Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN with PureVPN using Interface

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lordstag
      last edited by

      Would that be in the custom options?

      Aside from the certificates and the private key there are no non default options for this connection. UDP on port 53, the server name, and my user/pass.

      I mostly followed this:
      https://support.purevpn.com/pfsense-openvpn-configuration-guide

      It's a little outdated just based on pfsense version… I also added some outgoing NAT and assigned the tunnel to an interface. Other than that there really isn't much of a config for the connection.

      Are there custom options I should be using to not have the persistent tunnel?

      1 Reply Last reply Reply Quote 0
      • M
        mauroman33
        last edited by

        If you would like to try, here are the custom options I used to connect to PureVPN:

        mute 20;
        auth-retry interact;
        explicit-exit-notify 2;
        ifconfig-nowarn;
        tls-client;
        persist-key;
        persist-tun;
        remote-cert-tls server;
        auth-nocache;
        tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA;
        keysize 256;
        fast-io;
        sndbuf 524288;
        rcvbuf 524288

        1 Reply Last reply Reply Quote 0
        • L
          lordstag
          last edited by

          Thanks for the suggestion. I've put them in and the tunnel comes up fine, but the act of doing it seems to cause the issue as well. My Interface IP sticks to the old one and the tunnel has a new one. So it doesn't give me much hope the issue won't reoccur when the tunnel IP changes naturally.

          Is there a better way to do it other than assigning it to an interface? Are you routing certain devices through the tunnel or all of them?

          I guess, to be more specific on the terminology… In the OpenVPN status. The Remote Host IP does update, but the Virtual Address does not.

          1 Reply Last reply Reply Quote 0
          • M
            mauroman33
            last edited by

            @lordstag:

            Thanks for the suggestion. I've put them in and the tunnel comes up fine, but the act of doing it seems to cause the issue as well. My Interface IP sticks to the old one and the tunnel has a new one. So it doesn't give me much hope the issue won't reoccur when the tunnel IP changes naturally.

            Is there a better way to do it other than assigning it to an interface? Are you routing certain devices through the tunnel or all of them?

            I guess, to be more specific on the terminology… In the OpenVPN status. The Remote Host IP does update, but the Virtual Address does not.

            Are you saying that if you stop the service from Status> OpenVPN and you re-enable it after a while, the virtual address does not change?

            1 Reply Last reply Reply Quote 0
            • L
              lordstag
              last edited by

              If I manually stop it, give it some time, and then start it again, it does pick up a new Virtual Address on the correct subnet. That is how I fix the issue when it happens.

              The issue seems to be when it negotiates a new IP without a service stop/start. The Remote Host Ip changes, but the Virtual Address does not. Meaning they are on different subnets and can't route anything. It's happened 3 times so far in the past week or so.

              1 Reply Last reply Reply Quote 0
              • M
                mauroman33
                last edited by

                From the last four weeks I'm using two PureVPN connections to two different countries and I have never had this kind of problem.
                Honestly I don't know what it may be due. Have you tried to connect to different servers?
                As for your question about the assigning to an interface, I don't know any other method.
                We should wait for a forum's guru.

                1 Reply Last reply Reply Quote 0
                • PippinP
                  Pippin
                  last edited by

                  Did you try Reply #1

                  I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                  Halton Arp

                  1 Reply Last reply Reply Quote 0
                  • M
                    mauroman33
                    last edited by

                    I apologize with Pippin, I didn't realize that suggested options have the "persist-tun" parameter.

                    1 Reply Last reply Reply Quote 0
                    • L
                      lordstag
                      last edited by

                      @Pippin:

                      Did you try Reply #1

                      As I said, there were no custom options at all to begin with. I'm not exactly sure how to try it.

                      1 Reply Last reply Reply Quote 0
                      • PippinP
                        Pippin
                        last edited by

                        Ok, I looked at their config given in above link
                        https://support.purevpn.com/pfsense-openvpn-configuration-guide
                        and it has persist-tun in it.

                        Just remove it from the config and see if it helps.

                        I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                        Halton Arp

                        1 Reply Last reply Reply Quote 0
                        • L
                          lordstag
                          last edited by

                          I must admit I am confused. Remove persist-tun from what config? The only things in my OpenVPN setup are the certs/key, server name, UDP port 53, and my username/pass.

                          If you are refering to the files downloaded for the cert and whatnot, the only thing used from the opvn file is the server name, as per that setup document. I do see that it has persist tun in there, but there are no custom settings in mysetup as the guide did not refernce using anything but the server name for a pfsense setup.

                          1 Reply Last reply Reply Quote 0
                          • PippinP
                            Pippin
                            last edited by

                            I see (now :))

                            Probably the config is stored in /var/etc somewhere.
                            Try to find it and see if persist-tun is in it.

                            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                            Halton Arp

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.