mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
From tutorila poster mpboden:
Verify OpenVPN Service
At this point, your system is configured. The only thing you may need to do is restart your OpenVPN Service.
Select menu: Status->OpenVPN
Status should be UP (but it may be DOWN)
My recommendation is to click on the Restart OpenVPN Service button no matter what the status is. It's the middle button to the right of the service.
Verify OpenVPN Logs:
Select menu: Status->System Logs
Click on OpenVPN tab
Look for confirmation in your logs:
openvpn[65701]: Initialization Sequence Completed
A few other observations to make:
Select menu: Status->Dashboard
Your PIAVPN interface should be listed under Interfaces and have an IP address. I have found that after initial configuration, you may need to restart the OpenVPN service
With a client on the LAN, use a browser and go to ifconfig.me (I use ipchicken.com)
The IP address stated should be the public IP of PIA's server, not your WAN IP
Verify OpenVPN Service
At this point, your system is configured. The only thing you may need to do is restart your OpenVPN Service.
Select menu: Status->OpenVPN
Status should be UP (but it may be DOWN)
My recommendation is to click on the Restart OpenVPN Service button no matter what the status is. It's the middle button to the right of the service.
Verify OpenVPN Logs:
Select menu: Status->System Logs
Click on OpenVPN tab
Look for confirmation in your logs:
openvpn[65701]: Initialization Sequence Completed
A few other observations to make:
Select menu: Status->Dashboard
Your PIAVPN interface should be listed under Interfaces and have an IP address. I have found that after initial configuration, you may need to restart the OpenVPN service
With a client on the LAN, use a browser and go to ifconfig.me (I use ipchicken.com)
The IP address stated should be the public IP of PIA's server, not your WAN IP
I have said pfsense is extremely complex. You have to follow the steps very carefully.
I have made VPNBook working following the PIA instruction.
Did you turn on the "infinitely resolve server" & "LZO compression on this page" ?
yes
Do you have NAT Rules & Firewall setting exactly like these?
my source is different than the second pic it is showing 10.1.1.0 instead of 192.168.1.0 otherwise everything is the same
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
Verify that your gateways are available in “System” > “Routing”
Go to “System” > “Routing”
In the “Gateway” Tab, You should see 4 Gateways:
WAN IPv4 with an XXX.XXX.XXX.XXX IP Address
WAN IPv6 with a hexadecimal IP Address
PIAVPN IPv4 with a ZZZ.ZZZ.ZZZ.ZZZ IP Address
PIAVPN IPv6 with either “dynamic” or a hexadecimal IP Address
and also have something like this with your PIAVPN
Go to “System” > “Routing”
In the “Gateway” Tab, You should see 4 Gateways:
WAN IPv4 with an XXX.XXX.XXX.XXX IP Address
WAN IPv6 with a hexadecimal IP Address
PIAVPN IPv4 with a ZZZ.ZZZ.ZZZ.ZZZ IP Address
PIAVPN IPv6 with either “dynamic” or a hexadecimal IP Address
and also have something like this with your PIAVPN
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
I'm not familiar with Linux partition, I always use auto partition.
If you are testing in VirtualBox, why do you need to set partition manually? Just use full disk. Let's say you set a 20GB virtual disk for pfsense , VirtualBox will use a minimum physical disk then expand the disk automatically to a max 20GB on physical disk if necessary.
I really don't know what exactly your thought is right now.
So you want to use the new machine as a pfsense box only
or you want to run pfsense inside of Windows VirutalBox?
If you are testing in VirtualBox, why do you need to set partition manually? Just use full disk. Let's say you set a 20GB virtual disk for pfsense , VirtualBox will use a minimum physical disk then expand the disk automatically to a max 20GB on physical disk if necessary.
I really don't know what exactly your thought is right now.
So you want to use the new machine as a pfsense box only
or you want to run pfsense inside of Windows VirutalBox?
Last edited:
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
If pfsense is too complex, I would suggest using Microsoft's ICS (Internet Connection Sharing) like I posted earlier.
This way, you can also use the new machine as a storage server.
======
ICS config.
So let's say you have everything in place, then you have ethernet1, ethernet2 and a virtual TAP Windows adapter v9 (OpenVPN) which is created by PIA VPN client software.
suppose ethernet1 is the one connectect to modem/router, then you click TAP adapter, properties, sharing, then choose ethernet2 as the adapter you want to share, which will get default IP 192.168.137.1 and it will hand out DHCP IP addresses in 192.168.137.0 ranges.
Once you use PIA VPN client to connect to PIA, then all devices connected to the system use the VPN tunnel to access the internet.
http://windows.microsoft.com/en-us/windows/using-internet-connection-sharing#1TC=windows-7
This way, you can also use the new machine as a storage server.
======
ICS config.
So let's say you have everything in place, then you have ethernet1, ethernet2 and a virtual TAP Windows adapter v9 (OpenVPN) which is created by PIA VPN client software.
suppose ethernet1 is the one connectect to modem/router, then you click TAP adapter, properties, sharing, then choose ethernet2 as the adapter you want to share, which will get default IP 192.168.137.1 and it will hand out DHCP IP addresses in 192.168.137.0 ranges.
Once you use PIA VPN client to connect to PIA, then all devices connected to the system use the VPN tunnel to access the internet.
http://windows.microsoft.com/en-us/windows/using-internet-connection-sharing#1TC=windows-7
Last edited:
I am only using Virtualbox to learn to do this as my box is in a cramped space in my room and difficult to work with directly.
I get past the part on the video where I upload my login file(BTW he is using blowfish, I hope that changes later in the video). And I click save on my pfSense and it tells me that it wont save because An IPv4 protocol was selected, but the selected interface has no IPv4 address. WTF?
Please don't give up, once I got something I almost never forget.
Thank you
I get past the part on the video where I upload my login file(BTW he is using blowfish, I hope that changes later in the video). And I click save on my pfSense and it tells me that it wont save because An IPv4 protocol was selected, but the selected interface has no IPv4 address. WTF?
Please don't give up, once I got something I almost never forget.
Thank you
Last edited:
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
Have told you not to use video's user/password part.
Use pfSense forum tutorial
of course you have to enter the username/password given by PIA
I don't know what blowfish you are referring to? The Encryption Algorithm? Use AES-128 or AES-256.
I did not view the whole video because I already know how to configure following pfsense forum tutorial so I fast forward. I was posting link thinking it might help.
Did you bridge new box's NIC1 to WAN and NIC2 to LAN? It's best configure your WAN like this, leave only Virtualbox Bridged Network Driver
Use pfSense forum tutorial
of course you have to enter the username/password given by PIA
I don't know what blowfish you are referring to? The Encryption Algorithm? Use AES-128 or AES-256.
I did not view the whole video because I already know how to configure following pfsense forum tutorial so I fast forward. I was posting link thinking it might help.
Did you bridge new box's NIC1 to WAN and NIC2 to LAN? It's best configure your WAN like this, leave only Virtualbox Bridged Network Driver
Last edited:
the same f&*king error as before when I do it by your instructions.
An IPv4 protocol was selected, but the selected interface has no IPv4 address.
I'm going to get rid of this VM and start fresh again.
Thanks for sticking it out with me.
An IPv4 protocol was selected, but the selected interface has no IPv4 address.
I'm going to get rid of this VM and start fresh again.
Thanks for sticking it out with me.
Blowfish is the encryption BF128 CBC
and yes I have the NICs setup correctly, of that I am sure.
ok I am back up
Thank you for taking the time to post pics and being descriptive.
Should I run the setup wizard and put in my DNS servers?
I will do everything else except that untill I get your ok.
Thank you.
Thank you for taking the time to post pics and being descriptive.
Should I run the setup wizard and put in my DNS servers?
I will do everything else except that untill I get your ok.
Thank you.
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
It this doesn't work, I found that one of PIA user post another tutorial, including the video here, it's a bit different from pfsense forum's instruction.
By user WinstonSmith
https://www.privateinternetaccess.c...-setup-for-pfsense-firewall-router-with-video
https://www.youtube.com/watch?v=_lMl_fN3n28&feature=youtu.be
Seems he used pfSense 2.2.x
By user WinstonSmith
https://www.privateinternetaccess.c...-setup-for-pfsense-firewall-router-with-video
https://www.youtube.com/watch?v=_lMl_fN3n28&feature=youtu.be
Seems he used pfSense 2.2.x
Last edited:
I have seen https://www.privateinternetaccess.c...-setup-for-pfsense-firewall-router-with-video
before it is SHA-1
even though it says 256 if you read further down it is SHA-1
- "Encryption algorithm" = "BF-CBC (128-bit)"
- "Auth Digest Algorithm" = "SHA1 (160-nit)"
before it is SHA-1
even though it says 256 if you read further down it is SHA-1
- "Encryption algorithm" = "BF-CBC (128-bit)"
- "Auth Digest Algorithm" = "SHA1 (160-nit)"
Last edited:
Engineer
Elite Member
- Oct 9, 1999
- 39,230
- 701
- 126
mxnerd I think that you are misunderstanding me. I know how to set it up for BF128CBC and SHA-1 which has been the ones shown in the videos you have shown me. It's not as simple as just changing BF for AES(will not work at all).
I guess I will have to use windows 8.1 and ICS maybe the openVPN setup on it will kill the connection if the PIA server goes down.
I'm sorry I wasted everyone's time but I am especially sorry to mxnerd who tried to help me so much.
Thank you.
I don't think that PIA is ready for pfSense. When it is I will install pfSense and hopefully have a box that can supply the encryption that I need and the speed will be good.
Thanks so much for your help but I now think that it is a lost cause, at one point I thought that I had AES256 bit working but it turns out it was a leak.
I guess I will have to use windows 8.1 and ICS maybe the openVPN setup on it will kill the connection if the PIA server goes down.
I'm sorry I wasted everyone's time but I am especially sorry to mxnerd who tried to help me so much.
Thank you.
I don't think that PIA is ready for pfSense. When it is I will install pfSense and hopefully have a box that can supply the encryption that I need and the speed will be good.
Thanks so much for your help but I now think that it is a lost cause, at one point I thought that I had AES256 bit working but it turns out it was a leak.
Which ones don't log, have good speed and don't cost so much? Which ones out of those have servers in TexArkana or near that. USA servers are a must.
I am interested sdifox.
I really don't want to have to resort to Windows unless I have to.
I am interested sdifox.
I really don't want to have to resort to Windows unless I have to.
Last edited:
sdifox
No Lifer
- Sep 30, 2005
- 99,457
- 17,587
- 126
I still don't see how you test a firewall from behind a firewall.
this is how you should proceed. Just have the pc with the virtualbox direct connect to your cable modem on nic one. Make nic one exclusive access to pfsense vm.
Setup another vm, this one windows.
Setup pfsense, without openvpn. Get that working.
Add openvpn to pfsense.
this is how you should proceed. Just have the pc with the virtualbox direct connect to your cable modem on nic one. Make nic one exclusive access to pfsense vm.
Setup another vm, this one windows.
Setup pfsense, without openvpn. Get that working.
Add openvpn to pfsense.
Last edited:
mxnerd
Diamond Member
- Jul 6, 2007
- 6,799
- 1,103
- 126
Maybe you should keep it that way and follow the video posted by PIA user WinstonSmith in post #318
in his tutorial he created PIA internal certificate which he use RSA-2048 & SHA256, and you change it to RSA-4096 & SHA256
Sorry, I'm also learning.
Last edited:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter