ExpressVPN not working with 2.4.4-REALEASE-p1, help! see config
-
I followed the guide on ExpressVPN's website and in the end the VPN status is UP, but I cannot get my OPT1 network to go out using the VPN gateway...
Can someone help and take a look at my settings?**** READ THE COMMENTS BELOW***
I am attaching a zip file with the pics of my setup...
Comment A = This is changed to WAN gateway so I can write up this forum post
Comment B = ExpressVPN had me change this from WAN to OPT1. This did nothing and I changed it back to WAN. (still not working)helppppp
The bracked is a subnet that is not going to be used for VPN.
I also have options for Interface to = OpenVPN or VPN interface
They both do not work.Look below here for a zip file of the rest of my config
MOD: Attachment removed
-
So yeah you configured your outbound NAT. That's fine. What about your firewall rulesets? What about policy based routing? Where do you actually route traffic from this network - that doesn't work - over your VPN?
-
This post is deleted! -
@jegr check my attached zip file in my post. it has the rest of the setup.
-
As per your picture 3 you are forcing out ALL traffic from OPT1 through the gateway WAN_DHCP. Why? That makes no sense as you have a single-WAN setup - VPN or not. Pictures 4/5 show the same as you don't need rules on both the grouped interface or the attached OVPNC interface tab. But OK.
As for comment #B - that's BS from them. The interface the OVPN Client listens has nothing to do with how your internal interfaces/networks route through the tunnel.
As for comment #A - why did you change it from */default anyway?
On a minor note, I find it a bit strange to use AES-128 but force a digest hash of SHA512. AES256 + SHA256 or SHA384 would be more than enough to be secure. Also compression after VORACLE should be turned OFF by most commecial VPN provider. That they did not have that is strange. Your custom options are crowded as hell with options already in your config e.g. fast-io is just one box below. persist-key/tun are default. comp-lzo you selected with the dropdown in "compression", verbosity etc. etc.
So what you need to do is answer (yourself and us):
- what do you want to route through VPN?
- do you want it to work even if VPN is DOWN?
If your answer to 1) is "whole OPT1" then you'll have to create a rule for OPT1 to any to go through the VPN gateway. If you want to access LAN from OPT1 you should put a rule with that above the VPN routing rule and have that rule select gateway "default"/*
If you want OPT1 to work when VPN is down, you should create a failover group.Cheers,
Jens -
Well put @JeGr
-
@jegr Correct me if I am wrong, but all I have to do as of now to get VPN on OPT1 (no failover) is change picture #3's gateway to = VPN gateway?
I did exactly that before and did not have internet access.
I have PIC#3 routing to WAN_DHCP so I could have internet access since without that rule it would give me no internet. When I change it over to VPN gateway, I have no internet.
-
bump as this still is not working
-
if you'd post the pics inline, it would be far more easy to see what you're doing then to check the files
-
^exactly... Sorry but I have no desire to download some zip to have to look at your setup..
-
i fixed this using some other forum, thanks
-
@vincepro Can you post your fix, I had it working and once upgraded it died. After many attempts and talks with expressVPN i am still broken.
I am not sure if the issue is in the NATing or in the OPENVPN Client configuration. Can you assist. -
@vincepro let me add, my VPN status is down (pending) can you post screenshots of your config. something is missing in the doc that i am having difficulty figuring out.
HELP
-
Good luck ever seeing him again... Pretty much ready to just delete this thread since seems like a drive by... Post a problem - give no details.. Upload a zip for users to download, and then when pressed - says he fixed it but without again any actual details.
I am for sure removing his attachments.
I would suggest you start your own thread and actually post that could be used to figure out your issue.
-
@johnpoz Good Deal man, you can close it. I resolved the issue.
-
1st - one ID10T mistake kept using sha256 instead of sha512
-
2nd - on the NCD section that the documentation suggests to ignore, well cant ignore at least in my case.
I had to select the correct encryption algorithm AES-256-CBC.
It would be great to validate but as I working it goes without saying "if it ain't broke, don't fix it"
Thanks
Now you may close it if you like, it does not seem to be a large enough problem... Thanks
-
-
So PEBKAC then ;)
-
its called holiday weekend. If you still need the fix, let me know. I doubt you did figure it out though. I am holding that information as ransom for a 4 month free of express VPN service so I will not be posting it on here. The admins/devs are douchebags anyways.
-
@vincepro - iām very happy for you. I can tell you that you will not get any compensation from me. Also I would like offer to anyone needing help with expression to feel free to contact me.. Feel free to pm me. I would imagine this a community to help each other with pfsense issues. So let's help each other
-
@maguilu I am referring to ExpressVPN (for compensation) as I have contacted them. It's not a pfsense issue, its an outdated tutorial from all VPN services regarding how to use pfsense. You post pictures here and there and these admins/devs do nothing but belittle your posts. You should do a google and look at all the previous posts from other people about the same issues. You will then see mods/devs here are just typical coding douchebags that give you bits and pieces when they know the actual answer.
You would think this forum would be about helping each other, but no it's more like "I know more than you and you are a dumbass"
If you want the answer to get ExpressVPN working with 2.4.4 (and probably higher) pm me and I will help you. I can guarantee that maguilu did not get this working on 2.4.4 - the solution provided by maguilu does nothing in resolving connection issue to ExpressVPN.
I have made a deal with ExpressVPN and they are currently testing my solution (compensating months free) and will modify their outdated pfsense tutorial, so I cannot post the answer to the public on here.
as for @johnpoz, it's a zip file with images. If you were a legit mod, you would understand that downloading it from your own forum does nothing as long as you do not run the file. From that step is when you can determine if it's a virus or not, but thank you for your laziness. I am sure you have a sandbox VM that you could have opened it from there and seen the contents of the zip file, but that is too many extra steps for your paranoid self.
-
@vincepro look man you win, you got me. I will have to say that if you got a deal with express vpn good for you. either way i am good. feel free to pm me if you want to continue to bash me.... otherwise feel free to contact me.
