How to create an OpenVPN client to StrongVPN
-
Just another update…. I have done some research and found that the ISP is throttling speeds for vpn connections that are outside the ports 1701-1723.
I changed my port to within that range & the speed came right back.
Now I have to figure out this issue with Netflix...
-
;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D
Issue Solved!
I swapped from US Based Server to one another US Based server & that has fixed the Netflix Issue.
thanks again for the guide!
-
I have had netflix operating through StrongVPN for a few months. Netflix works great on my laptops, however through my WDTV Live Plus I often get the messages that "movie not available at this time please try a different one or try again later"
Sometimes it will start playing if I try 3 times, sometimes it never does. Some movies play on the first try.
It is quite frustrating and was just wondering if there is a setting in pfsense that would help with this sensitivity on this particular embedded device. I think I recall reading somewhere about a setting for HTTP resume, but have no idea.
Any similar experience would be appreciated
Edit: I never did get a solution to this until I switch providers from Rogers to Teksavvy (a third party ISP that leases Rogers lines) and now Netflix works perfectly. Go figure, I wondering what they are doing to make it difficult for the embedded device. In any event, it works perfect now and I haven't changed anything else.
-
I have an issue with this how to. i'm not sure if it's a bug in pfsense…
i get this error when i try to enable the strongvpn interface :
The following input errors were detected:
The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.
I have nothing configured in the dhcp server for this interface....
Any idea ?
-
I have an issue with this how to. i'm not sure if it's a bug in pfsense…
i get this error when i try to enable the strongvpn interface :
The following input errors were detected:
The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.
I have nothing configured in the dhcp server for this interface....
You did at one point and probably deleted the interface without disabling that is my suspicion. Backup your config, manually edit it out, and restore.
-
@cmb:
You did at one point and probably deleted the interface without disabling that is my suspicion. Backup your config, manually edit it out, and restore.
Glad i didn't factory default ! that was the case. I deleted the entry for this interface, now everything is working.
Should i fill a bug ?
-
Does this configuration guard against DNS leaking?
-
Hope someone can help me with my issue.
I'm trying to make one of my clients (Logitech Revue) to use a StrongVPN connection, but seem to fail. I have used the guide to configure the VPN connection successfully, but I'm guessing I fail somewhere in setting up the routing.
I have created a firewall rule for the client, that under advanced settings uses the VPN gateway defined as per the guide. Still, if I check with a site like whatsmyip.org, I still have my regular IP showing.
I have setup AON according to a post in this thread, but it doesn't seem to help.
Do I have to use virtual IP's or is there something else I can check on? Any help is appreciated.
-
Bergling;
snap a photo of the settings you've set for that client. -
Hi,
These are the settings for firewall on LAN:
I'm trying it out on my phone first, hence the setting for Nexus being the one with the VPN GW.
Here are my gateways settings:
and Outbound NAT routing:
When setting the outbound NAT rules, there is another selectable interface, OpenVPN, should this be set instead of the VPN interface? Or both maybe?
Any more settings I should check?
-
everything there looks fine to me from what see there….instead of using an alias, try the devices IP.
the other openvpn interface is for the vpn server. -
I tried using the IP, but no luck.
Any other suggestions? Could it be DNS settings that need to be configured?
Do I need to set up any rules for the VPN interface in the firewall? To allow incoming traffic on the VPN interface?
Any help is appreciated.
edit: If I try with one of my PC:s or my entire network, are there any diagnostics tools I can try to get more info?
-
edit: If I try with one of my PC:s or my entire network, are there any diagnostics tools I can try to get more info?
not really because we already know where the problem is.
the OpenVPN 'interface' you see on the firewalls rule screen is for the server portion of openvpn. that wont have any effect on this issue.
im not completely sure what the issue is, maybe someone else will jump in here.btw, what build are you running ? whats it dated ?
-
The build is 2.0-RC3 (i386)
built on Tue Jun 21 16:50:25 EDT 2011I don't know if it will help, but here are the route table:
The 148.160.. range is my WAN ip/gateway
Can I do something from my pfsense box if I SSH into it? Like pinging or perform dns lookups to try to resolve it?
edit: Just tried to do a traceroute in the pfsense shell by using SSH. But I'm unable to find any route!
On a client PC connected to the pfsense box, traceroute works perfectly. Seems strange… -
More updates (forgive me if I seem desperate, just want go get it working):
I'm just a newbie when it comes to unix-like systems, but I've been searching the net for different suggestions, and just wanted to share some findings, so that maybe we can get closer to a solution.
I tried using tcpdump on my vpn interface, and saw dns traffic. Maybe not that strange, but since i tried adding a dns server on the VPN gateway, this means that some traffic gets routed out my vpn connection. Just not the traffic I want:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpnc1, link-type NULL (BSD loopback), capture size 96 bytes
22:17:29.877110 IP 10.8.0.86.16951 > 8.8.8.8.53: 39536+ A? www.fritidsresor.se. (37)
22:17:29.877304 IP 10.8.0.86.16951 > 98.158.112.6.53: 39536+ A? www.fritidsresor.se. (37)
22:17:30.325436 IP 10.8.0.86.34056 > 8.8.8.8.53: 25217+[|domain]
22:17:30.325540 IP 10.8.0.86.34056 > 98.158.112.6.53: 25217+[|domain]
22:17:33.439298 IP 10.8.0.86.13739 > 8.8.8.8.53: 58026+ A? p4web.freebsd.org. (35)
22:17:33.439465 IP 10.8.0.86.13739 > 98.158.112.6.53: 58026+ A? p4web.freebsd.org. (35)
22:17:33.440737 IP 10.8.0.86.48344 > 8.8.8.8.53: 30409+ A? forums.freebsd.org. (36)
22:17:33.441609 IP 10.8.0.86.48344 > 98.158.112.6.53: 30409+ A? forums.freebsd.org. (36)
22:17:33.442590 IP 10.8.0.86.59308 > 8.8.8.8.53: 39845+ A? cvsweb.freebsd.org. (36)
22:17:33.442809 IP 10.8.0.86.59308 > 98.158.112.6.53: 39845+ A? cvsweb.freebsd.org. (36)
22:17:33.489111 IP 10.8.0.86.32009 > 8.8.8.8.53: 52364+ A? security.freebsd.org. (38)
22:17:33.489530 IP 10.8.0.86.32009 > 98.158.112.6.53: 52364+ A? security.freebsd.org. (38)
22:17:33.491161 IP 10.8.0.86.46316 > 8.8.8.8.53: 29314+ A? svn.freebsd.org. (33)
22:17:33.491205 IP 10.8.0.86.46316 > 98.158.112.6.53: 29314+ A? svn.freebsd.org. (33)
22:17:33.524131 IP 10.8.0.86.45570 > 8.8.8.8.53: 6443+ A? wiki.freebsd.org. (34)By this I draw the conclusion that this must be some sort of routing problem. Does anyone agree?
The question is just exactly what is wrong?
-
Even more updates.
I solved the ping issue by disabling the OpenVPN client, and then the new default route (0.0.0.0/1 10.8.0.85) was removed and I could ping freeley using my ISP gateway.
From my perspective it all seems like I don't get any incoming packets in return from the VPN connection, but I still need to verify this with StrongVPN, but I seem to be able to route packets out on the VPN interface.
-
How can I configure pfSense to only route traffic through the VPN? Meaning if the VPN goes down, you cannot get out to the internet, only pfSense can to re-connect the VPN.
I assumed that the LAN rule that was created forcing traffic through the VPN gateway would take care of this, but testing shows that is not in fact the case and a bad assumption. I get routed out through my ISP for some reason, even though the only rule that exists is the LAN to Any through VPN Gateway. What am I missing?I also figured out the answer to my previous DNS leaking question. In System > General Setup I configured 3 DNS servers, the first 2 with the gateway set to VPN and the third with gateway set to none. Through wireshark I am able to verify that my dns lookups do not get routed out my ISP configured like this, but rather through the VPN. If I change the third DNS server to WAN gateway then all my DNS does go out ISP gateway and is thus leaked. So to recap a little, you have to have at least 1 DNS server set to none so that your VPN can lookup the DNS name you have configured for your vpn, otherwise you won't be able to connect. Also any aliases you have configured as hostnames will be looked up through your ISP gateway, just FYI.
-
I am trying to set up an OpenVPN connection to my StrongVPN account using pfSense 2.0 release. While I had success with earlier 2.0-RC3 builds, I have been unable to get the system to work with the release build.
I can connect to StrongVPN using a Mac and a Windows machine, so I am pretty sure that the problem is with my pfSense configuration.
I can establish a connection to StrongVPN but as soon as the connection is made, I lose the ability to connect to the internet with a browser. I seem to have issues similar to those of Bergling.
When I am connected to the StrongVPN server (the dashboard shows the VPN gateway as being up), the gateway status window shows the VPN gateway offline. Traffic logs show outbound traffic but nothing inbound. The firewall seems to be blocking all inbound connections per the firewall log. When I shut off the OpenVPN client, internet access is restored.
-
The firewall seems to be blocking all inbound connections per the firewall log. When I shut off the OpenVPN client, internet access is restored.
just so i understand fully, you actually checked the log and noticed this or is this an assumption ?
if so, can you copy/paste the logs for the openvpn client and related firewall logs ? remember to remove personal IP information.thanks
-
Thanks for the quick response. I did check but the assumption is that I can accurately describe and interpret what I see. ;D I'll get the snapshots to you later. Shall I post or PM?