PFsense 2.5 RC OpenVPN/ExpressVPN problem

LayerThree · Feb 21, 2021, 8:31 AM

@jairoav25 Yes! that's my Interface does look like.

I didn't find anything but I'm still trying things xD

So we could stay connected and figure this out.

applesalwaysred · Feb 21, 2021, 10:44 AM

@layerthree I also had issues with expressvpn and it is working for now. Support had me repeatedly update the same settings to no effect. Finally rebooted and logs showed no error this time but ip was not active. After 5 minutes it was active. Do not want to try to replicate at this point.

bcruze · Feb 21, 2021, 11:27 AM

this is the same issue I have having with another provider who clearly isn't using open vpn 2.5
I have a support ticket open, I am hoping to see progress at some point today.

LayerThree · Feb 21, 2021, 3:01 PM

@applesalwaysred wait I will try that. Did u all the settings in the guide or other settings?

applesalwaysred · Feb 21, 2021, 3:01 PM

@layerthree No settings were changed, just re-entered, then restart. Checked the vpn logs and noticed no disconnect errors. ~10 minutes later ip was established. This is obviously non-optimal.

bcruze · Feb 21, 2021, 3:03 PM

@applesalwaysred said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

@layerthree No settings were changed, just re-entered, then restart. Checked the vpn logs and noticed no disconnect errors. ~10 minutes later ip was established. This is obviously non-optimal.

yes. every 25 or so reconnect attempts mine would work. but if i disconnected / reconnected it would stop flowing again

LayerThree · Feb 21, 2021, 3:16 PM

@applesalwaysred so u use exactly the ExpressVPN Guide Rules?
I need to try more things xD

JairoAV25 · Feb 21, 2021, 3:44 PM

Btw, The only purpose I'm using pfSense with ExpressVPN is to unblock Geo-restricted sites (Netflix, Hulu, etc) I downgraded to 2.4.5 and everything worked as expected, except some streaming sites are not loading but if you use the native app they do. So from now, I will stop using pfSense for this purpose and will switch to OpenWRT as it is suggested in this forum

It is a shame since pfSense is a solid Firewall.

LayerThree · Feb 21, 2021, 4:01 PM

@jairoav25 I understand this but I will stay with PfSense and try to figure this Problem out xD

stephenw10 · Feb 21, 2021, 7:46 PM

Mmm, this seems almost certainly to be a config mismatch between the OpenVPN 2.5 client in pfSense 2.5 (confusingly!) and the OpenVPN 2.4 server you're trying to connect to.

The first thing I would try is leaving NCP enabled and adding AES-256-CBC to the list of ciphers.

Also set compression to 'Omit prefernce' since you can see in the logs the server is pushing comp-lzo no but you have it set to adaptive.

Steve

applesalwaysred · Feb 22, 2021, 3:20 PM

@layerthree Yes.

JairoAV25 · Feb 22, 2021, 4:20 PM

@layerthree

OpenWRT didn't work. The solution in my case was to install OpnSense. Check my response here

stephenw10 · Feb 22, 2021, 6:05 PM

Anyone seeing a problem with the expressvpn certificate?

Just seen where it looks like they are issuing a 50 year cert that is overrunning a counter and hence shows as expired.

Steve

OpenResty · Feb 22, 2021, 6:56 PM

Hey, I could be wrong but I think its something to do with the NAT.
I personnaly would try going over to NordVPN's SetUp for pfsense 2.5 & try that . Try loading both tutorials next to each other in browser to compare.
Now In the beginning of tutorial try to Load cetificates the expressvpn way instead of Nords, But then from there follow Nordvpn for the rest of the setup. Also Make Sure when you add Expressvpn to the NAT as described that you add it to the top of the Mappings List & not at the bottom.
Maybe having a look at Nords Tutorial may give some Clues. Also make sure you reboot pfsense after setup as it may still look like its not working but hopefully will after a reboot.
I dont think theres any harm in trying but make sure to reboot if it looks to not work after.
If it will work for NordVPN 2.5 then it may work for Express. XXXX

applesalwaysred · Feb 24, 2021, 2:56 PM

@openresty Just got an update from support. Removed the option "Don't pull routes" which is mentioned in their guide. I now have an encrypted connection.

LayerThree · Feb 24, 2021, 4:50 PM

@applesalwaysred so u did everything like in the guide except this the "Dont pull routes" and it works?

If that's true, then I will update soon!

stephenw10 · Feb 24, 2021, 5:26 PM

@stephenw10 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

Anyone seeing a problem with the expressvpn certificate?

Just seen where it looks like they are issuing a 50 year cert that is overrunning a counter and hence shows as expired.

Yeah if you're using the SG-3100 (or SG-1000) you might hit that. There is a patch for it now:
https://redmine.pfsense.org/issues/11504

Steve

LayerThree · Feb 24, 2021, 8:12 PM

So the "Don't pull routes" solved the whole problem.

Follow the guide, except this step and then restart ur machine. After this everything works.

Thank you for ur help!

bcruze · Feb 24, 2021, 9:35 PM

@layerthree said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

So the "Don't pull routes" solved the whole problem.

Follow the guide, except this step and then restart ur machine. After this everything works.

Thank you for ur help!

I posted in the other thread. I just reset up my provider that wasn't working

it connected. but if I restart the tunnel. traffic stop passing again

you?

stephenw10 · Feb 26, 2021, 1:50 AM

I would always set 'don't pull routes' personally. Otherwise you're at the mercy of whatever they want to send you, which is usually a new default route.
However if you don't pull routes from them you need to policy route the traffic you want via the VPN gateway.

Steve