.jpeg

[2.7.2-RELEASE][admin@pfSense.home.arpa]/root: dig google.com

; <<>> DiG 9.18.19 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43895
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 172.217.21.174

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Apr 04 21:37:15 EEST 2024
;; MSG SIZE rcvd: 55

Antibiotic

@viragomann I have port restrictions for this interface, do not know this could be a problem or not?
Screenshot_4-4-2024_214555_192.168.10.1.jpeg Screenshot_4-4-2024_214410_192.168.10.1.jpeg

viragomann

@Antibiotic
I'm not in doubt, that pfSense can resolve host names well, to be honest. The point is, what you get on a wifi-connected device.

Antibiotic

@viragomann said in OpenVPN client assistance:

The point is, what you get on a wifi-connected device

What do you mean?

viragomann

@Antibiotic
Connect a laptop to the wifi and run nslookup or dig against a public host name on it.

Antibiotic

@viragomann Ah ok , this is a result from WIFI router:
Screenshot_4-4-2024_215842_192.168.10.10.jpeg Screenshot_4-4-2024_215751_192.168.10.10.jpeg Screenshot_4-4-2024_21576_192.168.10.10.jpeg

viragomann

@Antibiotic
Can you show the interface configuration of this device, please?

DNS resolution works so far obviously.

Antibiotic

@viragomann Do you mean LAN settings of WIFI router?

viragomann

@Antibiotic
This is the wifi router?
Then the test is useless. You need to check this from a device, which is connected to the wireless. This is, where you have troubles, so this case has to be investigated.

Antibiotic

@viragomann From Laptop connected to WIFI router result:
PS C:\Users\archi> nslookup google.com
Server: pfSense.home.arpa
Address: 192.168.10.1

Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:400f:80a::200e
172.217.21.174

PS C:\Users\archi> nslookup 8.8.8.8
Server: pfSense.home.arpa
Address: 192.168.10.1

Name: dns.google
Address: 8.8.8.8

PS C:\Users\archi>

Antibiotic

@viragomann Laptop settings:
Screenshot 2024-04-04 222711.png

viragomann

@Antibiotic
So everything seems fine on your site.

Now I have to ask again after 17 posts, what is the real problem??
Which kind of connection does not work?
What output do you get? Error message or whatever?

Antibiotic

@viragomann Sorry my friend, after 2 days of fighting with VPN, removed all. Could be next time try again but now my nervous system is become too weak))))) Anyway thanks a lot to try assist me and spent your time.

Gertjan

@Antibiotic said in OpenVPN client assistance:

but now my nervous system

Check this one - the whole story.

Now I write down what I think :

DNS is worth $$$
And who has access to : Your real IP and your DNS data ? and keep in mind that combination of the two make the data even more valuable ?
Right.
I thinks these *****VPN supplier really start to think lately about how to make the max out of it.
And thinks get even better : you pay them .... or, when you read the thread above, one might ask : why don't they pay me ? or you ?

Why would they do all this ?
Simple. if I or you were working for them, I (we) would do exactly that : DNS interception.

Again, me just thinking, right ^^

Antibiotic

@Gertjan I'm apologizing for this, but what the point of this message? Do not use any VPN services?

Gertjan

@Antibiotic said in OpenVPN client assistance:

Do not use any VPN services?

There is no definite yes or no answer.
You can use what you want. Just keep the list with pro and cons updated. When you use a "thing", you have to control and understand that thing.
Is it worth it ? Or not ? Up to you.

Antibiotic

@Gertjan How , its possible to control not your own VPN server outside?

Gertjan

@Antibiotic

You probably can't, but there is a way to make your question irrelevant.
And it is also what most, if not all VPN ISP want you to do : install their app on your device, activate it - enjoy. Chances are very great you won't have any issues.

The VPN ISPs control the app, as they build it. So, all they have to do make the app as slick as possible for everybody.

Using a "VPN ISP" with your own router firewall is most often not supported, barely tolerated, by most "VPN ISP", as they then also have to support all the versions, all possible settings, write and maintain manuals, etc etc.
Most often, is a "if you manage to get it work, that's great for you - if you don't : don't call us" condition.

If you find something like this "Setup Tutorials > How to set up xprssVPN on pfSense (OpenVPN)" and that page can be found on the site of the VPN ISP itself, and not Instagram or Toktik, and is recently updated (February 14, 2024) then that might say to you that it probably also actually works.
Btw : I'm not endorsing or recommending this VPN, it's just an example.

Something that worked well for me in the past, is actually applying what you've said above :

How , its possible to control not your own VPN server outside?

It's way more easier then you think to make this happening.
Since march 2020, millions if not billions did this : activate you own pfSense OpenVPN server.
Install a OpenVPN 'app' in your smartphone, pad or portable PC.
Now set up the OpenVPN server, use the pfSense blog page for a manual, or the pfSense manual, or one of the (old, yes, but still valid) Youtube Netgate channel OpenVPN videos.
The advantage is two fold : you start to know how things work, as you control both sides = you see the logs on both sides. "Logs" are essentiel here, not optional.
You also now have a secured remote access to your pfSense, and even your LAN's.
When you've seen all this working, you are ready to pick a VPN ISP. Now you have to knowledge to know how to select a good one.
And yeah, the 'price' is a factor, and present, somewhere buried in the list with your criteria.
You know now also that that youtuber that told you that you should use xxxVPN was just payed to tell you this. And I bet he didn't tell you to use it with pfSense, but with your phone or some other personnel hand held device.

Antibiotic

@Gertjan First of all, example of ExpressVPN. I don't trust VPN whom belong to KAPE Aliance ,formerly know as Crossrider (the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users' browsers via malware injection, redirect traffic to advertisers and slurp up private data). Yea you can create OpenVPN server on pfSense, the point that after pfSesne your traffic anyway will go unencrypted!

Antibiotic

@Antibiotic Kape the company used to distribute malware and now is a security company)))) Nonsense