Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with airVPN and pfsense

    OpenVPN
    4
    4
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      plainzwalker
      last edited by

      I am trying to switch from PIA to airVPN since I want to utilize port forwarding. I followed their handy guide posted here: https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/. It seems outdated, but still followed it.

      The problem I am having is that it doesn't pull an IP address or connects to their servers. I have started from scratch after factory resetting my pfsense box, tried using a different port/server and still have had zero luck with it.

      Here is the only part of the openvpn log that mentions any type of error, below it I have included the whole log (set to verbose -3)

      
Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS handshake failed
Jan 4 19:53:17	openvpn[91144]: TCP/UDP: Closing socket
Jan 4 19:53:17	openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting
Jan 4 19:53:17	openvpn[91144]: Restart pause, 2 second(s)
Jan 4 19:53:19	openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 4 19:53:19	openvpn[91144]: Re-using SSL/TLS context
Jan 4 19:53:19	openvpn[91144]: LZO compression initialized


      
Jan 4 19:53:14	openvpn[54725]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jan 4 19:53:14	openvpn[54725]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 4 19:53:14	openvpn[54725]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
Jan 4 19:53:14	openvpn[54725]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 4 19:53:14	openvpn[54725]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 4 19:53:14	openvpn[54725]: LZO compression initialized
Jan 4 19:53:14	openvpn[54725]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
Jan 4 19:53:14	openvpn[54725]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Jan 4 19:53:14	openvpn[54725]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Jan 4 19:53:14	openvpn[54725]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Jan 4 19:53:14	openvpn[54725]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Jan 4 19:53:14	openvpn[54725]: Local Options hash (VER=V4): '9e7066d2'
Jan 4 19:53:14	openvpn[54725]: Expected Remote Options hash (VER=V4): '162b04de'
Jan 4 19:53:14	openvpn[54725]: UDPv4 link local (bound): [AF_INET]173.72.244.94
Jan 4 19:53:14	openvpn[54725]: UDPv4 link remote: [AF_INET]213.152.161.29:53
Jan 4 19:53:14	openvpn[54725]: TLS: Initial packet from [AF_INET]213.152.161.29:53, sid=af3505b5 50ad0605
Jan 4 19:53:14	openvpn[54725]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 4 19:53:15	openvpn[54725]: Validating certificate key usage
Jan 4 19:53:15	openvpn[54725]: ++ Certificate has key usage 00a0, expects 00a0
Jan 4 19:53:15	openvpn[54725]: VERIFY KU OK
Jan 4 19:53:15	openvpn[54725]: Validating certificate extended key usage
Jan 4 19:53:15	openvpn[54725]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 4 19:53:15	openvpn[54725]: VERIFY EKU OK
Jan 4 19:53:15	openvpn[54725]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 4 19:53:17	openvpn[91144]: TLS Error: TLS handshake failed
Jan 4 19:53:17	openvpn[91144]: TCP/UDP: Closing socket
Jan 4 19:53:17	openvpn[91144]: SIGUSR1[soft,tls-error] received, process restarting
Jan 4 19:53:17	openvpn[91144]: Restart pause, 2 second(s)
Jan 4 19:53:19	openvpn[91144]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 4 19:53:19	openvpn[91144]: Re-using SSL/TLS context
Jan 4 19:53:19	openvpn[91144]: LZO compression initialized
Jan 4 19:53:19	openvpn[91144]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
Jan 4 19:53:19	openvpn[91144]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Jan 4 19:53:19	openvpn[91144]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Jan 4 19:53:19	openvpn[91144]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Jan 4 19:53:19	openvpn[91144]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Jan 4 19:53:19	openvpn[91144]: Local Options hash (VER=V4): '9e7066d2'
Jan 4 19:53:19	openvpn[91144]: Expected Remote Options hash (VER=V4): '162b04de'
Jan 4 19:53:19	openvpn[91144]: UDPv4 link local (bound): [AF_INET]173.72.244.94
Jan 4 19:53:19	openvpn[91144]: UDPv4 link remote: [AF_INET]199.19.94.12:443
Jan 4 19:53:19	openvpn[91144]: TLS: Initial packet from [AF_INET]199.19.94.12:443, sid=9de92ce2 6eb6bcbf
Jan 4 19:53:20	openvpn[91144]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jan 4 19:53:20	openvpn[91144]: Validating certificate key usage
Jan 4 19:53:20	openvpn[91144]: ++ Certificate has key usage 00a0, expects 00a0
Jan 4 19:53:20	openvpn[91144]: VERIFY KU OK
Jan 4 19:53:20	openvpn[91144]: Validating certificate extended key usage
Jan 4 19:53:20	openvpn[91144]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 4 19:53:20	openvpn[91144]: VERIFY EKU OK
Jan 4 19:53:20	openvpn[91144]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org

      Any recommendations?

      Thank you

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        It doesn't look like you're pulling in routes. You need to either add them in manually or uncheck "Don't pull routes" & "Don't add/remove routes" in the OpenVPN client config section.

        AirVPN has an updated version on forum for 2.3 but I couldn't get it to work. Also I don't agree with all the settings he has.

        1 Reply Last reply Reply Quote 0
        • A
          apollo17
          last edited by

          I followed the 2.3 guide without any problems: https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
          although i'm not sure if i followed it to the letter, i manually entered the nat rules and my own firewall without the guide, but it worked without a problem. I have the option 'don't add and remove routes automatically' unchecked.

          If you show me you're settings i'll see if i can help.

          N 1 Reply Last reply Reply Quote 0
          • N
            nasheayahu @apollo17
            last edited by

            @apollo17 Is your pfSense an ARM Box or PC Build? I can't get it working on my SG-2100.

            My AirVPN posting How To Set Up pfSense+ for AirVPN.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.