Problems with airVPN and pfsense
-
I am trying to switch from PIA to airVPN since I want to utilize port forwarding. I followed their handy guide posted here: https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/. It seems outdated, but still followed it.
The problem I am having is that it doesn't pull an IP address or connects to their servers. I have started from scratch after factory resetting my pfsense box, tried using a different port/server and still have had zero luck with it.
Here is the only part of the openvpn log that mentions any type of error, below it I have included the whole log (set to verbose -3)
Jan 4 19:53:17 openvpn[91144]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 4 19:53:17 openvpn[91144]: TLS Error: TLS handshake failed Jan 4 19:53:17 openvpn[91144]: TCP/UDP: Closing socket Jan 4 19:53:17 openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting Jan 4 19:53:17 openvpn[91144]: Restart pause, 2 second(s) Jan 4 19:53:19 openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 4 19:53:19 openvpn[91144]: Re-using SSL/TLS context Jan 4 19:53:19 openvpn[91144]: LZO compression initialized
Jan 4 19:53:14 openvpn[54725]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Jan 4 19:53:14 openvpn[54725]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 4 19:53:14 openvpn[54725]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Jan 4 19:53:14 openvpn[54725]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Jan 4 19:53:14 openvpn[54725]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Jan 4 19:53:14 openvpn[54725]: LZO compression initialized Jan 4 19:53:14 openvpn[54725]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] Jan 4 19:53:14 openvpn[54725]: Socket Buffers: R=[42080->65536] S=[57344->65536] Jan 4 19:53:14 openvpn[54725]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Jan 4 19:53:14 openvpn[54725]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Jan 4 19:53:14 openvpn[54725]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Jan 4 19:53:14 openvpn[54725]: Local Options hash (VER=V4): '9e7066d2' Jan 4 19:53:14 openvpn[54725]: Expected Remote Options hash (VER=V4): '162b04de' Jan 4 19:53:14 openvpn[54725]: UDPv4 link local (bound): [AF_INET]173.72.244.94 Jan 4 19:53:14 openvpn[54725]: UDPv4 link remote: [AF_INET]213.152.161.29:53 Jan 4 19:53:14 openvpn[54725]: TLS: Initial packet from [AF_INET]213.152.161.29:53, sid=af3505b5 50ad0605 Jan 4 19:53:14 openvpn[54725]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jan 4 19:53:15 openvpn[54725]: Validating certificate key usage Jan 4 19:53:15 openvpn[54725]: ++ Certificate has key usage 00a0, expects 00a0 Jan 4 19:53:15 openvpn[54725]: VERIFY KU OK Jan 4 19:53:15 openvpn[54725]: Validating certificate extended key usage Jan 4 19:53:15 openvpn[54725]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jan 4 19:53:15 openvpn[54725]: VERIFY EKU OK Jan 4 19:53:15 openvpn[54725]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Jan 4 19:53:17 openvpn[91144]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 4 19:53:17 openvpn[91144]: TLS Error: TLS handshake failed Jan 4 19:53:17 openvpn[91144]: TCP/UDP: Closing socket Jan 4 19:53:17 openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting Jan 4 19:53:17 openvpn[91144]: Restart pause, 2 second(s) Jan 4 19:53:19 openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 4 19:53:19 openvpn[91144]: Re-using SSL/TLS context Jan 4 19:53:19 openvpn[91144]: LZO compression initialized Jan 4 19:53:19 openvpn[91144]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] Jan 4 19:53:19 openvpn[91144]: Socket Buffers: R=[42080->65536] S=[57344->65536] Jan 4 19:53:19 openvpn[91144]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Jan 4 19:53:19 openvpn[91144]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Jan 4 19:53:19 openvpn[91144]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Jan 4 19:53:19 openvpn[91144]: Local Options hash (VER=V4): '9e7066d2' Jan 4 19:53:19 openvpn[91144]: Expected Remote Options hash (VER=V4): '162b04de' Jan 4 19:53:19 openvpn[91144]: UDPv4 link local (bound): [AF_INET]173.72.244.94 Jan 4 19:53:19 openvpn[91144]: UDPv4 link remote: [AF_INET]199.19.94.12:443 Jan 4 19:53:19 openvpn[91144]: TLS: Initial packet from [AF_INET]199.19.94.12:443, sid=9de92ce2 6eb6bcbf Jan 4 19:53:20 openvpn[91144]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Jan 4 19:53:20 openvpn[91144]: Validating certificate key usage Jan 4 19:53:20 openvpn[91144]: ++ Certificate has key usage 00a0, expects 00a0 Jan 4 19:53:20 openvpn[91144]: VERIFY KU OK Jan 4 19:53:20 openvpn[91144]: Validating certificate extended key usage Jan 4 19:53:20 openvpn[91144]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Jan 4 19:53:20 openvpn[91144]: VERIFY EKU OK Jan 4 19:53:20 openvpn[91144]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Any recommendations?
Thank you
-
It doesn't look like you're pulling in routes. You need to either add them in manually or uncheck "Don't pull routes" & "Don't add/remove routes" in the OpenVPN client config section.
AirVPN has an updated version on forum for 2.3 but I couldn't get it to work. Also I don't agree with all the settings he has.
-
I followed the 2.3 guide without any problems: https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
although i'm not sure if i followed it to the letter, i manually entered the nat rules and my own firewall without the guide, but it worked without a problem. I have the option 'don't add and remove routes automatically' unchecked.If you show me you're settings i'll see if i can help.
-
@apollo17 Is your pfSense an ARM Box or PC Build? I can't get it working on my SG-2100.
My AirVPN posting How To Set Up pfSense+ for AirVPN.