Pfsense Openvpn using Expressvpn



  • Hello anyone succeed? Using Express manual configuration, i tried so many version like 2.3.3 , 2.3.5 and 2.4.4
    Any suggestion? to use vpn to create a OpenVPN in pfsense thanks.
    I hope you can help me thanks.



  • Sorry, not sure if this helps but I did a while ago (I want to say on pfsense 2.2 or 2.3) and it worked fine.



  • @templateunheard thanks for that.


  • LAYER 8 Global Moderator

    You shouldn't be thanking anyone that suggests you run your firewall on EOL version.. Period!! Its just plain moronic advice..

    The correct advice is to run current vesion, and work out whatever it is your issue is or perceived to be..

    2 second google found the instructions over on expressvpn for pfsense - and lists steps for 2.4 needed near the end, etc. There should be no reason why this doesn't work on current version.



  • @johnpoz oh okay thanks for advice.



  • @johnpoz said in Pfsense Openvpn using Expressvpn:

    You shouldn't be thanking anyone that suggests you run your firewall on EOL version.. Period!! Its just plain moronic advice..

    The correct advice is to run current vesion, and work out whatever it is your issue is or perceived to be..

    2 second google found the instructions over on expressvpn for pfsense - and lists steps for 2.4 needed near the end, etc. There should be no reason why this doesn't work on current version.

    I'm not suggesting he doesn't run the latest version, he asked has anyone here done it and I'm saying that I did a couple of versions of pfsense ago. Def don't think me or my response was "moronic" in any way.

    Not sure how someone can overlook the actual question and lack the most basic understanding of what constitutes giving advice that badly. What you said would have been valid if the topic went like this:
    "Can anyone reccomend a version of pfsense that works with expressvpn?"
    "Yeah, 2.2 or 2.3 works well"

    However, it actually went like this:
    "Has anyone made pfsense work with Expresvpn?"
    %(#3be036)"Yeah I have, I did it on pfsense a couple of versions ago (2.2 or 2.3)"]

    Which means that... moral of the story:
    Me giving my experience of what I did isn't the same as giving advice on the topic.

    By all means shoot me a PM if you need futher clarification, english is a hard subject.


  • LAYER 8 Global Moderator

    Your advice was BAD - PERIOD! It reads to run EOL versions be it you meant it that way or not.

    How you should of stated it was - I used it a while back... It works, and left off what version you ran, etc. if you don't specifically recall, etc. The way your post reads is it worked on 2.2. or or 2.3.. In effect telling him to run that version.

    He stated he had tried multiple version 2.2, 2.3, 2.4 - I was making it VERY CLEAR to only run current code on your firewall.



  • @johnpoz
    "Your advice was BAD - PERIOD!"
    Again, it wasn't advice. My post was saying that I've previously done it. When talking about bad choices made during your life does that mean you're giving others advice to do the same thing? nope, of course not so stop acting like I was giving him advice in any way just because you jumped to conclusions.

    "It reads to run EOL versions be it you meant it that way or not."
    To any sensible human, recalling past experiences with something doesn't constitute advice in any way, and calling my comment advice or, as you put it, moronoic.

    "How you should of stated it was - I used it a while back... It works, and left off what version you ran, etc. if you don't specifically recall, etc. The way your post reads is it worked on 2.2. or or 2.3.. In effect telling him to run that version."
    Again, it reads this way to you. What you should have done is behave like a moderator instead of a child and say that it's a bad idea without calling my (NON-ADVICE) post moronic and no, ofc I don't have to remove my version from my response moronic just incase someone who doesn't understand would mistake that for a version that it works with.

    "I was making it VERY CLEAR to only run current code on your firewall."
    I have no problem with this however you were also calling me moronic, a personal attack for advice that I didn't even give based on your not reading the question enough.

    You're a moderator, start acting like one.



  • i can't comment for expressvpn. but i have setup multiple other providers, each one is a tad bit different, but i can get them to work on my pfsense box. with multiple tunnels..

    if you can post a few verb 3 or 4 logs. and post your configuration we should be able to help troubleshoot. screen shots are even better!



  • I am using ExpressVPN and it is fine.

    The only problem i currently have is, i can't have two ExpressVPNs in a fallback config.
    This has stopped working since 2.4.4, but worked on the previous 2.3.x

    I have a bug about it here, but there is config info in there you can use.
    https://forum.netgate.com/topic/144865/still-struggling-with-2nd-vpn-fallback-strange-routing-effect



  • i use the remote host command to reconnect on failure. i know that may not be exactly what you are after :

    https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/



  • @bcruze so you are suggesting to use
    –remote host server1
    –remote host server2
    –remote host server3

    as opposed to
    Routing, gateway group
    –server1 Tier 1
    –server2 Tier 2
    –server3 Tier 3

    My only concern with this idea is; how to ensure preference
    i.e. server are different cities with different latency, so with Tier structure
    Sydney - Tier 1
    New York - Tier 2
    London - Tier 3

    ExpressVPN drops the connect at least once a day, and sometimes the latency can get quite bad.
    In 2.3.x I tried using Tier based on latency but found i had problems with video streaming interruptions.

    I went with Member Down which solved that problem, but from memory it didn't switch back to Tier 1 as soon as Tier 1 was back online. i.e. it stayed on Tier 2 until it reset the connection, then switched back to Tier 1

    If there was a way to prioritize the remote hosts, then this might work. Although would be better if 2.4.4 actually work they way it did in 2.3.x which functioned as intended



  • i assume it connects in the order you put it in the config files.
    as long as remote - random isn't in the config file (not fully positive)

    i am NOT an expert in these matters. this is just going on what i have read online. and use myself. i don't use express, the providers i use drop maybe once a few months



  • @bcruze thanks for reference.


Log in to reply