SG-1100 - ExpressVPN Config



  • Need some help in setting up ExpressVPN on new SG-1100. I followed the instructions from ExpressVPN but no luck. Please help, newbie here.


  • Netgate Administrator

    What instructions did you follow?

    What works? What doesn't?

    Does it connect? Are you able to ping across it from the firewall?

    More info the better. ☺

    Steve



  • Thanks for the response! ExpressVPN has a tutorial to set up OpenVPN via pfSense, which was the instructions I followed.

    So I'm a newbie and will try and articulate best I can. In the instructions it says to go to Status/OpenVPN and if tunnel is online then it will state "up" under the Status column. I see that and it appears that the tunnel is online.

    Then it provides some instructions on how to route WAN traffic through tunnel:

    1. Create an Interface - I noticed that under General Configuration the instructions state to put IPv4 Configuration Type: DHCP and IPv6 configuration Type: None but pfSense says under IPv4/IPv6 Configuration "This interface type does not support manual address configuration on this page". Not sure if this an issue or not.

    2. Then instructions state to go to Firewall>NAT and set Manual Outbound NAT rule generation and copy the 4 WAN rules and change WAN to ExpressVPN under Interface section.

    3. Then it says to create a firewall rule for LAN to Pass, Interface LAN, IPv4, Protocol Any with Source being Local Subnets (created under Alias using local IP addresses) to destination any and under Advanced to change Gateway to ExpressVPN DHCP.

    That's the end of the instruction set. It says that I should see traffic flowing through new rule. However, when I check my IP it still shows Comcast. On the dashboard for the Traffic Graphs I see traffic still going through LAN versus ExpressVPN. Also on the Dashboard for Gateways, it shows WAN_DHCP status as Online but ExpressVPN as Offline.

    Not sure what other info is helpful. As to the question on if I'm able to ping across from firewall, I'm not sure what that means or how to accomplish that.

    Thanks for the help!



  • @twobben15 said in SG-1100 - ExpressVPN Config:

    it shows WAN_DHCP status as Online but ExpressVPN as Offline.

    At that stage, you should not being doing the steps 1/2/3 you mentiooned above.
    First : the VPN client should connect to VPNE*press.
    Only then you should proceed.

    Note : trying to route traffic through a 'VPN' that doesn't connect is like starting a car with no fuel. The result is known upfront ^^

    Btw : I have an E*pressVPN account.
    I used the same instructions from their site.

    Mine does connect :

    16c7ab2d-ebc2-4e36-a92a-5ed3a4d2c19b-image.png

    ( but I'm not sending 'all' pfSense traffic through this E*press VPN connection. I'm using the VPN for other - more like testing - purposes ).

    @twobben15 said in SG-1100 - ExpressVPN Config:

    I'm able to ping across from firewall, I'm not sure what that means or how to accomplish that.

    Use one of the most important features of pfSense/Firewall : use console or SSH access.


  • Netgate Administrator

    To test basic connectivity go to Diagnostics > Ping and try to ping, say, google.com while selecting the tunnel interface as the source address.

    Steve



  • Cool .... forgot about that one :

    f01f0b70-1c64-4d55-b71b-81bd08b52937-image.png


Log in to reply