PFsense 2.5 RC OpenVPN/ExpressVPN problem
-
@layerthree
firewall rules on LAN tab
Nat setup:
-
@bcruze Thank you! I will copy that on my own settings and maybe something change XD
Did u tried a own server ? -
@layerthree
own server? -
@bcruze to host a own OpenVPN Server :)
-
Hi man. Did you figure it out?
I am facing the same issue. ExpressVPN is not working with the latest 2.5-RELEASE.
OpenVPN is connecting well, I set the rules according to their Wiki, but the traffic is going thru the WAN
I am about to install/downgrade to 2.4.5 version and see if it works...
-
@jairoav25 Yes! that's my Interface does look like.
I didn't find anything but I'm still trying things xD
So we could stay connected and figure this out.
-
@layerthree I also had issues with expressvpn and it is working for now. Support had me repeatedly update the same settings to no effect. Finally rebooted and logs showed no error this time but ip was not active. After 5 minutes it was active. Do not want to try to replicate at this point.
-
this is the same issue I have having with another provider who clearly isn't using open vpn 2.5
I have a support ticket open, I am hoping to see progress at some point today. -
@applesalwaysred wait I will try that. Did u all the settings in the guide or other settings?
-
@layerthree No settings were changed, just re-entered, then restart. Checked the vpn logs and noticed no disconnect errors. ~10 minutes later ip was established. This is obviously non-optimal.
-
@applesalwaysred said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:
@layerthree No settings were changed, just re-entered, then restart. Checked the vpn logs and noticed no disconnect errors. ~10 minutes later ip was established. This is obviously non-optimal.
yes. every 25 or so reconnect attempts mine would work. but if i disconnected / reconnected it would stop flowing again
-
@applesalwaysred so u use exactly the ExpressVPN Guide Rules?
I need to try more things xD -
Btw, The only purpose I'm using pfSense with ExpressVPN is to unblock Geo-restricted sites (Netflix, Hulu, etc) I downgraded to 2.4.5 and everything worked as expected, except some streaming sites are not loading but if you use the native app they do. So from now, I will stop using pfSense for this purpose and will switch to OpenWRT as it is suggested in this forum
It is a shame since pfSense is a solid Firewall.
-
@jairoav25 I understand this but I will stay with PfSense and try to figure this Problem out xD
-
Mmm, this seems almost certainly to be a config mismatch between the OpenVPN 2.5 client in pfSense 2.5 (confusingly!) and the OpenVPN 2.4 server you're trying to connect to.
The first thing I would try is leaving NCP enabled and adding AES-256-CBC to the list of ciphers.
Also set compression to 'Omit prefernce' since you can see in the logs the server is pushing
comp-lzo no
but you have it set to adaptive.Steve
-
@layerthree Yes.
-
OpenWRT didn't work. The solution in my case was to install OpnSense. Check my response here
-
Anyone seeing a problem with the expressvpn certificate?
Just seen where it looks like they are issuing a 50 year cert that is overrunning a counter and hence shows as expired.
Steve
-
Hey, I could be wrong but I think its something to do with the NAT.
I personnaly would try going over to NordVPN's SetUp for pfsense 2.5 & try that . Try loading both tutorials next to each other in browser to compare.
Now In the beginning of tutorial try to Load cetificates the expressvpn way instead of Nords, But then from there follow Nordvpn for the rest of the setup. Also Make Sure when you add Expressvpn to the NAT as described that you add it to the top of the Mappings List & not at the bottom.
Maybe having a look at Nords Tutorial may give some Clues. Also make sure you reboot pfsense after setup as it may still look like its not working but hopefully will after a reboot.
I dont think theres any harm in trying but make sure to reboot if it looks to not work after.
If it will work for NordVPN 2.5 then it may work for Express. XXXX -
@openresty Just got an update from support. Removed the option "Don't pull routes" which is mentioned in their guide. I now have an encrypted connection.