How to create an OpenVPN client to StrongVPN
-
Hi everyone,
I followed part of this tutorial to set-up a working VPN connection to vpntunnel.com. It works like a charm, and i'm able to redirect certain LAN ip through the VPN, while all others goes to the normal route.
As all the traffic reaching the VPN ip is redirected to the box, i tried to build some firewall rules to block traffic coming from the VPN and going to certain port (like the ssh port and the http port). I added 2 rules in the appropriate firewall rules tab (the tab dedicated to the VPN connection) to drop any tcp packet hitting port 22 or port 80. But this had no effect, even after a reboot.
Am i doing this right ? Has someone already tried this ?
(I'm using version 2.1-BETA0 (i386)built on Tue Dec 4 21:53:03 EST 2012)
-
Ok, the solution to my problem lies within the 'floating' rules. It's where the block rules are to be set. Now it works perfectly.
-
Hi everyone,
I followed part of this tutorial to set-up a working VPN connection to vpntunnel.com. It works like a charm, and i'm able to redirect certain LAN ip through the VPN, while all others goes to the normal route.
(I'm using version 2.1-BETA0 (i386)built on Tue Dec 4 21:53:03 EST 2012)
How do you manage to redirect certain LAN IPs through the VPN and others through the normal WAN?
-
For version 2.1:
In Firewall->Rules->LAN you simply add a rule where source is your LAN IP, DESTINATION is * and in advance features, you set the Gateway to the VPN.
Be careful to look what is the default gateway, as it might have become the VPN.
Be also careful that the rules work as 'first match applies', so as long as a rule doesn't match, it'll look at the next one down.
Also, if the VPN is down, packet might be routed through the default gateway (and you might not want that), be sure to set up rules correctlyI hope it helps.
-
;D ;D ;D ;D Working… thanks guys
-
After reading/experimenting with OpenVPN + AirVPN my doubt is: is my internal LAN exposed to Internet if i change the "Firewall Rules" according to the first (original) post?
For VPN to work, I thought it was sufficient to set manual NAT rules. Touching firewall rules seems overkill to me.
-
panz;
the firewall rule is required as it route OUTGOING traffic through your newly established gateway.
it is an OUTGOING rule only.remember; every interface on pfSense's default rule is to block everything, unless otherwise specified, which in this case allows outgoing traffic, AND forces it through the VPN.
-
This seems quite strange to me, because my setup is perfectly working without setting that firewall rule; LAN clients browse the Internet just enabling manual NAT. Am I doing something wrong? ???
-
so if i understand this right.. there is no way to get strongvpn to work anymore?
or is there Another guide to follow?
-
so if i understand this right.. there is no way to get strongvpn to work anymore?
or is there Another guide to follow?
tjabas,
what isnt working anymore for you ?
-
i havent even tried yet to istall it, i have made the purchase and all but i read that strong vpn changed someting so the guide in this thread dont work anymore.
or am i wrong?
-
is there anyone else that hasnt got the preconfigured file to work?
i thought that if i only buy the file and istall the keys, it all would work, but i was wrong. -
is there anyone else that hasnt got the preconfigured file to work?
i thought that if i only buy the file and istall the keys, it all would work, but i was wrong.what isnt working for you tjabas ? if you dont give us details on the problem we cant help you
-
the main issue is that i loose the wan Connection after i have installed the purchased backup file, the wan is still assigned to the same nic, and the router is acting really really slow, the webserver is almost useless, but what i have seen so isnt there any Changes to the wan and nic, there the same as Before but i dont get any ip from mi isp.
any suggestions?
-
Hi,
After a few misconfigurations, i have finally got a client to strongvpn working but for the whole lan subnet and not for the specific ip address that i want to route.
I have tried setting a rule in the firewall>rules>lan section but it still seems to route everything to through the vpn.
It seems that just having the manual outward NAT settings for the lan is enough to make everything route via vpn with no firewll rules
Does anybody have any pointers where to check where i may be going wrong. I am using 2.1rc2
Thanks
Richard
-
as per ericab reply 21,
if i have everything going through the vpn now and only want to route devices with specific ip addresses through the vpn, do i just follow the new firewall rule and save it? that's it?
do i have to change any existing rules or move this new rule to the top?thanks
-
i tried ericab's way and it didn't work.
my pc was still running through the vpn.
i only want specific ip addresses to use the vpn.
i must be missing something . . . .??? -
BUMP !!!
somebody please offer some help here !
if i followed the setup and it works, meaning all traffic is going through the vpn, then how is ericab's solution (reply 21) supposed to work?
yu13096 wanted "only 1 specific internal IP with all the other IPs going through the default gateway."
yet ericab's solution is that all traffic goes through the vpn and then you force one address i.e. netflix to go through the same vpn???
shouldn't it be that all traffic goes through the default gateway and only the netflix address goes through the vpn?clearly i'm missing something here and i would appreciate some help in setting it so that all traffic goes through the default gateway and individual addresses use the vpn . . . or all traffic goes through the vpn and individual addresses use the default. doesn't matter which one.
thank you.
-
Hi,
I don't know if it could help, but after many time to try to get this functional, it is now OK.
I followed all this howto, except I changed "BF-CBC" to "AES-128-CBC" !
I'm on 2.1 and all is working, gateway is fine and my IP is US (instead of Switzerland)
-
Thanks so much for this guide.
The VPN provider I'm using has instructions for running on pFsense, but this guide is much better.
Their instructions got the VPN running, but no traffic was passing. This guide showed me the firewall rules I needed to get things really working.Also, pfSense running on an old HP7900 SFF pc is easily handling my 50/25 Mb/s connection. I gotta thank the hardware forum for that recommendation.