build your own passthrough device capable of PIA openVPN AES 256 SHA 256 RSA-4096

[Engineer]

Which settings should I choose for my NICs? I got one that is bridged sharing with the host and the other one I can't figure out what to do with. em0 is not receiving an ip address.

Edit #2: I actually did created TWO bridged network adapters, not private. I changed it and forgot. Sorry for the confusion above.

Looks like after I tinkered for a few minutes, the WAN picked up an IP from my router (set to DHCP).

Edit: LOL...just tried setting one up on my upstairs PC and can't connect to the GUI. More tinkering..... - Once I changed the network adapters (both) to bridged, I could then connect from the host browser to the LAN IP of pfsense.

 

[Engineer]

OK. Have it running on LAN side anyway. (Can't access using WAN IP on this PC. Not sure why)

Procedure:
Created two bridged network adapters.

Set WAN to le0, turned on receive IP from DHCP (my router in this case).
Set LAN to le1, set IP to static IP and subnet (that's available on my host LAN)

can now browse to pfsene GUI using LAN IP set above.

 

[BirdDad]

https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

http://www.youtube.com/watch?v=RDanNm8vh78

my vmware pro 12 looks nothing like that and does not have those options.

 

[mxnerd]

Forget Host-only and NAT adapters on VMware, it makes thing complicated.

1. Put your pfSense VM's 1st adapter (WAN) on bridged adapter (which bridge to your physical LAN adapter), pfSene WAN will get an IP from your router. pfSense detected it as em0. Yours could be different.

2. Put your pfSense VM's 2nd adapter (LAN) on LAN segment (any name) you created. pfSense detected it as le0. Yours could be different.

3. Install pfSense in VM, config LAN static IP, set DHCP range for pfSense LAN adapter, choose option 99 to install to VM disk

4. Create Linux or Windows VM using same LAN Segement as pfSense's LAN Segemnt and connect to pfSense and finish with setup wizard.

====

Found that pfSense on VirtualBox 5.04 has some issues. Like I can's save text file or browse file system using Diagnostics - Edit File. I also can't save changes in some config tabs in pfSense VM, it just keeps pending there. VMware might be the way to go at this time.

====
Downgrade to VirtualBox 4.3 and now Diagnostics - Edit File & config saving works. Guess 5.0x still buggy.

 

[BirdDad]

it keeps telling me no link up when I try to autodetect the WAN no matter what NICs I choose or configurations it says this(VMWare that is)

 

[mxnerd]

When you are saying the stuff doesn't work you always have to describe what's your configuration now , not just saying it doesn't work. No one is going to know what's going on.

It seems virtual environment is just too hard for you. pfSense is even more complex.

Wait for your new system and go from there.

Maybe Engineer / sdifox or other members can help.

Sorry, I'm out.

 

[Engineer]

it keeps telling me no link up when I try to autodetect the WAN no matter what NICs I choose or configurations it says this(VMWare that is)

Can't use auto detect. Had to manually set. You should see your choices right before it asks you the interface name or to hit 'a' for auto select. You'll need to choose your network connection for the WAN and LAN.

 

[BirdDad]

It finally worked!
Thank you all!

 

[sdifox]

Alright!

 

[Engineer]

It finally worked!
Thank you all!

 

[BirdDad]

After careful testing I have concluded that it does what I need it to do.
I have placed orders for my box and hope that the processor I have chosen has enough power to handle a 150Mb connection, if it does it will be awesome.
Thanks everybody for your help and patience.

 

[BirdDad]

I don't know where the handshake is stored. can someone help me locate it?
Thanks and thanks to all the people who stuck this one out with me.

 

[sdifox]

What do you mean handshake?

 

[BirdDad]

on the PIA windows client it is refered to as the handshake I've got mine set to RSA-4096 on my Windows client.
What I want to do is change pfSense's (whatever it is called on that ) to 4096 from the default of 2048

 

[sdifox]

on the PIA windows client it is refered to as the handshake I've got mine set to RSA-4096 on my Windows client.
What I want to do is change pfSense's (whatever it is called on that ) to 4096 from the default of 2048

this is what PIA has to say on pfsense config

https://www.privateinternetaccess.com/pages/client-support/pfsense


check with them on how to do 4096.

 

[BirdDad]

I did check with them-they won't help unless it is to get the default config.

 

[sdifox]

I did check with them-they won't help unless it is to get the default config.

maybe check in pfsense forum? I don't deal with PIA nor do I use openVPN.


this might help

https://www.privateinternetaccess.com/forum/discussion/9093/pia-openvpn-client-encryption-patch/p2

https://www.reddit.com/r/VPN/comments/1r9c60/handshake_encryption_in_openvpn_config_file/

 

[BirdDad]

Thanks. I have tried the pfSense forums early yesterday, I am still waiting for a response.
I know how to change it in windows but my little box is going to be running pfSense not Windows.

 

[BirdDad]

my parts all arrived yesterday. I put them all together and turned on the switch. it took it nearly two minutes to show the BIOS screen and that's before the dual nic was added.
there were graphical glitches. pfSense would not install to the SSD I had in it so I put in a hard drive.
I disabled the Realtek NIC in BIOS and I installed the dual Intel NIC.
pfSense installed and whenever I try to boot it it gets stuck at auto sense the WAN. It can't find it.
Am going to try onboard NIC+ TPlink NIC next and see if that works.

 

[sdifox]

my parts all arrived yesterday. I put them all together and turned on the switch. it took it nearly two minutes to show the BIOS screen and that's before the dual nic was added.
there were graphical glitches. pfSense would not install to the SSD I had in it so I put in a hard drive.
I disabled the Realtek NIC in BIOS and I installed the dual Intel NIC.
pfSense installed and whenever I try to boot it it gets stuck at auto sense the WAN. It can't find it.
Am going to try onboard NIC+ TPlink NIC next and see if that works.

So your cable modem is hooked up to wan nic directly?

 

[BirdDad]

I don't have cable yet. I did get the dual Intel NIC installed however pfSense failed to recognise my uplink no matter which the cable was plugged into. I thought that there might be some trouble with this NIC so I tried the onboard to enabled in BIOS.
I tried booting with the onboard NIC and it never boots it just says that Realtek NIC is protected by patents and never boots even with boot from LAN disabled in the BIOS. My settings were boot from hard drive in BIOS.
I am returning this board.

 

[sdifox]

I don't have cable yet.
I tried booting with the onboard NIC and it never boots it just says that Realtek NIC is protected by patents and never boots even with boot from LAN disabled in the BIOS.
I am returning this board.

That does sound weird.

 

[mxnerd]

Why are you booting from a NIC? You should boot from a CD/DVD or USB stick which has pfSense on it.

Burn pfSense iso image on CD/DVD or use ISOtoUSB, or the likes (https://rufus.akeo.ie/)) and write pfsense to USB stick.

And if you don't have cables, how do you test?

 

[BirdDad]

Why are you booting from a NIC? You should boot from a CD/DVD or USB stick which has pfSense on it.

Burn pfSense iso image on CD/DVD or use ISOtoUSB, or the likes (https://rufus.akeo.ie/)) and write pfsense to USB stick.

And if you don't have cables, how do you test?

I booted from USB and installed pfSense. My problem is that it wants to boot from the onboard NIC even when I tell it not to.
I have a network cable going from my router to my box(no shortage of cables).

 

[mxnerd]

Newer motherboard probably only support UEFI boot. So if you burn the pfSense in MBR boot mode, it probably won't boot after installation.

You probably have to make sure it writes in UEFI boot mode for USB flash drive.

Ignore Realtek patent message, it's on all motherboards with realtek chip.

The part that you said the motherboard still wants to boot from Realtek after you disable it in BIOS, that's really weird.