How to create an OpenVPN client to StrongVPN
-
Got this working with AirVPN. All the steps are pretty much the same with the important exception: Make sure to UNcheck the "Enable authentication of TLS packets." box under "Cryptographic Settings". Otherwise you'll get the "WARNING: No server certificate verification method has been enabled" errors in the OpenVPN log and the tunnel will not come up.
Here are options that I used under the VPN => OpenVPN => Client => Advanced configuration box
keysize 256;ns-cert-type server;verb 3;explicit-exit-notify 5;redirect-gateway def1; -
While I've written a howto on how to implement StrongVPN with Pfsense (that actually works), I thought it would be interesting reading to take a look at Amazon's free tier. I like StrongVPN, but the reality is why pay for something you can get for free?
Check it out: http://swimminginthought.com/201204amazons-free-tier-personal-vpn-server/
Getting a VPN for free for one year isn't a bad deal considering you control both ends of the pipe. You're guaranteed to know whether or not you're having any ports blocked (you choose). Just a thought.
My posting for employing strongvpn via pfsense is still at: http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/
It works flawlessly by the way. Over 30+ happy customers that I've personally set up.
-
I have to agree with the previous posts that something is weird.
I was using PFsense and strongvpn for over a year and successfully upgraded to the latest 2.01.
However when I changed servers I did a factory reset and have never been able to get the traffic to pass through again. It acutally locks up PFsense and it does not pass internet traffic on aspects of the Lan.
I have spent two days trying to figure it out and even did a restore to the old settings and simply changed out the certificates and other server info to address the new open vpn server and it still does not work.
-
Since StrongVPN has changed their set up Again.. Here's the updated link on how to get it working: http://swimminginthought.com/update-strongvpn-pfsense-working-file-config/
Works perfectly.. tested.. etc.
-
Since StrongVPN has changed their set up Again.. Here's the updated link on how to get it working: http://swimminginthought.com/update-strongvpn-pfsense-working-file-config/
Works perfectly.. tested.. etc.
what did they change ?
-
I honestly have no idea. I found it interesting that they don't support AES encryption in my latest round of helping someone get their vpn up. So it's basically easy to break via Deep Packet Inspection tech. Essentially, no security of privacy in my eyes.
-
i saw they support AES-256-CBC in their 'ultra-secure config' in their vpn summary pannel.
Also, 1 question.
I managed to have strongvpn to work, but now pfsense in 'unable to check for update' on the dashboard (using beta 2.1).
this is my oopenvpn option : verb 5;tun-mtu 1500; route-delay 2;explicit-exit-notify 2;fragment 1390;key-direction 1;
and i've put 2 manual dns server in the general config, and disabled Allow DNS server list to be overridden by DHCP/PPP on WAN.
but i see ovpn has created a route 0.0.0.0 to strongvpn. Do you guys think it might be my issue ? And i have to manage to remove this route ?
edit : config issue, now working after a reboot :)
-
Just my personal opinion, but I don't see the purpose of charging extra for encryption that works, although, they are a business and AES is 14 levels deep when it comes to AES 128. So it is more CPU intensive and any business deserves to make money. I am, however, using an Amazon Free Tier OpenVPN server that does it just fine. All incoming traffic is free so unless you're doing tons of outbound (even then it's only .12 per Gigabyte), it's still a bargain.
If you take a look at your upstream bandwidth and calculate it out to what you can maximally push over the month, you'll realize it's VERY cheap.
Cheers.
Percy
http://swimminginthought.com/free-server-it/ -
I followed your tutorial to a tee and it didn't work. StrongVPN's tech support wasn't much of a help. After much experimentation, I got it working. I made a step by step post on it: http://www.swimminginthought.com/2012/02/15/netflix-and-isp-throttling-bypassed-by-vpn-solved/
Something must have changed in 2.0.1
Thank you for your detailed tutorial :)
-
To those that have read through the thread you can see that I have been working and at times struggling with this set up for some time.
I had to do a factory reset on pfsense after trying some betas and was having trouble.
It seems that I have pinpointed my problems with the default routing not always taking hold. In the rules I have set the default Lan rule to explicitly state the WAN rather than default routing gateway and also turned on LZO compression with the following settings
verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;comp-lzo adaptive;
-
Hi everyone,
I followed part of this tutorial to set-up a working VPN connection to vpntunnel.com. It works like a charm, and i'm able to redirect certain LAN ip through the VPN, while all others goes to the normal route.
As all the traffic reaching the VPN ip is redirected to the box, i tried to build some firewall rules to block traffic coming from the VPN and going to certain port (like the ssh port and the http port). I added 2 rules in the appropriate firewall rules tab (the tab dedicated to the VPN connection) to drop any tcp packet hitting port 22 or port 80. But this had no effect, even after a reboot.
Am i doing this right ? Has someone already tried this ?
(I'm using version 2.1-BETA0 (i386)built on Tue Dec 4 21:53:03 EST 2012)
-
Ok, the solution to my problem lies within the 'floating' rules. It's where the block rules are to be set. Now it works perfectly.
-
Hi everyone,
I followed part of this tutorial to set-up a working VPN connection to vpntunnel.com. It works like a charm, and i'm able to redirect certain LAN ip through the VPN, while all others goes to the normal route.
(I'm using version 2.1-BETA0 (i386)built on Tue Dec 4 21:53:03 EST 2012)
How do you manage to redirect certain LAN IPs through the VPN and others through the normal WAN?
-
For version 2.1:
In Firewall->Rules->LAN you simply add a rule where source is your LAN IP, DESTINATION is * and in advance features, you set the Gateway to the VPN.
Be careful to look what is the default gateway, as it might have become the VPN.
Be also careful that the rules work as 'first match applies', so as long as a rule doesn't match, it'll look at the next one down.
Also, if the VPN is down, packet might be routed through the default gateway (and you might not want that), be sure to set up rules correctlyI hope it helps.
-
;D ;D ;D ;D Working… thanks guys
-
After reading/experimenting with OpenVPN + AirVPN my doubt is: is my internal LAN exposed to Internet if i change the "Firewall Rules" according to the first (original) post?
For VPN to work, I thought it was sufficient to set manual NAT rules. Touching firewall rules seems overkill to me.
-
panz;
the firewall rule is required as it route OUTGOING traffic through your newly established gateway.
it is an OUTGOING rule only.remember; every interface on pfSense's default rule is to block everything, unless otherwise specified, which in this case allows outgoing traffic, AND forces it through the VPN.
-
This seems quite strange to me, because my setup is perfectly working without setting that firewall rule; LAN clients browse the Internet just enabling manual NAT. Am I doing something wrong? ???
-
so if i understand this right.. there is no way to get strongvpn to work anymore?
or is there Another guide to follow?
-
so if i understand this right.. there is no way to get strongvpn to work anymore?
or is there Another guide to follow?
tjabas,
what isnt working anymore for you ?
