Setting up OpenVPN with ExpressVPN
-
If its not working. You can try PureVPN.
Setup guide link https://support.purevpn.com/openvpn-manual-setup-guide
It actually works. I'm just optimizing the settings.
-
Any help here guys?
Can you explain why choosing "no hardware crypto" uses AES-NI automatically if the CPU supports it? Do you still have to enable AES-NI under System -> Advanced -> Misc. for this to happen or what?
-
Any help here guys?
Can you explain why choosing "no hardware crypto" uses AES-NI automatically if the CPU supports it? Do you still have to enable AES-NI under System -> Advanced -> Misc. for this to happen or what?
here something about hardware crypto in openvpn
https://forum.pfsense.org/index.php?topic=115627.msg646409#msg646409 -
Any help here guys?
Can you explain why choosing "no hardware crypto" uses AES-NI automatically if the CPU supports it? Do you still have to enable AES-NI under System -> Advanced -> Misc. for this to happen or what?
here something about hardware crypto in openvpn
https://forum.pfsense.org/index.php?topic=115627.msg646409#msg646409Thanks.
Also, is there a way to test the throughput of my OpenVPN clients in hopes of comparing which is better? I'm trying out ExpressVPN and Buffered VPN right now as a way to access US-based NetFlix content and I'm hoping I can isolate which one is best.
-
go to fast.com using your vpn connection.. Powered by netflix..
-
go to fast.com using your vpn connection.. Powered by netflix..
Yeah, that's what I'm doing but I was hoping for a command line speed test but no worries.
I was reading up on the openvpn custom options and came about this article: https://blog.hambier.lu/post/solving-openvpn-mtu-issues wherein it was suggested that "fragment 1300" be removed and set "mssfix" to 1300 initially. When I do that, I get this error in the openvpn logs:
Bad LZO decompression header byte: 0
fragment 1300 and mssfix 1450 are in the opvpn file provided by expressvpn that's why I put them there.
-
Is it recommended to change the "firewall optimization options" to conservative when using a vpn? The thing is that I'm using policy-based routing so I'm worried that if I change this setting all traffic will be negatively impacted (not just the ones destined through the VPN tunnel).
EDIT:
Also, what is really the difference between the openvpn client options "Don't pull routes" and "Don't add/remove routes"? Here is an excerpt from the openvpn website:
–route-noexec -> this is the "don't add/remove routes" option
Don't add or remove routes automatically. Instead pass routes to --route-up script using environmental variables.--route-nopull -> this is the "don't pull routes" option
When used with --client or --pull, accept options pushed by server EXCEPT for routes and dhcp options like DNS servers. When used on the client, this option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface. -
Any help please?
-
You can check the Offical website of ExpressVPN and they have define all this information. https://www.expressvpn.com/support/vpn-setup/manual-config-for-windows-xp-vista-7-8-with-openvpn/
-
You can check the Offical website of ExpressVPN and they have define all this information. https://www.expressvpn.com/support/vpn-setup/manual-config-for-windows-xp-vista-7-8-with-openvpn/
No, they don't. Pfsense as a firewall is not "officially" supported by ExpressVPN and so there's no manual there. Like I said, my connection to them is working just fine. I'm just optimizing it. If you read my previous post with the pending questions and try to find the answers to my questions on the site you linked, I'm not sure you'll find any. I don't even see route-noexec and route-nopull anywhere in that page.
-
or you can also configure OpenVPN with PureVPN. Here is the manual setup guide https://support.purevpn.com/openvpn-manual-setup-guide
-
or you can also configure OpenVPN with PureVPN. Here is the manual setup guide https://support.purevpn.com/openvpn-manual-setup-guide
I appreciate the help but I feel like we're going around in circles here. Like I mentioned multiple times now, I don't need a guide for configuring openvpn as I already have it working with expressvpn. I just need to know the answers to my specific questions quoted below:
Is it recommended to change the "firewall optimization options" to conservative when using a vpn? The thing is that I'm using policy-based routing so I'm worried that if I change this setting all traffic will be negatively impacted (not just the ones destined through the VPN tunnel).
EDIT:
Also, what is really the difference between the openvpn client options "Don't pull routes" and "Don't add/remove routes"? Here is an excerpt from the openvpn website:
–route-noexec -> this is the "don't add/remove routes" option
Don't add or remove routes automatically. Instead pass routes to --route-up script using environmental variables.--route-nopull -> this is the "don't pull routes" option
When used with --client or --pull, accept options pushed by server EXCEPT for routes and dhcp options like DNS servers. When used on the client, this option effectively bars the server from adding routes to the client's routing table, however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface. -
Did you figure out or get answers.
I previously had expressvpn working with 3 client locations in a gateway failover configuration with opnsense 16.7.9.
gateway monitoring was working fine with google dns servers
After the system upgraded to 16.7.10, i decided to move to pfsense think there was more support and user base, but haven't found it yet.I have the issue like you. 3x vpn clients, gateway config - getting offline due to 50% errors when using opendns or google dns servers as the monitoring addresses.
It seems to be ExpressVPN not passing ICMP as best as i can tell. If i traceroute from ubuntu it goes through without error, but if i traceroute with "-I" or from windows I get request timeouts at the same spots where i get packet loss using dpinger from the command line on pfsense.
