PureVPN



  • has anyone successfully set up pfsense 2.1 for purevpn?
    I cant get their instructions to work and they arent being very proactive.
    rgds
    Stephen


  • LAYER 8 Netgate

    But they have 24/7/365 support…

    I'd be happy to look at it if they had a trial, but I'm not going to pay them.



  • Please elaborate on what is not working. What do the logs show? Can we assume you went through this -> http://www.purevpn.com/config/router/pfsense.php?


  • LAYER 8 Netgate

    I don't know why those docs specify a ca in the gui then a ca in the advanced options.  I'd ditch the "ca /etc/ca.crt" from the advanced.

    That first page looks a little thin on what actually needs to happen for the certificates.

    Seems to me you should create a CA called PureVPN with the contents of the CA certificate and no private key. This will be the cert specified in the client's Peer Certificate Authority.

    There should also be a client certificate somewhere.  This can probably be anything, but the .ovpn file might have something in it they want you to use.

    Something doesn't look right.



  • Hi,

    I am trying to configure pfsense for PureVPN and I noticed their directions are incomplete as well. Were you able to get it working? They also seem to leave out the firewall and NATing rules required.



  • Thanks for all the offers. PureVPN support is useless they sent me another set of instructions with a diff ecryption rate…
    Anyway now have it sussed and for others the problem is that they never defined the TLS key so the link was never decrypted and as pointed out earlier you dont need the ca.crt file although you do need to be careful with windows as copying can corrupt it.

    For the record the following should work:-

    1. create a new CA and copy the ca.crt contents into the certificate data box.
    2. optional copy the contents of wdc.key into Certificate Private Key box of the new cert.
    3. Create a password text file
    4. create a new openvpn client with these settings:-

    ServerMode: Peer to peer
    Protocol: UDP or (TCP if using a TCP url)
    Interface: (whatever you called your Wan)
    Server Host name & port per the available list from Purevpn - note they appear to have multiple addressing schemes Pointtoserver appears to be the most robust.
    Tick infinitely resolve server.

    (this is where PureVPN intstructions go wrong)
    TICK Enable authentication of TLS packets.
    If you did step 2 then leave Automatically generate a shared TLS authentication key Ticked
    Or alternatively and probably safer anyway
    Untick Automatically generate a shared TLS authentication key
    Copy the contents of wdc.key into box

    set Peer Certificate Authority to whatever you called the certificate you created in 1.
    set Client Certificate to webconfigurator default
    Encryption:- AES-256-CBC
    Hardware Crypto: None
    Tick Compress tunnel packets using the LZO algorithm

    I have the following in the advanced section but note I have created a gateway and new interface per the strongvpn example on here

    verb 2;
    auth-user-pass /etc/purevpn-password.txt;
    route-delay 2;
    persist-key;
    auth-nocache;
    keepalive 10 120;
    pull;
    route-nopull;

    Now create the new interface and the nat and firewall rules as per the PIA example here:-
    https://forum.pfsense.org/index.php?topic=76015.0

    Hope this helps
    Have attached screenshots

    ![Screenshot 2014-12-19 20.42.49.png](/public/imported_attachments/1/Screenshot 2014-12-19 20.42.49.png)
    ![Screenshot 2014-12-19 20.42.49.png_thumb](/public/imported_attachments/1/Screenshot 2014-12-19 20.42.49.png_thumb)
    ![Screenshot 2014-12-19 21.00.23.png](/public/imported_attachments/1/Screenshot 2014-12-19 21.00.23.png)
    ![Screenshot 2014-12-19 21.00.23.png_thumb](/public/imported_attachments/1/Screenshot 2014-12-19 21.00.23.png_thumb)



  • @Derelict:

    But they have 24/7/365 support…

    I'd be happy to look at it if they had a trial, but I'm not going to pay them.

    Yeah thats what they say - reality is they have a live chat but anything complex and you have to raise a ticket. Took them 40hrs to respond to this problem and that was after chasing twice on live chat. Next ticket was 25 hrs.

    Web page showing available servers (http://www.purevpn.com/server_location.php) is wrong eg they dont have OpenVPN capability out of london

    Now have problems that the link drops after a few hours.

    PIA is fine and rock solid.

    Only have a two day trial and that is blown if you use over 500mb data. Will give this to my neice to watch her american tv and chalk it up to experience.

    Cannot recomend at present.



  • @Derelict:

    Something doesn't look right.

    That would be the lack of any client (TLS) key!!

    Took me a while to work it out to my shame although in my defence it was my first time setting up openvpn and I am not a pfsense guru.



  • if anyone has any ideas on how to keep the link alive i would be grateful
    Purevpn is pushing these settings:-
    PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 82.145.51.129,topology subnet,ping 10,ping-restart 120,ifconfig 82.145.51.134 255.255.255.192'

    Have tried keepalive 10, 120 but no avail



  • Jacked the logging up andd found references in the log to auth failure.
    "ERROR: could not read Auth username from stdin"
    On a hunch removed the auth-nocache option and it has been up for last 12hrs which is much longer than before.
    The option was only there because it was in purevpn router files.



  • I guess I'd suggest you get a set of working instructions for a bigger vpn provider that has very well tested instructions, like strongvpn, and apply thier instructions to pure VPN.  Substitute in purevpn credentials, IP etc.


Log in to reply