Setting up ExpressVPN using OpenVPN
-
@stephenw10
That worked thank you very much!One last question I have a connection to New Jersey. How will I be able to make connections to other locations like Canada, Japan, Mexico and other locations? Will I need to do all the steps again or can I just copy the NJ settings and change the VPN codes?
I'm just wondering if I have to do the same thing for all the other locations that I would like to switch to when I need to?
-
You can setup multiple tunnels and enable/disable policy routing rules as required. However it's common to find a VPN provide ruses the same tunnel subnet for all servers which then creates a routing conflict in pfSense. If ExpressVPN does that you would need to enable only one VPN client at a time.
-
Yeah this is what kind of confusing right now.
Before I asked for help I had an Albuquerque that I disabled. But if you notice in the very beginning it was some what working the same as the New Jersey connection. Now that the New Jersey Connection is working I can't seem to get the status for the Albuquerque VPN to start back working. I think I disabled something somewhere and I don't know how to reenable it. I don't want to poke around and lose my New Jersey connection in the process.
-
Well there it's not connecting. Check the OpenVPN logs to see what error is shown.
You don't need to redact those private IP addresses (192.168.x.x, 10.x.x.x) they are not publicly routable. That 45.x.x.x address is ExpressVPNs server address which is public anyway. The only thing you might redact is your own public IP.
-
Sorry let's put Albuquerque aside. I went and made a new connection to Tokyo...
And it's says it's connected the same as New Jersery in the OpenVPN status, But...
It's doing the same thing again. Not translating. I looked at all the setting between the New Jersey and the Tokyo Connection I everything looks the same.
Under the Firewall/Rules/LAN
I opened 2 browser tabs and I copied the New Jersey connection on to the Tokyo connection making sure all the settings are the same except the different interfaces.
I did the same in the Mappings also. I cloned NJ and change any setting that needed to be changed to Tokyo.
But for some reason when I disable the New Jersey connection and enable the Tokyo Connection in Firewall Rules LAN. It say I'm not using a VPN on the check my IP websites.
I'm literally checking all settings and comparing it to the NJ VPN but I can't seem to figure out why it's not connecting to the Tokyo VPN?
-
I figured out why Tokyo wasn't working...
It seems if you disable the firewall rule and the rule that was working which was NJ is at the top, any rule you enable that's below it will not work unless you drag it above the NJ rule.
So now I'm connected to Tokyo. I'm going to try making another connection to see if I can make it work again.
-
Hmm, well that's not how it should work. The firewall rule are processed in order until a match is found so if you disable a rule it should just move the next rule and process that. You shouldn't have to change the order.
What might apply is that existing states will remain open after a rule is disabled.
And it would still be an issue if both VPN clients are using the same tunnel subnet?
-
Well I made a few other location connections since. But I still had to move the new location above the last one that was connected for it to show up connected to that location. But I also notice in the OpenVPN status there's like a restart button that seems to startup the current connection that I have enabled in the firewall rule. So I think that's how I connect to a new connection when I change to a different VPN server in Firewall rules.
Hmm... As of writing this one of the connections I created now says "Reconnecting (Could Not Determine Ipv4/ipv6 Protocol)" all of a sudden like the Albuquerque connection?
RESOLVE: Cannot resolve host address
It's one of the Canada connections. I just notice in the expressVPN app that, that location isn't listed in there anymore?? Does that mean I'll have to keep track of my server locations because they take down servers? Is that what happening?
I'm going to replace that Canada connection with something else.
Everytime I go back into pfsense I see things I have to ask questions about. DNS servers? Should I put in common public dns servers in my Pfsense settings? or should I leave that blank? I was speaking to expressVPN and they were telling me they don't have any DSN addresses for me to use on the pfsense.
"Unfortunately, we do not have any public DNS servers available. Our firmware has a built SmartDNS that can only be used once connected to the server location through ExpressVPN APP or Firmware."
Should I still keep 1.1.1.1 in my DNS server settings? Would that be considered a DNS leak if I use it?
-
Well you can add the servers by FQDN instead of IP directly. Then they should update if ExpressVPN change the server addresses. That won't help if they remove the FQDN of course.
For that to work you need the firewall itself to have at least one DNS server that is reachable directly before the VPN is up.
-
@stephenw10 said in Setting up ExpressVPN using OpenVPN:
FQDN
But they didn't give me any DNS information at all. They just kept telling me to use the app or buy their expensive $190 Alcove Router.
The reason why I'm building this router is because my old router that I was using ExpressVPN on was only getting like 28Mb/s download through the router.
But when I used the app on my PC I would get near full speed of my internet connection. They told me it's because my old router is to weak to run a VPN that's why it's so slow.
But now this PFSense is running well into the hundreds. I have a 500Mb/s download and I'm getting like 400Mb/s. The machine it's running on cost me $55.
Anyway I've done some more test it seems that my DSN is showing up where I place my VPN location. So I think it's working as is.
I think my problems has been resolved. Thank you for all your help.
Now I'm going to watch some youtube to learn more about this program.