OpenVPN with PureVPN using Interface
-
If you would like to try, here are the custom options I used to connect to PureVPN:
mute 20;
auth-retry interact;
explicit-exit-notify 2;
ifconfig-nowarn;
tls-client;
persist-key;
persist-tun;
remote-cert-tls server;
auth-nocache;
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA;
keysize 256;
fast-io;
sndbuf 524288;
rcvbuf 524288 -
Thanks for the suggestion. I've put them in and the tunnel comes up fine, but the act of doing it seems to cause the issue as well. My Interface IP sticks to the old one and the tunnel has a new one. So it doesn't give me much hope the issue won't reoccur when the tunnel IP changes naturally.
Is there a better way to do it other than assigning it to an interface? Are you routing certain devices through the tunnel or all of them?
I guess, to be more specific on the terminology… In the OpenVPN status. The Remote Host IP does update, but the Virtual Address does not.
-
Thanks for the suggestion. I've put them in and the tunnel comes up fine, but the act of doing it seems to cause the issue as well. My Interface IP sticks to the old one and the tunnel has a new one. So it doesn't give me much hope the issue won't reoccur when the tunnel IP changes naturally.
Is there a better way to do it other than assigning it to an interface? Are you routing certain devices through the tunnel or all of them?
I guess, to be more specific on the terminology… In the OpenVPN status. The Remote Host IP does update, but the Virtual Address does not.
Are you saying that if you stop the service from Status> OpenVPN and you re-enable it after a while, the virtual address does not change?
-
If I manually stop it, give it some time, and then start it again, it does pick up a new Virtual Address on the correct subnet. That is how I fix the issue when it happens.
The issue seems to be when it negotiates a new IP without a service stop/start. The Remote Host Ip changes, but the Virtual Address does not. Meaning they are on different subnets and can't route anything. It's happened 3 times so far in the past week or so.
-
From the last four weeks I'm using two PureVPN connections to two different countries and I have never had this kind of problem.
Honestly I don't know what it may be due. Have you tried to connect to different servers?
As for your question about the assigning to an interface, I don't know any other method.
We should wait for a forum's guru. -
Did you try Reply #1
-
I apologize with Pippin, I didn't realize that suggested options have the "persist-tun" parameter.
-
Did you try Reply #1
As I said, there were no custom options at all to begin with. I'm not exactly sure how to try it.
-
Ok, I looked at their config given in above link
https://support.purevpn.com/pfsense-openvpn-configuration-guide
and it has persist-tun in it.Just remove it from the config and see if it helps.
-
I must admit I am confused. Remove persist-tun from what config? The only things in my OpenVPN setup are the certs/key, server name, UDP port 53, and my username/pass.
If you are refering to the files downloaded for the cert and whatnot, the only thing used from the opvn file is the server name, as per that setup document. I do see that it has persist tun in there, but there are no custom settings in mysetup as the guide did not refernce using anything but the server name for a pfsense setup.
-
I see (now :))
Probably the config is stored in /var/etc somewhere.
Try to find it and see if persist-tun is in it.
