Cant surf
-
Hey guys. Can I get some more help with this? If you need more info let me know what you need and I'll provide it.
I have contacted StrongVPN but they are not much help as they dont really support pfsense and because I am able to surf when using the strongvpn windows client so they say it must be a problem with pfsense not their settings.As you can see from my log, I can connect to the strongvpn server but am unable to surf when openvpn is running. If I stop openvpn, I can surf again.
Any help is appreciated.
-
I have contacted StrongVPN but they are not much help as they dont really support pfsense and because I am able to surf when using the strongvpn windows client so they say it must be a problem with pfsense not their settings.
This in itself would be enough reason for me to ditch them right away. This is the usual 'blame somebody else, not us'.
Ask them if they own the hardware (actually bought the stuff) in their own data center (actually pay rent for the building), or are simply renting it on a monthly basis, via their paypal account, from their attic ;) :P ;D
It's too easy to blame pfSense for everything :)
-
If I could not surf while logged in via the windows app I would agree, but since it does work via the app, it makes me think the issue is pfsense.
I did have this working a few months ago but I think it stopped after I upgraded to 2.1.5.
Couple of other points;
If I look at the dashboard, it does show "You are on the latest version" which I believe means it does have a working internet connection.
In the previous version of pfsense, under firewall rules/source, I would select lan subnet. That option is not in the new version. It only shows lan net or lan address. Which do I use?
Thanks for your help
-
If I could not surf while logged in via the windows app I would agree, but since it does work via the app, it makes me think the issue is pfsense.
As Robert The Niro said in 'Heat' (marvelous movie, btw, it's in my all time favourite top 10 list, right after 'The Godfather' trilogy and Schindler's List ;D ):
'There's a flip side to that coin'.
The fact that you are able to run this from you desktop, using proprietary software (what's in there to make it show all green lights when you connect to their server?), does not mean they have their servers configured right to withstand the test of having your router, with the real OpenVPN, connect to it succesfully.
Don't get me wrong, I don't mean any disrespect towards you, I know you are only sincerely struggling to get it to work ( ;) ), but if it works with their 'secret software', but doesn't work with the open source OpenVPN and they refuse to help you and instead point you to their 'secret software', I get suspicous.
I've been there myself: 1001 attic-rented VPS servers-paypal-by-the-month-crooks who don't know sh*t and were only there to rip customers like you and me from my money, blaming pfSense for stuff it surely wasn't to blame for. Because they appeared to know not the least of VPN's in the first place.
Just the other day, I was having a 'group' conversation, via email, with the three OpenVPN services I currently use; each of them work flawlessly with pfSense (Thanks CMB, for helping me with only one sentence of yours on fixing my problems :-* :-* ), however, there are performance differences. It is actually quite interesting to see tech's from these three different services exchange highly technical arguments to eachother: it shows they really know what they are actually doing.
I did have this working a few months ago but I think it stopped after I upgraded to 2.1.5.
Couple of other points;
If I look at the dashboard, it does show "You are on the latest version" which I believe means it does have a working internet connection.
That tells you not much about your VPN (since, unless you hacked and tweaked things I wouldn't even know how to do (I'm sure it's possible, but I'm a noob ;D ), your pfSense normally goes out on the default gateway (your WAN, so not the VPN interface), to check for updates).
In the previous version of pfsense, under firewall rules/source, I would select lan subnet. That option is not in the new version. It only shows lan net or lan address. Which do I use?
LAN net = LAN subnet (e.g. all your clients in LAN, so by default desktop on 192.168.1.10, other desktop on 1.11, etc).
LAN address is the adress of your gateway, so typically 192.168.1.1, the address of pfSense itself.
My final thoughts: go to privateinternetaccess, and buy a one month subscription (it's only a few dollars). Set that up (there is an excellent tutorial, search for 'PIA' or 'privateinternetaccess' on this forum, and you will find it. DON'T mess with Snort (thanks again, CMB :-* - Bill: I will contact you about this - Snort is killing my VPN by one of it's rules, and I don't know which rule it is; you are a Master, so I don't blame you (of course not ;D ), I simply need to report it to you to see if you could perhaps see what is wrong :-* ).
Bottom line: If PIA works, then OpenVPN works (hint: PIA works, I know, as I am using it ;) ).
-
I may have to try that but before I hand my credit card out to another provider, is there any other trouble shooting you can suggest for my pfsense configuration?
Thanks
-
Just a comment to these vpn providers – I really don't get why anyone uses them. You can get a vps for pennies. You don't need a lot of umph to provide vpn. If its just for you.. You get a vps, I have a couple with different providers for $12 a year, and $15 a year. And found one the other day someone recommended for $6 a YEAR!!
Here is the $6 a year one https://bandwagonhost.com/cart.php the micro-128, 300GB a month transfer
I have accounts with http://www.chicagovps.net/ $12 a year and 2 with http://buyvm.net/ at $15 a year.. You add these all up and they are still cheaper than most "vpn" providers ;) From what I have seen playing with the new one - prob let the other ones expire and move over to the $6 a year host.. Shoot for what I need the $4 a year micro-64 might work ;) But its only 100GB a month.Click click - you can install openvpnas package that gives you 2 free concurrent connections and away you go! I was working on a guide, doing this but got a bit side tracked. Need to complete that. I had the vpn up and running in less than 15 min total.. and that was with changing the vps from centos to ubuntu 14.04 minimal, etc..
Or you can install the full blown openvpn server free version and go to town. What is it that this vpn provider is giving you can not get by just going with your own vps? In whatever country you want/need. With the low cost ones you could get multiple and still be way cheaper than these providers..
-
John, I have actually started looking into a vps. If you have a guide on how to set one up that would be great.
Thanks for the links. Much appreciated!
-
I had started one.. But there was visual annoyance for me with the gateway widget and it creating gateway couldn't get rid of.. Then got side tracked ;) But I think the latest snaps fix up the gateway widget ;)
When I get a chance I will finish it up and can post here or send to you.
-
I had started one.. But there was visual annoyance for me with the gateway widget and it creating gateway couldn't get rid of.. Then got side tracked ;) But I think the latest snaps fix up the gateway widget ;)
When I get a chance I will finish it up and can post here or send to you.
I'd be most interested to see such a guide too, John :-*
On the providers you posted: how is their speed and reliability? I mean, for those prices, 'something's got to give', so to speak, not?
I mean, I get 100/15 over PIA; I'd assume these providers can't do that?
-
Ok,. I have done some more tinkering and could use some more help.
I installed dd-wrt x86 on the same PC and am able to get openvpn connected and surf so this seems to be an issue with my pfsense configuration. I also noticed when I still had pfsense running that the VPN gateway status was offline.
Whether I use strongvpn or a vps this will be an issue if I stay with pfsense so I would like to get this solved.
If there is any other info needed please let me know.
Thanks
-
johnpoz - I tunnel every last packet back to the USA.
With the VPS(s) you posted, what sorts of data limits might I run into?
-
So this does not morph into a vps thread, please start a new post to discuss vps'.
Thanks