How to create an OpenVPN client to StrongVPN

ericab

StrongVPN HowTo.
– For pfSense version 2.0 (beta & RC)

Once you have completed this tutorial, you will have a pfSense box that automatically connects to StrongVPN, and routes all traffic from your LAN,
through the vpn gateway.

---

–-Section 1---

Step 1:

download the StrongVPN greeting file.

once extracted you are presented with these files:

Step 2:

from the pfSense interface, navigate to the dropdown menus:  System –-> Cert Manager

Step 3:

click the plus button as seen here:
to create a new certificate authority

Step 4:

enter a descriptive name for the new CA,
and ensure that "Import an existing certificate authority" is selected

Step 5:

go to the directory containing the files as seen in the first screenshot in this tutorial
open the file called "ca.crt" in notepad, and copy and paste the EXACT contents of it into the first box.
click SAVE. (the second box will remain empty, don't worry)

Step 6:

click on the "Certificates" tab:

click on the plus button:

Step 7:

ensure that "Import an existing certificate" is selected, and enter a descriptive name
go to the directory containing the files as seen in the first screenshot in this tutorial and open the file called "ovpn059.crt"
NOTE: depending on the server you have selected upon purchase, your client cert may have a number other then '059', so do not fret.
open in notepad, and copy and paste the contents of it into the first box.
open "ovpn059.key" (again, note that the number '059' will probably be different) and copy/paste the contents into the second box ('Private key data')

Step 8:

navigate to the system dropdown menus: VPN –-> OpenVPN

click the Client tab:

Step 9:

for this step; please just duplicate what you see in this screenshot, on your box.

-Note: In the "Cryptographic Settings" section, copy and paste the contents of the "ta.key" file into "TLS Authentication"
see here:

-Note 2: for ease, here are the "advanced configuration" options you can copy and paste: (remember to keep the trailing ; in place.) –->

verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;

now, Click Save

Step 10:

navigate to the system dropdown menus Status –-> System Logs, and click on the OpenVPN tab.
if the last thing you see in this log is "Initialization Sequence Completed" you are connected to StrongVPN; but, you are not done yet, as none of your traffic is traversing this line.

move on to section 2

–-Section 2---

Step 1:

navigate to the system dropdown menus Interfaces –--> (assign)

click the plus button:

-Note in the previous screenshot you will notice a StrongVPN interface. you will NOT have that on your box yet, so dont worry.

Step 2:

after clicking on the plus button pfSense will tell you it has successfully added a new interface. the network port name will most likley be named

"ovpnc1". ensure that the new interface is selected as "ovpnc1" (it could be ovpnc2, ovpnc3, etc… depends if you have other ovpn interfaces or not)

Step 3:

navigate to the system dropdown menus Interfaces –-> OPT1 (or whatever your new interface from the previous step is)
Enable the interface.
Enter a Description --> "StrongVPN"
"Type" ---> none
leave everything else alone
click Save.

Step 4:

navigate to the system dropdown menus System –-> Routing

click the plus button:

ensure the Interface selected is the new one we have just assigned to the vpn client; should be "OPT1"
Enter the gateway name.
for "Gateway", enter "dynamic"
do NOT click "Default gateway"
for monitor IP, enter 208.67.222.222 (or whater will respond to ICMP)(208.67.222.222 is openDNS fyi)
leave "Advanced" alone
enter a description for "Description"
click save

Step 5:

navigate to the system dropdown menus Firewall –-> Rules
click on the LAN tab.

Step 6:

create a new rule that looks like this:

Action: PASS
–
Interface: LAN
Protocol: ANY
Source: LAN Subnet
Destination: ANY
–
Description: LAN to Internet force through VPN

IMPORTANT: scroll down to "Gateway" under the "Advanced features" of the rule.
Set gateway to your VPN interface.

it should look something like this:

click save.

the rule should look like this:

at this point, i would give the box a reboot (possibly an unnecessary step)
if this isnt an option, disable the VPN client, wait a minute and then go ahead and re-enable it.

CHECK OpenVPN syslog for errors !

navigate to "http://www.whatismyip.com/" and your public pacing IP will be one of strongvpn's IP's.

you're done !

edit - November 23 2010
– removed persist-tun, from additional configuration options

edit - March 9 2011
-- from now on, in order for traffic to be routed through the vpn gateway; from the pfSense interface, navigate to the dropdown menus: FIREWALL –> NAT --> OUTBOUND --| enable "Manual Outbound NAT rule generation" and select save.

_igor_

Really great tutorial! Thanks much

0tt0

I will add policy routing in mine and it will be 1.2.3-RELEASE

lordalfa

Good tutorial.

Have anyone tried OpenVPN over dual WAN links. The setup here is specific on which interface is being used.

eri--

I would not advice adding persist-tun in 2.0

ericab

ermal, thanks for the heads up;
i have edited the how-to to reflect your advice

zoltran

Hello

Does any have StrongVPN working in pf 1.2.3 ?
Or can point me to a primer?
Thanks

Hidden

After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.

Hidden

after a factory reset (i screwed some thing up in squid) it works great.

Now i need some thing to route traffic over the vpn on url base.

i found this interesting setup:
http://webcache.googleusercontent.com/search?q=cache:EuMlcG_zcmIJ:www.shawnmolnar.com/blog/tag/hulu+hulu+netflix+script+vpn&cd=2&hl=nl&ct=clnk&gl=nl
( from google cache because the realsite is offline atm)

yu130960

@Hidden:

After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.

+1

yu130960

@Hidden:

after a factory reset (i screwed some thing up in squid) it works great.

Now i need some thing to route traffic over the vpn on url base.

i found this interesting setup:
http://webcache.googleusercontent.com/search?q=cache:EuMlcG_zcmIJ:www.shawnmolnar.com/blog/tag/hulu+hulu+netflix+script+vpn&cd=2&hl=nl&ct=clnk&gl=nl
( from google cache because the realsite is offline atm)

Would this work on pfsense?  Has anyone tried it?

0tt0

@Hidden:

After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.

I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

I haven't taken the time to finish my guide yet though.

yu130960

@0tt0:

@Hidden:

After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.

I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

I haven't taken the time to finish my guide yet though.

This would be the guide that I would be looking forward to.  I will try to figure out the tunnel as a virtual wan interface, but would love to see a guide on how to set this up.  I couldn't figure it out and just got my refund from StrongVPN within their 7 days.  I will sign back up if I can get this setup to work.

Thanks for the post.

jeffnoone

I am a complete newbie on FreeBSD and pfSense, but managing to get pfSense installed and then STrongVPN going using the various site tutorials. Suddenly pfSense has become very valuable to me for high-speed VPN connection. So thanks to ERicab and all here
Does this thread need to be updated given this post:
http://forum.pfsense.org/index.php/topic,32640.0.html

I made similar observations as ericab, as in that post
Enabling AON  uunder Firewall, NAT, outbound seems to be what was suggested in the thread linked, and seemed to work for me

Should this instruction be added to tutorial to get people up and running with most recent versions? - I dont know enough to know reliably one way or the other

Again thanks
Jeff

yu130960

@0tt0:

@Hidden:

After section 1 all traffic is routerd true the VPN.

anyone got policy routing working ?
I would like to route netflix over vpn.

I believe I have commented on this several times. I use policy routing with an OpenVPN cert tunnel with StrongVPN (to make only some clients use the tunnel or by other filtering means, which can be adjusted at any time), using tunnel as "virtual WAN interface" and the tunnel has been up close to 9 months now, I believe.

I haven't taken the time to finish my guide yet though.

I know the guide is not ready yet, but can someone point me to another guide that would help me set up PFsense 2.0 with Strongvpn with the option of routing only some clients through the VPN while allowing others to go through the default gateway.

Thanks

smirta

Better performance & policy routing

Performance
I am using pfsense 2.0 RC1. In my case the settings below in the "Advanced Configuration" field of the OpenVPN connection tab are resulting in a more stable connection:

verb 4; mute 5;tun-mtu 1500;route-method exe;route-delay 2;explicit-exit-notify 2;fragment 1300;mssfix 1450;

With these I can stream a lot more stable.

On the other hand I was interested in tunneling some clients to some ip addresses. It was quite an operation. I followed the guide above (thanks a lot to the author!) except the "all traffic through VPN" part.

Then I added a firewall rule to the LAN interface for a specific IP address to be routed through the OpenVPN . I figured out that after some time everything went through the WAN or through the VPN gateway (can't remember exactly which one). Additionally there was NAT didn't work as expected.

Fix NAT
I turned NAT off and added it manually. Firewall -> NAT -> Outbound : Add two entries there.

Interface:    WAN
Source:       CIDR of your LAN (e.g. 192.168.1.0/24)
Description:  LAN -> WAN (or anything you want)

Interface:    VPN
Source:       CIDR of your LAN (e.g. 192.168.1.0/24)
Description:  LAN -> OpenVPN (or anything you want)

Fix rules/gateways
After this NAT was working again. But there was still the problem with the routing of all traffic through either or the other interface. Somehow it was ignoring my rule. After some gambling around with the setting I was pretty surprised that "default" as gateway doesn't seem to work as expected. So I added to all rules a specific gateway. Now everything is working as expected. phew

My "Default allow LAN to any rule " looks now like this:

 * LAN net * * * WAN

For example if you want to route the client 192.168.1.5 through VPN you have to add the following line above the default rule:

 * 192.168.1.5 * * * VPN

I hope this helps and is no complete bullshit. I'm an absolute newbie to pfsense.

ericab

hi smirta;

these additional options are specific to windows only.
i would suggest removing them.

route-method exe
mssfix 1450

smirta

thanks for the input (and the great tutorial btw), eric. I'll have a closer look at the options

cmb

@smirta:

I hope this helps and is no complete bullshit. I'm an absolute newbie to pfsense.

That's ok for your typical home setup, but what you're actually doing there is overriding the fact that StrongVPN is pushing you a default route and modifying your firewall's routing table so it sends everything over the VPN (unless you override it with policy routing as you're doing). That will cause a number of issues with more advanced setups, as it's going to default to sending traffic initiated from the firewall out of the VPN which is usually going to be undesirable.

smirta

Thanks for your reply. As I updated to the latest snapshot everything became obsolete. You just have to follow the initial guide, disable the "automatic outbound NAT" (it will fill in the rules done so far) and modify the rules described as in my post above.

yu130960

@smirta:

Thanks for your reply. As I updated to the latest snapshot everything became obsolete. You just have to follow the initial guide, disable the "automatic outbound NAT" (it will fill in the rules done so far) and modify the rules described as in my post above.

I have come back after some time away, but this remains an issue for me.  Glad to hear that you have had some success, just wanted to get clarification on your current set up under the latest snapshot.  Which of the above posts should I look to to establish a strongvpn connection for only 1 specific internal IP with all the other IPs going through the default gateway.

Thanks

ericab

hi yu130960;

A) go to Firewall –> Rules

B) select the LAN tab.

C) add a new rule with the following:

D) click save and your done

***Edit
ive fixed an error.

yu130960

Thanks post #1 and #15 solved my issue and I am up and running.

I had to make the Rule to put the the target IP in the source box not the destination and then it worked.

It took a while, but it is great to see it work.

Thanks to all in the thread.

Arisian

Hey guys,

I hate to drag this post out of the depths - it's better than starting a new thread when this is exactly the topic I need help w/, but I'm dying here.  I've been using pfsense boxes for about 4 years but that, by no means, should be read to suggest that I know what I'm doing.  I know very little, unfortunately and what I do know is probably wrong.

I've followed this exact tutorial before w/ success, but I think some things have changed in recent releases causing me to…basically, have to make changes to things I don't really understand.  I am using 2.0-RC2 (i386) - Built on May 18th.

Here's the basic situation.  I live in China and have 5 VPN accounts for business purposes as well as getting anything done here.  3 Are specifically for work in different locations and 2 are for play and backup.  One of those is an OpenVPN account w/ StrongVPN.

My home network looks like the following:

A pfsense box built around 5 nics, each separting an area in my home

_**- 1 WAN Nic

• 1 LAN Nic (my office computer)
• 1 Wifi Nic, dedicated to a wireless router - DD-WRT
• 1 Media - goes to my tv an entertainment system
• 1 VOIP - use a voip phone/adapter for business.  DMZ'd basically…**_

I know that seems like overkill, but I really like to dedicate the NICs to each work area/task and I can really see the separation when it comes to data usage - plus I like to keep track of what the Chinese government is doing to my network.

My Media section of the house is really where Im dying.  I have an Xbox, AppleTV, Computer, Wii all attached to a Hub that all goes into the media nic.  Needless to say, to really be able to use these gaming and entertainment boxes, I really need these all to be connected to a VPN.  Thus this tutorial.  I'd like to keep the other segments off the VPN because I have PPTP accounts that I use for my 3 home computers that are much faster.

So here's where I'm having issues.  I follow this tutorial to a T, get the VPN to connect, set up the firewall rule to pass the VPN data to the WAN data, just like is mentioned in the tutorial… and nothing!  I set the VPN up as a DHCP interface like the review asks for but I still get NOTHING across the board.  At the point I'm not even connected to the WAN.  I don't have any firewall rules infront of the VPN gateway rule.  I'm at a complete loss here after trying to fix this for the last 6 hours.

I fear it has a lot to do w/ the NAT settings

I've attached screenshots to my setup.  Just as an FYI, Im testing it out on the WIFI nic here, I've done the exact same setup on the LAN nic.  Also, under NAT, AON (Manual Outbound NAT rule generation) is on.

Guys, I'd really appreciate some help with this  :).  Any thoughts on what I'm doing wrong?

If I need to clarify anything, please let me know.  I tried to stuff what I could into this post, but its 1am here and Im sure I missed something

Also, I can get the VPN to connect but I have to use BF-CBC(128-bit) encryption to make it work - id prefer no encryption since this really is just for a media center to get the US IP address so I can download games, watch netflix, etc.  Does anyone know how to do this… or could point me in the correct direction?

Very much appreciate your help!!!
http://www.brianhirschy.com/vpn/1.png
http://www.brianhirschy.com/vpn/2.png
http://www.brianhirschy.com/vpn/3.png
http://www.brianhirschy.com/vpn/4.png

ericab

hi Arisian;

first, i see you mentioned your using a HUB on your MEDIA nic… if your really using a HUB, you should seriously consider updating to a switch, but...
as for your vpn issue, can you go back to my tutorial and see the "edit - March 9 2011"  note at the bottom? i believe that will fix you right up; if not please report back and i or someone else will gladly assist you. (also check and make sure the strong vpn device is using TUN mode)

Arisian

@ericab:

hi Arisian;

first, i see you mentioned your using a HUB on your MEDIA nic… if your really using a HUB, you should seriously consider updating to a switch, but...
as for your vpn issue, can you go back to my tutorial and see the "edit - March 9 2011"  note at the bottom? i believe that will fix you right up; if not please report back and i or someone else will gladly assist you. (also check and make sure the strong vpn device is using TUN mode)

Hi Ericab,

Thanks so much for your response.  A few comments:

First, It is a switch - sorry, wasn't accurate on that
Second - I got it to forward over the VPN w/ your suggestions!  Thanks so much.  Not sure why it worked THIS time and not the other times, but it's working great.  Now to setup my DNS forwarding and so on

All other settings are just like you posted

One last question:
The configuration you have listed here is for using some simple encryption and security on the openVPN setup.  Is there a way to make this work w/ using very little encryption or NO encryption so that I can just get the US ip address.  Not worry about security w/ my entertainment system.  Any thoughts you have on that would be much appreciated.

Again, thanks for your reply!  Very eager to get this working
Brian

ericab

Brian;
during the negotiation process you and the server decide what methods are acceptable.
since the whole point of using StrongVPN (openvpn) is to encrypt your traffic over an insecure public internet, your going to be stuck with an encrypted payload.

what would be the reason you'd want to use "very little encryption" ?
there are of course proven weak algorithms, but its still encrypted and protected from a casual viewing from a packet dump if this is what youd want to accomplish (monitoring employees/family members).
are you worried about CPU usage of the encryption process or…? maybe your on a high bandwidth link and your PC cant cope with the load ?
in either of those cases your solution is a hardware upgrade.

Arisian

Totally understand w/ the encryption point.  StrongVPN's service does include a port 443/8080 non compressed, non encrypted option which should be the fastest.  Of course, they are using a TCP option, which might not be as fast.  The only point for me is to skirt around the geoip issues that come w/ using services like Xbox Live, Hulu & Netflix, which is the main point of my entertainment center.

The rest of the house is on a highly encrypted line that I use for work.  These superfluous (xbox, etc) items simply need to be the fastest they possible can.  Unfortunately Im on a really crappy chinese connection that maxes out at 600 kb/sec and generally runs in the 400-500kb / sec range, which, despite how it may sound, is extremely fast for where I live (Think middle of nowheresville China).

I'm running my pfsense on a 2.4ghz intel box.

2CaP

This guide is great. Easy to follow. everything you want in a guide.

However I cant get the connection to establish properly. I have this config in place on a 2.0 RC2 box.

I have worked with IPSec in the past but, an relatively new to open VPN.

MY reason to implement this is to circumvent geo tagging / the anonymity they provide. I have tested Private Internet Access (User/Pass Auth) access via my PC's & it works great at that level. I haven't tried to implement it on the 2.0 RC2 box.

I decided to go with Strong VPN on the 2.0 RC2 box due to the great detail in the guide & the great feedback it has recieved.

BTW - This is a fresh install with no additional packages, firewall rules or other vpns running.

Here is my log…

Jun 14 08:13:55 openvpn[42636]: Restart pause, 2 second(s)
Jun 14 08:13:57 openvpn[42636]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jun 14 08:13:57 openvpn[42636]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jun 14 08:13:57 openvpn[42636]: Re-using SSL/TLS context
Jun 14 08:13:57 openvpn[42636]: Control Channel MTU parms [ L:1545 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jun 14 08:13:57 openvpn[42636]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Jun 14 08:13:57 openvpn[42636]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:4 ET:0 EL:0 ]
Jun 14 08:13:57 openvpn[42636]: Fragmentation MTU parms [ L:1545 D:1300 EF:45 EB:4 ET:0 EL:0 ]
Jun 14 08:13:57 openvpn[42636]: Local Options String: 'V4,dev-type tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Jun 14 08:13:57 openvpn[42636]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Jun 14 08:13:57 openvpn[42636]: Local Options hash (VER=V4): '885414e3'
Jun 14 08:13:57 openvpn[42636]: Expected Remote Options hash (VER=V4): '8bcc3b84'
Jun 14 08:13:57 openvpn[42636]: UDPv4 link local (bound): [AF_INET]myip:50211
Jun 14 08:13:57 openvpn[42636]: UDPv4 link remote: [AF_INET]strongvpnip:4672
Jun 14 08:14:57 openvpn[42636]: [UNDEF] Inactivity timeout (–ping-restart), restarting
Jun 14 08:14:57 openvpn[42636]: TCP/UDP: Closing socke

Thanks in advance for your Replies…

2CaP

ericab

hi 2CaP;

2 things:

what is the build date of your 2.0 RC2

also, will you paste your "Advanced Configuration" options here ? (the very bottom of the OpenVPN Client page).

2CaP

;D

Update on my previous post–--

I couldnt get that build of pfsense to work as expected. Checked everything I could think of DNS, NAT etc nothing would work.

I rebuild the box on to the latest stable release & got everything to work great for about 24hours (until appox 4:30 EST) when the speeds dropped from 5-6 Mbps to 100 - 200 kbits on the server that I was on. I tested my connection via my default gateway & all was fine 5-6Mbps.

On the suggestion of the StrongVPN folks I swapped servers - no change. they then suggested it was the firewall of my ISP throttling the speeds. I use a VPN connection everyday & haven't experience any kind of speed throttling to that extent.

I decided that I would try to rebuild the pfsense box to the most current snap shot using the guide provided to the letter. I changed the server as well in an effort to start completely from scratch. I have successfully as of a few minutes ago confirmed that everything is working.

The wierdness has started again however. The speed has dropped to about 400 kbits as of approx 4:30pm while streaming from hulu & to add to it when I try to login to netfl*x It says that it isnt available in my country. I am logging in via the US.

I have saved my configs & will continue to work on it but, any suggestions are welcome.

Thanks Again for the guide...

2CaP

I have tried disabling the OpnVPN connection via & going with a Local connection OpnVPN on my PC with the same speed results.

Should I try other UDP port i.e: 1194 etc? or switch to a TCP config as StrongVPN suggests.

2CaP

Just another update…. I have done some research and found that the ISP is throttling speeds for vpn connections that are outside the ports 1701-1723.

I changed my port to within that range & the speed came right back.

Now I have to figure out this issue with Netflix...

2CaP

;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D

Issue Solved!

I swapped from US Based Server to one another US Based server & that has fixed the Netflix Issue.

thanks again for the guide!

yu130960

I have had netflix operating through StrongVPN for a few months.  Netflix works great on my laptops, however through my WDTV Live Plus I often get the messages that "movie not available at this time please try a different one or try again later"

Sometimes it will start playing if I try 3 times, sometimes it never does.  Some movies play on the first try.

It is quite frustrating and was just wondering if there is a setting in pfsense that would help with this sensitivity on this particular embedded device.  I think I recall reading somewhere about a setting for HTTP resume, but have no idea.

Any similar experience would be appreciated

Edit:  I never did get a solution to this until I switch providers from Rogers to Teksavvy (a third party ISP that leases Rogers lines) and now Netflix works perfectly.  Go figure, I wondering what they are doing to make it difficult for the embedded device.  In any event, it works perfect now and I haven't changed anything else.

singerie

I have an issue with this how to. i'm not sure if it's a bug in pfsense…

i get this error when i try to enable the strongvpn interface :

The following input errors were detected:

The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.

I have nothing configured in the dhcp server for this interface....

Any idea ?

cmb

@singerie:

I have an issue with this how to. i'm not sure if it's a bug in pfsense…

i get this error when i try to enable the strongvpn interface :

The following input errors were detected:

The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.

I have nothing configured in the dhcp server for this interface....

You did at one point and probably deleted the interface without disabling that is my suspicion. Backup your config, manually edit it out, and restore.

singerie

@cmb:

You did at one point and probably deleted the interface without disabling that is my suspicion. Backup your config, manually edit it out, and restore.

Glad i didn't factory default ! that was the case. I deleted the entry for this interface, now everything is working.

Should i fill a bug ?

DWAyotte

Does this configuration guard against DNS leaking?

Bergling

Hope someone can help me with my issue.

I'm trying to make one of my clients (Logitech Revue) to use a StrongVPN connection, but seem to fail. I have used the guide to configure the VPN connection successfully, but I'm guessing I fail somewhere in setting up the routing.

I have created a firewall rule for the client, that under advanced settings uses the VPN gateway defined as per the guide. Still, if I check with a site like whatsmyip.org, I still have my regular IP showing.

I have setup AON according to a post in this thread, but it doesn't seem to help.

Do I have to use virtual IP's or is there something else I can check on? Any help is appreciated.