Connecting to AirVPN with OpenVPN and Gateway issue
-
so I followed guide
pfSense baseline guide with VPN, Guest and VLAN support
Every thing seems to be working, sort of.
When I connect to the VPN VLAN subnet, I can access the internet and it shows my location correctly for the VPN server location.
In Status/OpenVPN the Client Instance Status is "up"
But in Status/Gateways/Gateways the "VPN_WAN" Status is "Offline"
OpenVPN logs - I edited the IP'sSep 17 01:50:51 openvpn 22094 Initialization Sequence Completed Sep 17 01:50:51 openvpn 22094 Preserving previous TUN/TAP instance: ovpnc2 Sep 17 01:50:51 openvpn 22094 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Sep 17 01:50:51 openvpn 22094 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Sep 17 01:50:50 openvpn 22094 [server] Peer Connection Initiated with [AF_INET]000.0.00.00:443 Sep 17 01:50:49 openvpn 22094 UDPv4 link remote: [AF_INET]000.0.00.00:443 Sep 17 01:50:49 openvpn 22094 UDPv4 link local (bound): [AF_INET]00.00.000.000:0 Sep 17 01:50:49 openvpn 22094 TCP/UDP: Preserving recently used remote address: [AF_INET]000.0.00.00:443 Sep 17 01:50:49 openvpn 22094 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 17 01:50:44 openvpn 22094 SIGUSR1[soft,ping-restart] received, process restarting Sep 17 01:50:44 openvpn 22094 [server] Inactivity timeout (--ping-restart), restartingHere are the Gateway logs
Sep 15 22:05:23 dpinger VPN_WAN 10.0.0.01: Alarm latency 0us stddev 0us loss 100% Sep 15 22:05:21 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 45.00.000.0 bind_addr 45.00.000.000 identifier "WAN_DHCP " Sep 15 22:05:21 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 10.0.0.0 bind_addr 10.00.000.000 identifier "VPN_WAN " Sep 15 22:05:20 dpinger VPN_WAN 10.0.0.0: Alarm latency 0us stddev 0us loss 100% Sep 15 22:05:18 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 45.00.000.0 bind_addr 45.00.000.000 identifier "WAN_DHCP " Sep 15 22:05:18 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 10.0.0.0 bind_addr 10.00.000.000 identifier "VPN_WAN " Sep 15 22:05:17 dpinger WAN_DHCP 45.00.000.0: Alarm latency 9231us stddev 216us loss 33% Sep 15 22:05:16 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 45.00.000.0 bind_addr 45.00.000.000 identifier "WAN_DHCP "Here is the VPN/OpenVPN/Client settings page
EDIT: added Gateway logs -
All of those walk-throughs seem to want you to put a bunch of stuff in Custom options. This is likely because they are ancient and one guy one time somewhere said it worked for him and the internet never forgets.
I would remove all of that nonsense.
Take whatever configuration the OpenVPN service provides and just check the right thing in the GUI to turn that on. If you don't know, I'd just ask here.
-
So removing all the custom options seem to have no effect, negative or positive.
So then I was testing so ideas and here is what I came up with.
After removing the custom options I checked the OpenVPN client status and it was still "up"
then I checked the Gateway status and it was still "Offline"
So the since i'm "learning" here... I disabled the gateway and then checked the OpenVPN client status again and it was still up. So that got me thinking... this issue must just be with the "Gateway" and its settings.
So per the guide when setting up the VPN gateway is says to input "Monitor IP = 10.4.0.1" and states this "The 10.4.0.1 is the AirVPN DNS server for port 443 UDP access. For reference, the other DNS servers are listed here at the bottom of the page."
So after reading the explanation under this input box "Enter an alternative address here to be used to monitor the link. This is used for the quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond to ICMP echo requests (pings).", I removed this IP address and now the gate way shows as "Online"
So I assume that changing the gateway monitor IP to default the Gateway IP instead of an internal DNS address has no ill effect on VPN traffic leaking. -
Right. You cannot always ping an OpenVPN tunnel address. If you want gateway monitoring, you need to set something you can ping as the monitor IP address.
-
https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
i learned ALOT by reading and following this guide. there are still things to uncheck but you have to read the entire thread.
my connection has been 100% stable if i just stop tinkering.
good luck Airvpn is a great provider
(tunnel settings uncheck BOTH that you have checked)
you can also type IFCONFIG at the diag > command prompt and your tunnel interface gateway will be listed towards the bottom..
-
With 0.1ms RTT I don't think you are Monitoring the other Tunnel Side (VPN Provider).
-Rico
-
@bcruze said in Connecting to AirVPN with OpenVPN and Gateway issue:
https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
i learned ALOT by reading and following this guide. there are still things to uncheck but you have to read the entire thread.
my connection has been 100% stable if i just stop tinkering.
good luck Airvpn is a great provider
(tunnel settings uncheck BOTH that you have checked)
you can also type IFCONFIG at the diag > command prompt and your tunnel interface gateway will be listed towards the bottom..
Alright, ill check this out thanks.
@rico said in Connecting to AirVPN with OpenVPN and Gateway issue:
With 0.1ms RTT I don't think you are Monitoring the other Tunnel Side (VPN Provider).
-Rico
I thought this was strange also, considering my local ISP gateway was 8.9ms and 2.2ms
