Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to create an OpenVPN client to StrongVPN

    Scheduled Pinned Locked Moved OpenVPN
    157 Posts 56 Posters 224.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ericab
      last edited by

      ermal, thanks for the heads up;
      i have edited the how-to to reflect your advice

      1 Reply Last reply Reply Quote 0
      • Z
        zoltran
        last edited by

        Hello

        Does any have StrongVPN working in pf 1.2.3 ?
        Or can point me to a primer?
        Thanks

        1 Reply Last reply Reply Quote 0
        • H
          Hidden
          last edited by

          After section 1 all traffic is routerd true the VPN.

          anyone got policy routing working ?
          I would like to route netflix over vpn.

          1 Reply Last reply Reply Quote 0
          • H
            Hidden
            last edited by

            after a factory reset (i screwed some thing up in squid) it works great.

            Now i need some thing to route traffic over the vpn on url base.

            i found this interesting setup:
            http://webcache.googleusercontent.com/search?q=cache:EuMlcG_zcmIJ:www.shawnmolnar.com/blog/tag/hulu+hulu+netflix+script+vpn&cd=2&hl=nl&ct=clnk&gl=nl
            ( from google cache because the realsite is offline atm)

            1 Reply Last reply Reply Quote 0
            • Y
              yu130960
              last edited by

              @Hidden:

              After section 1 all traffic is routerd true the VPN.

              anyone got policy routing working ?
              I would like to route netflix over vpn.

              +1

              1 Reply Last reply Reply Quote 0
              • Y
                yu130960
                last edited by

                @Hidden:

                after a factory reset (i screwed some thing up in squid) it works great.

                Now i need some thing to route traffic over the vpn on url base.

                i found this interesting setup:
                http://webcache.googleusercontent.com/search?q=cache:EuMlcG_zcmIJ:www.shawnmolnar.com/blog/tag/hulu+hulu+netflix+script+vpn&cd=2&hl=nl&ct=clnk&gl=nl
                ( from google cache because the realsite is offline atm)

                Would this work on pfsense?  Has anyone tried it?

                1 Reply Last reply Reply Quote 0
                • 0
                  0tt0
                  last edited by

                  @Hidden:

                  After section 1 all traffic is routerd true the VPN.

                  anyone got policy routing working ?
                  I would like to route netflix over vpn.

                  I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

                  I haven't taken the time to finish my guide yet though.

                  1 Reply Last reply Reply Quote 0
                  • Y
                    yu130960
                    last edited by

                    @0tt0:

                    @Hidden:

                    After section 1 all traffic is routerd true the VPN.

                    anyone got policy routing working ?
                    I would like to route netflix over vpn.

                    I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

                    I haven't taken the time to finish my guide yet though.

                    This would be the guide that I would be looking forward to.  I will try to figure out the tunnel as a virtual wan interface, but would love to see a guide on how to set this up.  I couldn't figure it out and just got my refund from StrongVPN within their 7 days.  I will sign back up if I can get this setup to work.

                    Thanks for the post.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jeffnoone
                      last edited by

                      I am a complete newbie on FreeBSD and pfSense, but managing to get pfSense installed and then STrongVPN going using the various site tutorials. Suddenly pfSense has become very valuable to me for high-speed VPN connection. So thanks to ERicab and all here
                      Does this thread need to be updated given this post:
                      http://forum.pfsense.org/index.php/topic,32640.0.html

                      I made similar observations as ericab, as in that post
                      Enabling AON  uunder Firewall, NAT, outbound seems to be what was suggested in the thread linked, and seemed to work for me

                      Should this instruction be added to tutorial to get people up and running with most recent versions? - I dont know enough to know reliably one way or the other

                      Again thanks
                      Jeff

                      1 Reply Last reply Reply Quote 0
                      • Y
                        yu130960
                        last edited by

                        @0tt0:

                        @Hidden:

                        After section 1 all traffic is routerd true the VPN.

                        anyone got policy routing working ?
                        I would like to route netflix over vpn.

                        I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

                        I haven't taken the time to finish my guide yet though.

                        I know the guide is not ready yet, but can someone point me to another guide that would help me set up PFsense 2.0 with Strongvpn with the option of routing only some clients through the VPN while allowing others to go through the default gateway.

                        Thanks

                        1 Reply Last reply Reply Quote 0
                        • S
                          smirta
                          last edited by

                          Better performance & policy routing

                          Performance
                          I am using pfsense 2.0 RC1. In my case the settings below in the "Advanced Configuration" field of the OpenVPN connection tab are resulting in a more stable connection:

                          verb 4; mute 5;tun-mtu 1500;route-method exe;route-delay 2;explicit-exit-notify 2;fragment 1300;mssfix 1450;
                          

                          With these I can stream a lot more stable.

                          On the other hand I was interested in tunneling some clients to some ip addresses. It was quite an operation. I followed the guide above (thanks a lot to the author!) except the "all traffic through VPN" part.

                          Then I added a firewall rule to the LAN interface for a specific IP address to be routed through the OpenVPN . I figured out that after some time everything went through the WAN or through the VPN gateway (can't remember exactly which one). Additionally there was NAT didn't work as expected.

                          Fix NAT
                          I turned NAT off and added it manually. Firewall -> NAT -> Outbound : Add two entries there.

                          
                          Interface:    WAN
                          Source:       CIDR of your LAN (e.g. 192.168.1.0/24)
                          Description:  LAN -> WAN (or anything you want)
                          
                          
                          
                          Interface:    VPN
                          Source:       CIDR of your LAN (e.g. 192.168.1.0/24)
                          Description:  LAN -> OpenVPN (or anything you want)
                          
                          

                          Fix rules/gateways
                          After this NAT was working again. But there was still the problem with the routing of all traffic through either or the other interface. Somehow it was ignoring my rule. After some gambling around with the setting I was pretty surprised that "default" as gateway doesn't seem to work as expected. So I added to all rules a specific gateway. Now everything is working as expected. phew

                          My "Default allow LAN to any rule " looks now like this:

                           * LAN net * * * WAN
                          

                          For example if you want to route the client 192.168.1.5 through VPN you have to add the following line above the default rule:

                           * 192.168.1.5 * * * VPN
                          

                          I hope this helps and is no complete bullshit. I'm an absolute newbie to pfsense.

                          1 Reply Last reply Reply Quote 0
                          • E
                            ericab
                            last edited by

                            hi smirta;

                            these additional options are specific to windows only.
                            i would suggest removing them.

                            route-method exe
                            mssfix 1450

                            1 Reply Last reply Reply Quote 0
                            • S
                              smirta
                              last edited by

                              thanks for the input (and the great tutorial btw), eric. I'll have a closer look at the options

                              1 Reply Last reply Reply Quote 0
                              • C
                                cmb
                                last edited by

                                @smirta:

                                I hope this helps and is no complete bullshit. I'm an absolute newbie to pfsense.

                                That's ok for your typical home setup, but what you're actually doing there is overriding the fact that StrongVPN is pushing you a default route and modifying your firewall's routing table so it sends everything over the VPN (unless you override it with policy routing as you're doing). That will cause a number of issues with more advanced setups, as it's going to default to sending traffic initiated from the firewall out of the VPN which is usually going to be undesirable.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  smirta
                                  last edited by

                                  Thanks for your reply. As I updated to the latest snapshot everything became obsolete. You just have to follow the initial guide, disable the "automatic outbound NAT" (it will fill in the rules done so far) and modify the rules described as in my post above.

                                  1 Reply Last reply Reply Quote 0
                                  • Y
                                    yu130960
                                    last edited by

                                    @smirta:

                                    Thanks for your reply. As I updated to the latest snapshot everything became obsolete. You just have to follow the initial guide, disable the "automatic outbound NAT" (it will fill in the rules done so far) and modify the rules described as in my post above.

                                    I have come back after some time away, but this remains an issue for me.  Glad to hear that you have had some success, just wanted to get clarification on your current set up under the latest snapshot.  Which of the above posts should I look to to establish a strongvpn connection for only 1 specific internal IP with all the other IPs going through the default gateway.

                                    Thanks

                                    1 Reply Last reply Reply Quote 0
                                    • E
                                      ericab
                                      last edited by

                                      hi yu130960;

                                      A) go to Firewall –> Rules

                                      B) select the LAN tab.

                                      C) add a new rule with the following:

                                      D) click save and your done

                                      ***Edit
                                      ive fixed an error.

                                      1 Reply Last reply Reply Quote 0
                                      • Y
                                        yu130960
                                        last edited by

                                        Thanks post #1 and #15 solved my issue and I am up and running.

                                        I had to make the Rule to put the the target IP in the source box not the destination and then it worked.

                                        It took a while, but it is great to see it work.

                                        Thanks to all in the thread.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          Arisian
                                          last edited by

                                          Hey guys,

                                          I hate to drag this post out of the depths - it's better than starting a new thread when this is exactly the topic I need help w/, but I'm dying here.  I've been using pfsense boxes for about 4 years but that, by no means, should be read to suggest that I know what I'm doing.  I know very little, unfortunately and what I do know is probably wrong.

                                          I've followed this exact tutorial before w/ success, but I think some things have changed in recent releases causing me to…basically, have to make changes to things I don't really understand.  I am using 2.0-RC2 (i386) - Built on May 18th.

                                          Here's the basic situation.  I live in China and have 5 VPN accounts for business purposes as well as getting anything done here.  3 Are specifically for work in different locations and 2 are for play and backup.  One of those is an OpenVPN account w/ StrongVPN.

                                          My home network looks like the following:

                                          A pfsense box built around 5 nics, each separting an area in my home

                                          _**- 1 WAN Nic

                                          • 1 LAN Nic (my office computer)
                                          • 1 Wifi Nic, dedicated to a wireless router - DD-WRT
                                          • 1 Media - goes to my tv an entertainment system
                                          • 1 VOIP - use a voip phone/adapter for business.  DMZ'd basically…**_

                                          I know that seems like overkill, but I really like to dedicate the NICs to each work area/task and I can really see the separation when it comes to data usage - plus I like to keep track of what the Chinese government is doing to my network.

                                          My Media section of the house is really where Im dying.  I have an Xbox, AppleTV, Computer, Wii all attached to a Hub that all goes into the media nic.  Needless to say, to really be able to use these gaming and entertainment boxes, I really need these all to be connected to a VPN.  Thus this tutorial.  I'd like to keep the other segments off the VPN because I have PPTP accounts that I use for my 3 home computers that are much faster.

                                          So here's where I'm having issues.  I follow this tutorial to a T, get the VPN to connect, set up the firewall rule to pass the VPN data to the WAN data, just like is mentioned in the tutorial… and nothing!  I set the VPN up as a DHCP interface like the review asks for but I still get NOTHING across the board.  At the point I'm not even connected to the WAN.  I don't have any firewall rules infront of the VPN gateway rule.  I'm at a complete loss here after trying to fix this for the last 6 hours.

                                          I fear it has a lot to do w/ the NAT settings

                                          I've attached screenshots to my setup.  Just as an FYI, Im testing it out on the WIFI nic here, I've done the exact same setup on the LAN nic.  Also, under NAT, AON (Manual Outbound NAT rule generation) is on.

                                          Guys, I'd really appreciate some help with this  :).  Any thoughts on what I'm doing wrong?

                                          If I need to clarify anything, please let me know.  I tried to stuff what I could into this post, but its 1am here and Im sure I missed something

                                          Also, I can get the VPN to connect but I have to use BF-CBC(128-bit) encryption to make it work - id prefer no encryption since this really is just for a media center to get the US IP address so I can download games, watch netflix, etc.  Does anyone know how to do this… or could point me in the correct direction?

                                          Very much appreciate your help!!!
                                          http://www.brianhirschy.com/vpn/1.png
                                          http://www.brianhirschy.com/vpn/2.png
                                          http://www.brianhirschy.com/vpn/3.png
                                          http://www.brianhirschy.com/vpn/4.png




                                          1 Reply Last reply Reply Quote 0
                                          • E
                                            ericab
                                            last edited by

                                            hi Arisian;

                                            first, i see you mentioned your using a HUB on your MEDIA nic… if your really using a HUB, you should seriously consider updating to a switch, but...
                                            as for your vpn issue, can you go back to my tutorial and see the "edit - March 9 2011"  note at the bottom? i believe that will fix you right up; if not please report back and i or someone else will gladly assist you. (also check and make sure the strong vpn device is using TUN mode)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.