Need Help getting VPN software throw network
-
There is no network layout below. And what VPN software is she running? What is the vpn protocol, is it ssl based, ipsec, l2tp, pptp, what?
Thanks for your reply its called pureVPN.
In the software it has: Automatic, PPTP, L2TP, SSTP, IKEV, TCP, UDP, StealthVPN.Image of network link is here: http://i380.photobucket.com/albums/oo241/SprinterOz/pfsense_on_NBN_Australia.jpg
-
While I can get to i380.photobucket.com that image is not working..
your going to need to post the log of the connection attempts as well - see the log of my openvpn connection I just made through pfsense.
-
Sorry the image don't work for you funny thing is i can see it oh well…
Feb 10 21:43:54 openvpn 10454 Connection reset, restarting [0] Feb 10 21:43:54 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting Feb 10 21:43:59 openvpn 10454 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 10 21:43:59 openvpn 10454 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 10 21:43:59 openvpn 10454 Attempting to establish TCP connection with [AF_INET]188.72.101.126:80 [nonblock] Feb 10 21:44:00 openvpn 10454 TCP connection established with [AF_INET]188.72.101.126:80 Feb 10 21:44:00 openvpn 10454 TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX Feb 10 21:44:00 openvpn 10454 TCPv4_CLIENT link remote: [AF_INET]188.72.101.126:80 Feb 10 21:44:00 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:00 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting Feb 10 21:44:05 openvpn 10454 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 10 21:44:05 openvpn 10454 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 10 21:44:05 openvpn 10454 Attempting to establish TCP connection with [AF_INET]188.72.101.126:80 [nonblock] Feb 10 21:44:06 openvpn 10454 TCP connection established with [AF_INET]188.72.101.126:80 Feb 10 21:44:06 openvpn 10454 TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX Feb 10 21:44:06 openvpn 10454 TCPv4_CLIENT link remote: [AF_INET]188.72.101.126:80 Feb 10 21:44:07 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:07 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting Feb 10 21:44:12 openvpn 10454 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 10 21:44:12 openvpn 10454 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 10 21:44:12 openvpn 10454 Attempting to establish TCP connection with [AF_INET]188.72.101.126:80 [nonblock] Feb 10 21:44:13 openvpn 10454 TCP connection established with [AF_INET]188.72.101.126:80 Feb 10 21:44:13 openvpn 10454 TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX Feb 10 21:44:13 openvpn 10454 TCPv4_CLIENT link remote: [AF_INET]188.72.101.126:80 Feb 10 21:44:13 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:13 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting Feb 10 21:44:18 openvpn 10454 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 10 21:44:18 openvpn 10454 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 10 21:44:18 openvpn 10454 Attempting to establish TCP connection with [AF_INET]188.72.101.126:80 [nonblock] Feb 10 21:44:19 openvpn 10454 TCP connection established with [AF_INET]188.72.101.126:80 Feb 10 21:44:19 openvpn 10454 TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX Feb 10 21:44:19 openvpn 10454 TCPv4_CLIENT link remote: [AF_INET]188.72.101.126:80 Feb 10 21:44:20 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:20 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting Feb 10 21:44:25 openvpn 10454 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 10 21:44:25 openvpn 10454 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 10 21:44:25 openvpn 10454 Attempting to establish TCP connection with [AF_INET]188.72.101.126:80 [nonblock] Feb 10 21:44:26 openvpn 10454 TCP connection established with [AF_INET]188.72.101.126:80 Feb 10 21:44:26 openvpn 10454 TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX Feb 10 21:44:26 openvpn 10454 TCPv4_CLIENT link remote: [AF_INET]188.72.101.126:80 Feb 10 21:44:26 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:26 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting Feb 10 21:44:28 openvpn 10454 SIGTERM[hard,init_instance] received, process exiting Feb 10 21:44:42 openvpn 65388 event_wait : Interrupted system call (code=4) Feb 10 21:44:42 openvpn 65388 /sbin/route delete -net 179.61.246.3 61.69.91.85 255.255.255.255 Feb 10 21:44:42 openvpn 65388 /sbin/route delete -net 0.0.0.0 179.61.246.129 128.0.0.0 Feb 10 21:44:42 openvpn 65388 /sbin/route delete -net 128.0.0.0 179.61.246.129 128.0.0.0 Feb 10 21:44:42 openvpn 65388 Closing TUN/TAP interface Feb 10 21:44:42 openvpn 65388 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1558 179.61.246.132 255.255.255.192 init Feb 10 21:44:42 openvpn 65388 SIGTERM[hard,] received, process exiting
I changed my static ip to XX.XX.XX.XX
That is from when i tried to get TCP and UDP setup on openVPN but only UDP would show up stream green arrow but TCP would not connect. Also little long the UDP connected it would not let traffic throw the network
Without details its impossible to try and help you other than point to PEBKAC as your problem.. Which most likely is it anyway ;)
LOL your most likely right there :P
As for other setting, I will set it up to what ever works… if you know of a way to do this, that would be great, but I'm still learning pfsense and I have a lot to learn.Only other settings I have done is with pfBlockerNG https://forum.pfsense.org/index.php?topic=124997.msg690735#msg690735
Tut I did to set it up openVPN https://support.purevpn.com/pfsense-openvpn-configuration-guide But really this is no good to me as the Netflix she wants to watch will only work throw the software they provide, so openVPN is not my goal here its just to let the software throw. I have disabled pfBlockerNG but that did not let the software VPN throw. -
Why are you hiding this???
TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX
is your local IP not rfc1918, ie 192.168.x.x, 10.x.x.x, 172.16-31.x.x ?
You sure you want to connect to port 80 for your vpn connection?
TCP connection established with [AF_INET]188.72.101.126:80
Your connection is being reset.
Feb 10 21:44:00 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:00 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting
I would think the server is disconnecting you from that error.. You could up the verb level and see if you can glean more info from the connection log. But UDP would normally be what you want for your vpn connection vs tcp..
-
Why are you hiding this???
TCPv4_CLIENT link local (bound): [AF_INET]XX.XX.XX.XX
is your local IP not rfc1918, ie 192.168.x.x, 10.x.x.x, 172.16-31.x.x ?
You sure you want to connect to port 80 for your vpn connection?
TCP connection established with [AF_INET]188.72.101.126:80
Your connection is being reset.
Feb 10 21:44:00 openvpn 10454 Connection reset, restarting [0] Feb 10 21:44:00 openvpn 10454 SIGUSR1[soft,connection-reset] received, process restarting
I would think the server is disconnecting you from that error.. You could up the verb level and see if you can glean more info from the connection log. But UDP would normally be what you want for your vpn connection vs tcp..
No my network is on NBN it has no IP assigned it is fiber to wireless 50/20mb I do not have a single port routor that will do IPv6 at the moment only pfsense allows me to use it.
image of my network you could not see before to help explain.
-
Is the VPN traffic passing two firewalls, I can see two on the diagram is her device the notebook ?
It could be a double NAT issue.
-
"No my network is on NBN it has no IP assigned"
So your client is getting a public IP? How exactly is that routing through pfsense? Your on a transit network, you have pfsense setup as a bridge?
-
Is the VPN traffic passing two firewalls, I can see two on the diagram is her device the notebook ?
It could be a double NAT issue.
I have the Dual WAN router static for each WAN nic to the pfsence with DCHP Lan enabled should I disable DHCP on Lan?
Yeah her pc is the notebook."No my network is on NBN it has no IP assigned"
So your client is getting a public IP? How exactly is that routing through pfsense? Your on a transit network, you have pfsense setup as a bridge?
Sorry I should of said, it dose not hook up to DHCP auto IP assign. I have to connect by static connections as its a business line. I have my own IP and mask also the NBN termination point is a basic router you could say, it just routes signal to 4 other ports like a switch. Them 3 other ports are enabled Only if I have "more then one internet provider or account with the provider I already have" In total it can have up to 4 different providers and run at 50/20mb each so if I was to have all 4 ports active it would be 200/80mb Max line speed. To obtain this full speed of all 4 ports I would have to use a Load Balance Broadband Router like a TP-Link/ TL-R470T+ to bring it back to one line with all 4 ports on the NBN termination point in load balance. http://www.tplink.com/ie/products/details/?model=TL-R470T%2B Or I could buy a 4 port pci-e Nic and do it that way, But this is going off topic.
Fixed NBN wireless explained: http://www.nbnco.com.au/learn-about-the-nbn/network-technology/fixed-wireless-explained.html
-
Some VPN protocols struggle with a double NAT.
Does it work if you connect the laptop directly to one of the pfSense LAN ports ?
Wouldn't you just be better off ditching the home WiFi router and routing everything via pfSense, a managed switch and a cheap access-point.
Also why the two LAN ports out the pfSense router to the WiFi router, what does that give you ?
-
Ok I figured out why your image wasn't loaded - I was connected to one of my vps via vpn on my workstation, and that was having issues. I notice when I couldn't get to my local stuff ;)
Anyway..
So why and the hell would you have a dual wan router connect to pfsense lan with 2 different connections??? That is ZERO reason to do that… And why would you be using it as a router anyway?? That should just be used as an accesspoint..
You have a 50/20 internet connection there would be ZERO reason for such a setup.. Turn that router into just an AP connect it with 1 wire to pfsense lan and that should fix whatever issue your having..