I need help here. I am hitting the wall. Please help a noob.
-
Do you prefer to have the VPN connected 24/7?
Yes I always require 24/7 connection on VPN.
How complicated is your geolocation VPN setup?
1. I only use one country setup (USA). I use the Rokus to access Netflix, Hulu and Amazon Prime Videos. I also use it for online shopping and banking.
Do you only want your Roku boxes to use ExpressVPN, and your normal traffic to go out your normal WAN connection? Or do you want to have Roku boxes to use ExpressVPN Country #1 and your normal traffic to go out ExpressVPN Country #2?
1. I use the Rokus to access Netflix, Hulu and Amazon Prime Videos. I also use it for online shopping and banking.
2. Country 1 are used for streaming devices.
I have an Asrock 3455B itx motherboard and its a 64 bit that supports AES for openvpn but I can't install the current 2.4.2 due to HPET error. So just decided to use 2.3.5.
I did follow your instructions to the T but I can not get netflix and amazon prime to work it say No internet connection but HULU does work. DNS leak is gone.
I did check the firewall rules/ expressvpn Action = Pass, Interface = Expressvpn, adress family = IPV4, Protocol= any and did not touch the rest of it.
StatusDashboard
DNS server(s)
127.0.0.1
85.203.37.1
85.203.37.2General setup/ DNS servers, 85.203.37.1 = ExpressvpnDHCP opt1, 85.203.37.2 = ExpressvpnDHCP opt1. I am not quite sure if i've done it correct.
Currently all my wifi devices are connected to ExpressVPN. It really tax the speed due to distance. What I wanted is how to do selective routing so I can just assign certain devices on VPN.
Thank you
-
My experiences overseas using VPN back to the states.
1. Latency impacts bandwidth. So, you are much better off running your VPN client on each device that needs the vpn rather than running it on 1 centralized device that serves vpn to everything else.
2. Companies are always claiming to be able to provide you Netflix and other video streaming sites. My experience is that unless you have a dedicated IP, thats not going to be reliable. Actually, if you want the best possible experience, buy a pfsense for someone in the states to replace their cheap router on the condition they let you run a vpn on it using their IP and bandwidth. I have my own personal pfsense in my house in the USA and my friends who travel also have them at their houses. We share. Residential IPs give the best results.
3. Pfsense doesn't leak DNS. At least not for me when I use it as the server. Every pfsense I've got running in the USA can slice through netflix blocks, no problem.
-
That is a very good idea kejianshi. But prior to jumping on Pfsense, I have a working Asus router with a Merlin firmware that works pretty well on Expressvpn that blocks geolocation and does selective routing.
The reason I need an advice is how come my off the shelf router can run on VPN? Pfsense is a nice but it has a steep learning curve for me.
-
I'm not sure. I have not seen expressvpn server configuration and I haven't seen your pfsense client configuration.
-
This is the link provided by ExpressVPn which I follow.
https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/
-
I'm not sure. I did take a look at it though.
I've done this using pfsense as server and with ALL TRAFFIC routed from the pfsense client to the pfsense server and it worked great.
In other words. The client side had a peer-to-peer configuration but the server side was remote access configuration.
For what you are trying to achieve, that worked wonderfully. I'm not sure what is going on with express VPN.
I can tell you that you want all, not some and not selectively when it comes to traffic being routed via that vpn.
People will really need to see your openvpn cofig. The one you actually entered and not the instructions from expressvpn.
Also, your firewall rules.
-
I did check the firewall rules/ expressvpn Action = Pass, Interface = Expressvpn, adress family = IPV4, Protocol= any and did not touch the rest of it.
What interfaces do you have right now? WAN, LAN, ExpressVPN? ExpressVPN interface shouldn't have any rules (blank).
The rule you want should be on your LAN interface.
Source: "Roku" (Make an alias with the static IPs of all your Roku devices. Either do static IP or DHCP reservation).
(Advanced) Gateway: ExpressVPN -
Well as of today I decided to stop using my Pfsense box and decided to use back my Asus RT AC 87U with Expressvpn. It took me 2 1/2 straight days trying to figure out how to unblock Netflix and Amazon prime with Pfsense.
Please don't get me wrong I find Pfsense has good potentials and I am not going to stop until I run it to perfection.
Currently I am on Pfsense 2.3.5 because I had a hard time installing 2.4.2 it gives me Hpet error. Also the current firmware build does not want to install new packages even after several clean install.
I will post later images on how I configure Pfsense on Expressvpn with firewall settings. ExpressVPN support is no use to me since they lack knowledge on pfsense.
Thanks guys!
-
I hope this is constructive criticism. Knowing what you might have done or was supposed to do or the directions tell you to do is completely unhelpful.
When people absolutely refuse to post their actual setups (we are talking screenshots of the pfsense configurations), good things rarely happen.
I wish you luck.
-
I will post my configuration. I really need to get this going. I find this forum helpful and really appreciate the help of forum members.
It just happen that my wife and kids are complaining since I start messing their Internet and vpn connections for 2 1/2 days.
-
I'm not the authority on much of anything, but I'm pretty sure if someone sees a big error in the config they will point it out.
-
It just happen that my wife and kids are complaining since I start messing their Internet and vpn connections for 2 1/2 days.
Best practice is to not put a new setup into production until it's production-ready. In other words, you can configure pfSense separately while your household still uses the Asus in production. When the pfSense config is stable, you're reading to go live with a smooth transition.
-
Well as of today I decided to stop using my Pfsense box and decided to use back my Asus RT AC 87U with Expressvpn. It took me 2 1/2 straight days trying to figure out how to unblock Netflix and Amazon prime with Pfsense.
I'm confused. You had it working but gave up anyways.
The policy-based routing firewall rule is just one rule, described above, and it would allow your Roku devices to be routed through ExpressVPN. I fail to see what difficulty you are encountering or why you gave up when you were a few seconds from success.
-
Well as of today I decided to stop using my Pfsense box and decided to use back my Asus RT AC 87U with Expressvpn. It took me 2 1/2 straight days trying to figure out how to unblock Netflix and Amazon prime with Pfsense.
I'm confused. You had it working but gave up anyways.
The policy-based routing firewall rule is just one rule, described above, and it would allow your Roku devices to be routed through ExpressVPN. I fail to see what difficulty you are encountering or why you gave up when you were a few seconds from success.
My main concern in going to Pfsense route is geolocation unblocking. The 3 major streaming company are getting tougher every day. It used to be a simple paid DNS service and your done. I have been tinkering routers for years starting from DD-WRT, Tomato to current Asus Merlin. Time has changed and I have to follow what is current.
Asus merlin firmware is so simple to use for an average guy like me but there are some limitations too when it comes to hardware. And this is the reason why I wanted to learn Pfsense because I have the freedom to do so.
I am no expert on things and it takes time to learn. for me its no pain no gain.
I will be posting some desktop configuration on ExpressVPN later so the community can take a look. including some problems I encounter.
-
Ok I am back to pfsense today and decided to start with a clean slate by doing a factory restore on the GUI.
After doing the wizard, I proceed to install Expressvpn.
 -
Here are more shots Expressvpn config.
 -
I rebooted pfsense after configuring Expressvpn and vpn is up after reboot. I then proceed to System/General setup/ DNS Server settings. (see attachments). Next is Services /DNS Resolver/General Settings including Services/DNS Resolver/Advanced Settings.
I did run DNS leaktest and it pass but I can not access some websites including Amazon (see attachment) and internet speed is slow. This is connected to Expressvpn.
I also try to install Pfsense package and its giving me error. I am currently on 2.3.5. Can not install 2.4.2 due to HPET error but let set that aside.
I did also check my ip location and its connected thru expressvpn result is Los Angeles location.
 -
I was really scratching my head. Next is to check my firewall settings (see attachment). On Firewall rules expressvpn i noticed it was empty.
I decided to click add on expressvpn firewall rules and this is how it looks like (see Attachement).
I noticed on Lan firewall lan did have some changes.
 -
This is my NAT outbound.
 -
Here are the results so far:
1. I am currently connected to my Local ISP and can be able to access sites.
2. ExpressVPN is up and connected but I am pretty sure I am not on vpn. Why? because I did check my ip location and since I am not on VPN DNS leak is the result.
3. I have not check my Roku streaming boxes yet because I am pretty sure it's going to be block.
Any suggestions guy?