Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NordVPN question

    OpenVPN
    1
    2
    1266
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      u3c307 last edited by

      Hey All\NordVPN users,

      I am new to pfsense and setting up nordvpn which I had for a while. I like to route everything through vpn and I had followed  https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/ to the dot. Everything is enable and I had reboot once I setup the openvpn but doesn't seem like it's routing everything through vpn. Things I notice:

      Firewall\Rules\LAN: States MiB traffic is increasing
      Status\OpenVPN: NordVPN UDP shows status down, Virtual server status shows Service not running?, and remote host shows Unable to contact daemon. (I have tried to start the daemon on gui but no luck.)

      Status\System Logs\OpenVPN:

      Oct 28 00:35:59  openvpn  32138  push_ifconfig_defined = DISABLED 
      Oct 28 00:35:59  openvpn  32138  push_ifconfig_local = 0.0.0.0 
      Oct 28 00:35:59  openvpn  32138  push_ifconfig_remote_netmask = 0.0.0.0 
      Oct 28 00:35:59  openvpn  32138  push_ifconfig_ipv6_defined = DISABLED 
      Oct 28 00:35:59  openvpn  32138  push_ifconfig_ipv6_local = ::/0 
      Oct 28 00:35:59  openvpn  32138  push_ifconfig_ipv6_remote = :: 
      Oct 28 00:35:59  openvpn  32138  enable_c2c = DISABLED 
      Oct 28 00:35:59  openvpn  32138  duplicate_cn = DISABLED 
      Oct 28 00:35:59  openvpn  32138  cf_max = 0 
      Oct 28 00:35:59  openvpn  32138  cf_per = 0 
      Oct 28 00:35:59  openvpn  32138  max_clients = 1024 
      Oct 28 00:35:59  openvpn  32138  max_routes_per_client = 256 
      Oct 28 00:35:59  openvpn  32138  auth_user_pass_verify_script = '[UNDEF]' 
      Oct 28 00:35:59  openvpn  32138  auth_user_pass_verify_script_via_file = DISABLED 
      Oct 28 00:35:59  openvpn  32138  port_share_host = '[UNDEF]' 
      Oct 28 00:35:59  openvpn  32138  port_share_port = 0 
      Oct 28 00:35:59  openvpn  32138  client = ENABLED 
      Oct 28 00:35:59  openvpn  32138  pull = ENABLED 
      Oct 28 00:35:59  openvpn  32138  auth_user_pass_file = '/var/etc/openvpn/client1.up' 
      Oct 28 00:35:59  openvpn  32138  OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016 
      Oct 28 00:35:59  openvpn  32138  library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09 
      Oct 28 00:35:59  openvpn  32138  WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible 
      Oct 28 00:35:59  openvpn  32458  MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock 
      Oct 28 00:35:59  openvpn  32458  WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 
      Oct 28 00:35:59  openvpn  32458  NOTE: the current –script-security setting may allow this configuration to call user-defined scripts 
      Oct 28 00:35:59  openvpn  32458  Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file 
      Oct 28 00:35:59  openvpn  32458  Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
      Oct 28 00:35:59  openvpn  32458  Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
      Oct 28 00:35:59  openvpn  32458  LZO compression initialized 
      Oct 28 00:35:59  openvpn  32458  Control Channel MTU parms [ L:1562 D:1184 EF:66 EB:0 ET:0 EL:3 ] 
      Oct 28 00:35:59  openvpn  32458  Socket Buffers: R=[42080->42080] S=[57344->57344] 
      Oct 28 00:35:59  openvpn  32458  Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:143 ET:0 EL:3 AF:3/1 ] 
      Oct 28 00:35:59  openvpn  32458  Fragmentation MTU parms [ L:1562 D:1300 EF:61 EB:143 ET:1 EL:3 AF:3/1 ] 
      Oct 28 00:35:59  openvpn  32458  Local Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' 
      Oct 28 00:35:59  openvpn  32458  Expected Remote Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' 
      Oct 28 00:35:59  openvpn  32458  Local Options hash (VER=V4): '311e36c2' 
      Oct 28 00:35:59  openvpn  32458  Expected Remote Options hash (VER=V4): 'c77ff366' 
      Oct 28 00:35:59  openvpn  32458  UDPv4 link local (bound): [AF_INET]71.68.65.243 
      Oct 28 00:35:59  openvpn  32458  UDPv4 link remote: [AF_INET]191.101.1.212:1194 
      Oct 28 00:35:59  openvpn  32458  TLS: Initial packet from [AF_INET]191.101.1.212:1194, sid=04792ab8 19a286cc 
      Oct 28 00:35:59  openvpn  32458  WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this 
      Oct 28 00:36:00  openvpn  32458  VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=vpn-us_v1, CN=vpn-us_v1, name=vpn-us_v1, emailAddress=info@nordvpn.com 
      Oct 28 00:36:00  openvpn  32458  VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=vpn-us2.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com 
      Oct 28 00:36:00  openvpn  32458  WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1562', remote='link-mtu 1590' 
      Oct 28 00:36:00  openvpn  32458  WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532' 
      Oct 28 00:36:00  openvpn  32458  WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic' 
      Oct 28 00:36:00  openvpn  32458  WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256' 
      Oct 28 00:36:00  openvpn  32458  OpenSSL: error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length 
      Oct 28 00:36:00  openvpn  32458  EVP set key size 
      Oct 28 00:36:00  openvpn  32458  Exiting due to fatal error

      If ya'll need screenshot on the setup it's exactly like nordvpn steps, but I can retake screenshot if ya'll need.

      Thanks,

      U3

      1 Reply Last reply Reply Quote 0
      • U
        u3c307 last edited by

        NVM I figure it out.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy