Problems with airVPN and pfsense



  • I am trying to switch from PIA to airVPN since I want to utilize port forwarding. I followed their handy guide posted here: https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/. It seems outdated, but still followed it.

    The problem I am having is that it doesn't pull an IP address or connects to their servers. I have started from scratch after factory resetting my pfsense box, tried using a different port/server and still have had zero luck with it.

    Here is the only part of the openvpn log that mentions any type of error, below it I have included the whole log (set to verbose -3)

    
    Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS handshake failed
    Jan 4 19:53:17	openvpn[91144]: TCP/UDP: Closing socket
    Jan 4 19:53:17	openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting
    Jan 4 19:53:17	openvpn[91144]: Restart pause, 2 second(s)
    Jan 4 19:53:19	openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 4 19:53:19	openvpn[91144]: Re-using SSL/TLS context
    Jan 4 19:53:19	openvpn[91144]: LZO compression initialized
    
    
    
    Jan 4 19:53:14	openvpn[54725]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Jan 4 19:53:14	openvpn[54725]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 4 19:53:14	openvpn[54725]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
    Jan 4 19:53:14	openvpn[54725]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 4 19:53:14	openvpn[54725]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jan 4 19:53:14	openvpn[54725]: LZO compression initialized
    Jan 4 19:53:14	openvpn[54725]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    Jan 4 19:53:14	openvpn[54725]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Jan 4 19:53:14	openvpn[54725]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    Jan 4 19:53:14	openvpn[54725]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Jan 4 19:53:14	openvpn[54725]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Jan 4 19:53:14	openvpn[54725]: Local Options hash (VER=V4): '9e7066d2'
    Jan 4 19:53:14	openvpn[54725]: Expected Remote Options hash (VER=V4): '162b04de'
    Jan 4 19:53:14	openvpn[54725]: UDPv4 link local (bound): [AF_INET]173.72.244.94
    Jan 4 19:53:14	openvpn[54725]: UDPv4 link remote: [AF_INET]213.152.161.29:53
    Jan 4 19:53:14	openvpn[54725]: TLS: Initial packet from [AF_INET]213.152.161.29:53, sid=af3505b5 50ad0605
    Jan 4 19:53:14	openvpn[54725]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
    Jan 4 19:53:15	openvpn[54725]: Validating certificate key usage
    Jan 4 19:53:15	openvpn[54725]: ++ Certificate has key usage 00a0, expects 00a0
    Jan 4 19:53:15	openvpn[54725]: VERIFY KU OK
    Jan 4 19:53:15	openvpn[54725]: Validating certificate extended key usage
    Jan 4 19:53:15	openvpn[54725]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Jan 4 19:53:15	openvpn[54725]: VERIFY EKU OK
    Jan 4 19:53:15	openvpn[54725]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
    Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS handshake failed
    Jan 4 19:53:17	openvpn[91144]: TCP/UDP: Closing socket
    Jan 4 19:53:17	openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting
    Jan 4 19:53:17	openvpn[91144]: Restart pause, 2 second(s)
    Jan 4 19:53:19	openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 4 19:53:19	openvpn[91144]: Re-using SSL/TLS context
    Jan 4 19:53:19	openvpn[91144]: LZO compression initialized
    Jan 4 19:53:19	openvpn[91144]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
    Jan 4 19:53:19	openvpn[91144]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Jan 4 19:53:19	openvpn[91144]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    Jan 4 19:53:19	openvpn[91144]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Jan 4 19:53:19	openvpn[91144]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Jan 4 19:53:19	openvpn[91144]: Local Options hash (VER=V4): '9e7066d2'
    Jan 4 19:53:19	openvpn[91144]: Expected Remote Options hash (VER=V4): '162b04de'
    Jan 4 19:53:19	openvpn[91144]: UDPv4 link local (bound): [AF_INET]173.72.244.94
    Jan 4 19:53:19	openvpn[91144]: UDPv4 link remote: [AF_INET]199.19.94.12:443
    Jan 4 19:53:19	openvpn[91144]: TLS: Initial packet from [AF_INET]199.19.94.12:443, sid=9de92ce2 6eb6bcbf
    Jan 4 19:53:20	openvpn[91144]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
    Jan 4 19:53:20	openvpn[91144]: Validating certificate key usage
    Jan 4 19:53:20	openvpn[91144]: ++ Certificate has key usage 00a0, expects 00a0
    Jan 4 19:53:20	openvpn[91144]: VERIFY KU OK
    Jan 4 19:53:20	openvpn[91144]: Validating certificate extended key usage
    Jan 4 19:53:20	openvpn[91144]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Jan 4 19:53:20	openvpn[91144]: VERIFY EKU OK
    Jan 4 19:53:20	openvpn[91144]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
    
    

    Any recommendations?

    Thank you



  • It doesn't look like you're pulling in routes. You need to either add them in manually or uncheck "Don't pull routes" & "Don't add/remove routes" in the OpenVPN client config section.

    AirVPN has an updated version on forum for 2.3 but I couldn't get it to work. Also I don't agree with all the settings he has.



  • I followed the 2.3 guide without any problems: https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
    although i'm not sure if i followed it to the letter, i manually entered the nat rules and my own firewall without the guide, but it worked without a problem. I have the option 'don't add and remove routes automatically' unchecked.

    If you show me you're settings i'll see if i can help.


Log in to reply