Connecting to AirVPN with OpenVPN and Gateway issue



  • so I followed guide
    pfSense baseline guide with VPN, Guest and VLAN support
    Every thing seems to be working, sort of.
    When I connect to the VPN VLAN subnet, I can access the internet and it shows my location correctly for the VPN server location.
    In Status/OpenVPN the Client Instance Status is "up"
    But in Status/Gateways/Gateways the "VPN_WAN" Status is "Offline"
    0_1537204590152_Screen Shot 2018-09-17 at 1.10.32 PM.png
    OpenVPN logs - I edited the IP's

    Sep 17 01:50:51	openvpn	22094	Initialization Sequence Completed
    Sep 17 01:50:51	openvpn	22094	Preserving previous TUN/TAP instance: ovpnc2
    Sep 17 01:50:51	openvpn	22094	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Sep 17 01:50:51	openvpn	22094	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Sep 17 01:50:50	openvpn	22094	[server] Peer Connection Initiated with [AF_INET]000.0.00.00:443
    Sep 17 01:50:49	openvpn	22094	UDPv4 link remote: [AF_INET]000.0.00.00:443
    Sep 17 01:50:49	openvpn	22094	UDPv4 link local (bound): [AF_INET]00.00.000.000:0
    Sep 17 01:50:49	openvpn	22094	TCP/UDP: Preserving recently used remote address: [AF_INET]000.0.00.00:443
    Sep 17 01:50:49	openvpn	22094	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Sep 17 01:50:44	openvpn	22094	SIGUSR1[soft,ping-restart] received, process restarting
    Sep 17 01:50:44	openvpn	22094	[server] Inactivity timeout (--ping-restart), restarting
    

    Here are the Gateway logs

    Sep 15 22:05:23	dpinger		VPN_WAN 10.0.0.01: Alarm latency 0us stddev 0us loss 100%
    Sep 15 22:05:21	dpinger		send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 45.00.000.0 bind_addr 45.00.000.000 identifier "WAN_DHCP "
    Sep 15 22:05:21	dpinger		send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 10.0.0.0 bind_addr 10.00.000.000 identifier "VPN_WAN "
    Sep 15 22:05:20	dpinger		VPN_WAN 10.0.0.0: Alarm latency 0us stddev 0us loss 100%
    Sep 15 22:05:18	dpinger		send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 45.00.000.0 bind_addr 45.00.000.000 identifier "WAN_DHCP "
    Sep 15 22:05:18	dpinger		send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 10.0.0.0 bind_addr 10.00.000.000 identifier "VPN_WAN "
    Sep 15 22:05:17	dpinger		WAN_DHCP 45.00.000.0: Alarm latency 9231us stddev 216us loss 33%
    Sep 15 22:05:16	dpinger		send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 45.00.000.0 bind_addr 45.00.000.000 identifier "WAN_DHCP "
    

    Here is the VPN/OpenVPN/Client settings page
    0_1537206574211_Screen Shot 2018-09-17.png
    EDIT: added Gateway logs


  • LAYER 8 Netgate

    All of those walk-throughs seem to want you to put a bunch of stuff in Custom options. This is likely because they are ancient and one guy one time somewhere said it worked for him and the internet never forgets.

    I would remove all of that nonsense.

    Take whatever configuration the OpenVPN service provides and just check the right thing in the GUI to turn that on. If you don't know, I'd just ask here.



  • So removing all the custom options seem to have no effect, negative or positive.
    So then I was testing so ideas and here is what I came up with.
    After removing the custom options I checked the OpenVPN client status and it was still "up"
    then I checked the Gateway status and it was still "Offline"
    So the since i'm "learning" here... I disabled the gateway and then checked the OpenVPN client status again and it was still up. So that got me thinking... this issue must just be with the "Gateway" and its settings.
    So per the guide when setting up the VPN gateway is says to input "Monitor IP = 10.4.0.1" and states this "The 10.4.0.1 is the AirVPN DNS server for port 443 UDP access. For reference, the other DNS servers are listed here at the bottom of the page."
    So after reading the explanation under this input box "Enter an alternative address here to be used to monitor the link. This is used for the quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond to ICMP echo requests (pings).", I removed this IP address and now the gate way shows as "Online"
    0_1537233271346_Screen Shot 2018-09-17 at 9.10.55 PM.png
    So I assume that changing the gateway monitor IP to default the Gateway IP instead of an internal DNS address has no ill effect on VPN traffic leaking.


  • LAYER 8 Netgate

    Right. You cannot always ping an OpenVPN tunnel address. If you want gateway monitoring, you need to set something you can ping as the monitor IP address.



  • https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

    i learned ALOT by reading and following this guide. there are still things to uncheck but you have to read the entire thread.

    my connection has been 100% stable if i just stop tinkering.

    good luck Airvpn is a great provider

    (tunnel settings uncheck BOTH that you have checked)

    you can also type IFCONFIG at the diag > command prompt and your tunnel interface gateway will be listed towards the bottom..


  • LAYER 8 Rebel Alliance

    With 0.1ms RTT I don't think you are Monitoring the other Tunnel Side (VPN Provider).

    -Rico



  • @bcruze said in Connecting to AirVPN with OpenVPN and Gateway issue:

    https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

    i learned ALOT by reading and following this guide. there are still things to uncheck but you have to read the entire thread.

    my connection has been 100% stable if i just stop tinkering.

    good luck Airvpn is a great provider

    (tunnel settings uncheck BOTH that you have checked)

    you can also type IFCONFIG at the diag > command prompt and your tunnel interface gateway will be listed towards the bottom..

    Alright, ill check this out thanks.

    @rico said in Connecting to AirVPN with OpenVPN and Gateway issue:

    With 0.1ms RTT I don't think you are Monitoring the other Tunnel Side (VPN Provider).

    -Rico

    I thought this was strange also, considering my local ISP gateway was 8.9ms and 2.2ms


Log in to reply