Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to set up pfSense with OpenVPN and only Tor works

    OpenVPN
    1
    1
    926
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pffffSensing-N00b-3485901
      last edited by

      edited to add details, clarity, and formatting
      pfSense version & info:

      
      Version 	2.3.2-RELEASE (amd64)
      built on Tue Jul 19 12:44:43 CDT 2016
      FreeBSD 10.3-RELEASE-p5
      
      The system is on the latest version.
      Platform 	nanobsd (2g)
      NanoBSD Boot Slice 	pfsense0 / da0s1(rw)
      CPU Type 	AMD Athlon(tm) II X2 250 Processor
      2 CPUs: 1 package(s) x 2 core(s)
      Uptime 	00 Hour 38 Minutes 01 Seconds
      Current date/time 	
      Sun Sep 25 9:19:57 GMT-5 2016
      DNS server(s) 	
      
          209.222.18.218
          209.222.18.222
          208.67.222.222
          208.67.220.220
      
      

      Topology:
      I have a Windows 7 64 bit SP1 laptop connected to a pfSense box with a wired connection.  The pfSese box has 2x Intel NICs (one WAN, one LAN). The pfSense box is connected to a SOHO wifi router.  It was working fine as a firewall with default settings, and then I started messing with OpenVPN.

      I'm following the guides from here and on PIA's site, trying to get strong encryption working (tried other flavors too like TCP strong, and UDP 1194 with now unsupported crypto).
      Guides:
      Configuring pfSense as VPN Client to Private Internet Access
      https://forum.pfsense.org/index.php?topic=76015.0

      OpenVPN Step-by-Step Setup for pfSense aes256/Strong [firewall/router]
      https://www.privateinternetaccess.com/forum/discussion/21875

      I'm not getting errors in the OpenVPN log, so I guess that part's right?  I get the following in the log:

      
      Initialization Sequence Completed 
      
      

      Current OpenVPN client parameters:

      
      peer to peer
      TCP
      tun
      us-east.privateinternetaccess.com
      port 501
      infinitely resolve server
      do not enable auth of TLS packets
      client cert web configurator
      AEC-256-CBC
      SHA256
      compression enabled with adaptive
      
      auth-user-pass /etc/openvpn-password.txt;
      verb 5;
      remote-cert-tls server
      
      

      /etc/openvpn-password.txt was made in the web UI, and I can read from it after a pfSense reboot, and the password is good.
      I currently have the 4096 certificate in as a CA, but I also tried the 2048 one and it's settings.  I think the OpenVPN client is working with most of these settings, and my problem is outside of OpenVPN.  but I am a n00b at this…

      This morning, the OpenVPN client (or daemon?) was down.  I restarted it and it connected.  However, I never seem to get more than a few KiB to transfer.

      Almost all traffic is not working.  However, pfSense can determine if its up to date, the Tor Browser Bundle can surf the net, and I can resolve DNS names with ping.  Nothing else works (but I only tried web browsing by name and IP).

      What works:
      DNS resolves on my PC (via ping)
      DNS resolves in the pfSense GUI
      Tor traffic will start to work after things settle, with some settings
      Windows thinks there's Internet Access on the adapter (It reaches out to some Microsoft servers to check this)

      What does not work:
      Firefox on my PC (regular Firefox, not TBB/Tor)
      Ping resolves the name, but all the pings fail.  Tried google.com and duckduckgo.com
      Using the OpenVPN client on my PC with proflies set to use TCP and connect by IP address (not name)

      I think I am overlooking some detail(s), but I don't know what to look for.  It seems like DNS is having a problem, so I fiddled with that.  I think I put it back to default.  It kind of seems like the firewall isn't set up right, but I didn't play with it too much (put it back to default too; except for the new NAT rules for the OpenVPN).

      I had a bunch of difficulties the last time I tried this, and I overlooked a checkbox.  I knew that going in this time, so I made sure to pay attention to that section ("TLS Authentication" = [uncheck] "Enable authentication of TLS packets.")

      What should I look for or do to troubleshoot this?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.