PFsense 2.5 RC OpenVPN/ExpressVPN problem
-
Hello,
I'm relatively new to Pfsense and am currently trying to encrypt my router (self-built server with Pfsense) over VPN so that everything going from the server to the modem and beyond is encrypted. This should also include the encryption of my IP. I had seen a guide from ExpressVPN, but it doesn't work for me. I really did everything 100% the same way. The server is running, there is no error message, but when I go to a page and ask it what my IP is, it is always my original IP. What can this be?
I currently have the latest 2.5.0 RC version on it.Thank you in advance for your help.
Stay healthy! Greetings, Layer3
-
Because your traffic is leaving the WAN directly and not over the tunnel.
But why that is we can;t say without more information to go on.We need to see the routing table and the firewall rules on the internal interface you're testing from really.
You have a link to the guide you followed? Most of the pfSense guides provided by commercial VPN suppliers are sketchy at best....
Steve
-
There is a good chance express vpn does not utilize open vpn 2.5 which will cause you not to connect
I have personally experienced this with two providers currently so I rolled back to prod pfsense -
@bcruze That would really be bad.
Can someone confirm that?
I am running a p2p instance towards a 2.5 Windows-Client without problems. -
It should be backwards compatible. The problem we have seen there is trying to import a 2.5 config in a 2.4.X client. It chokes on some of the new parameters and refuses to connect in the opensource client.
I did see odd behaviour from the openvpn connect client where it appeared to connect but send no traffic.
Commenting out the data-cipher lines from the config corrected it in both cases.Steve
-
Thank you for your answers!
I have now simply downgraded to 2.4.5 after all the attempts, followed the guide on their ExpressVPN Website. After that I adjusted the NAT outbound and LAN rules, then it worked and my connection is encrypted. I am still quite a beginner with Pfsense, but I must say the whole thing is pretty fun to learn!Thank you for your time.
-
I just upgraded my sg3100 to 2102. RC
mullvad connects 2.5 openvpn
airvpn connects. 2.5 openvpn
azire vpn does not. 2.4 openvpnI ended up setting up WG with azirevpn. spent an hour on it. it wasn't working. I rebooted the firewall and WG works now
go figure..... reboot ;)
-
-
@stephenw10
thank you for ur reply!I will add some pictures later and I can't upload the link because it will be marked as "spam".
Everything worked on 2.4.5, then I upgraded to 2.5.0 because I want to try if my method works in this version as well.
I noticed that some things are different in the VPN client interface. The guide explicitly says that you should disable NCP algorithms and leave the algorithm table empty. With version 2.5.0 this is not possible at all, because it absolutely wants to have an algorithm in the table.Since I'm just teaching myself everything bit by bit, I don't have a great overview yet regarding all the inbound & outbound rules regarding NAT,WAN & LAN, but it's all slowly becoming a bit more understandable. I appreciate any help and am more than willing to take criticism and corrections to learn more.
The goal of mine is to have all traffic between my router(the PFsense) and the internet encrypted like it was with 2.4.5.Thanks again and stay healthy!
-
have you contacted expressvpn to see if they utilize openvpn 2.5?
every provider I have not on 2.5 will not work.
also read step 7 and delete all the extra you have disabled: https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/
my rules are Alias's set to go through certain gateway's and Nat'd the same. Alias set to all * Nat address the VPN tunnel
-
@bcruze
Yes! I wrote with them and they said that everything should work and they are sad that nobody can help me.xD -
With NCP disabled it should not matter what you have in the table, it will use the fallback algorithm.
What are you seeing in the logs? Is it trying to connect and failing?
Does it connect but not pass any traffic?
If that's the case then make sure you have the compression setting matched correctly. The defaults for that did change, though I thought it was before 2.5.Steve
-
@stephenw10 should I take a Screenshot of the logs?
Because there is a lot of the OpenVPN logs.
-
just spent about 45 minutes going through setting up my provider again(Azirevpn)
same issue still, doesn't matter what GCM or CBC I choose with NCM disabled. it all say its connected but no traffic passes. my logs are more or less the same. I have compression set too; decompress incoming - omit preference disable adaptive. which is exactly what worked on 2.4 and what support told me to use..their website says to use 256gcm. on a 2.4 openvpn server(I am on 2102 openvpn 2.5). but I have tried 128 CBC, GCM, and both for 256.
I don't think this is Pfsense problem to resolve this is a openvpn issue as it states here about providers; https://openvpn.net/community-downloads/
I have disabled the tunnel again, and utilizing other providers using 2.5
-
These are my settings, I deleted the things I think are security relevant xD
Yes it could be a OpenVPN Problem, because the whole thing worked on the 2.4.5 Version but I can't downgrade to it so I need to find a way.
I also thank you for the time you took!
Do you know maybe a video that deals specifically with the Rules? So that I can understand and create them completely by myself.
-
@layerthree
firewall rules on LAN tab
Nat setup:
-
@bcruze Thank you! I will copy that on my own settings and maybe something change XD
Did u tried a own server ? -
@layerthree
own server? -
@bcruze to host a own OpenVPN Server :)
-
Hi man. Did you figure it out?
I am facing the same issue. ExpressVPN is not working with the latest 2.5-RELEASE.
OpenVPN is connecting well, I set the rules according to their Wiki, but the traffic is going thru the WAN
I am about to install/downgrade to 2.4.5 version and see if it works...
