build your own passthrough device capable of PIA openVPN AES 256 SHA 256 RSA-4096

[BirdDad]

my desktop detects it as two Intel NICs
After updating the BIOS it still wont turn on with the card. I guess I am stuck using Realtek cards.
I am not disappointed though, I feel good about this Pentium purchase. Everything seems faster and no graphical glitches.
Now all I need to make this something really special is to figure out how to use the new openVPN certs from PIA preferably the ca.4096.crt one for a rig that is encrypted with AES 256 and SHA256.
Anyone have any ideas on this?
Thanks

 

[mxnerd]

1. Install of pfsense is fast and it will tell you it recognize the NIC or not.

2. Intall Windows 7,8,or 10 on N3700 motherboard to make sure INTEL NIC is good.

3. If yours is ASROCK N3700-ITX, in BIOS's Boot tab, there is

Full Screen Logo
Enable to display the boot logo or disable to show normal POST messages.
AddOn ROM Display

Enable AddOn ROM Display to see the AddOn ROM messages or conigure the
AddOn ROM if you've enabled Full Screen Logo. Disable for faster boot speed.

Play with both and you probably will see INTEL NIC at boot time.

 

[BirdDad]

it won't come on at all with the Intel NIC so there is no way for me to test it with this board. I'm not going to worry about that any more, Realtek will have to suffice.
I think I broke one of the USB connectors when I plugged it into the motherboard because I thought I heard a small snap when I was twisting the wire.
the top USB front port does not work but the bottom does.
I have my keyboard plugged into the bottom one.
I just want AES 256 and SHA 256 now. I can put up with all the minor stuff.
And I am not bitter about the NIC not working out.

 

[BirdDad]

I have not yet figured out how my router is going to connect to the device once I have it ready.
I would prefer that my router do the DHCP routing on the internal network.

 

[mxnerd]

Alright then.

But where did you get ca.4096.crt ?

i don't see it at https://www.privateinternetaccess.com/openvpn/openvpn.zip

 

[mxnerd]

If you have pfsense working, it will be become your router. Disable pfsense's LAN side DHCP.

Configure your existing router's to AP mode and uplink one of LAN port to pfsense and it becomes access point & DHCP server.

 

[BirdDad]

Alright then.

But where did you get ca.4096.crt ?

i don't see it at https://www.privateinternetaccess.com/openvpn/openvpn.zip

https://www.privateinternetaccess.com/forum/discussion/9093/pia-openvpn-client-encryption-patch/p1
the crt files have a lot of optiobs
rsa 2048,4096 aes256,sha256
I just got to figure out how to make them work

 

[XavierMace]

[H] has a really detailed guide on setting up PIA on pfSense. Worked well for me.

 

[BirdDad]

[H] has a really detailed guide on setting up PIA on pfSense. Worked well for me.

Where at? Does it tell how to make it AES256 and SHA256?

 

[BirdDad]

If you have pfsense working, it will be become your router. Disable pfsense's LAN side DHCP.

Configure your existing router's to AP mode and uplink one of LAN port to pfsense and it becomes access point & DHCP server.

That confirms what I was thinking. Thanks
Who is [H] and where do I find his guide?
Thanks

 

[mxnerd]

Tutorial: Configuring pfSense as VPN client to Private Internet Access

https://forum.pfsense.org/index.php?topic=76015.0

copy & paste PIA's 4096 certificate data (ca.4096.crt) in first step that create the CA Certificate

You have to use pfSense 2.1.5, since NAT outbound config doesn't work if you use 2.2.4
(seems 2.2.4 can't set NAT port range 1024 to 65536 like 2.1.5)

Seems all the instruction on the web, regardless which VPN provider, all use older 2.1.5

http://mirror.transip.net/pfsense/downloads/pfSense-LiveCD-2.1.5-RELEASE-amd64.iso.gz

===

don't know what's XavierMace's [H] mean

 

[Engineer]

That confirms what I was thinking. Thanks
Who is [H] and where do I find his guide?
Thanks

[H] is [H]ardOCP or their forums. I searched and didn't find the particular guide but we all know how my Google skills are based on this thread, lol!

Found this thread but seems old:

http://hardforum.com/showthread.php?t=1663797

 

[BirdDad]

Tutorial: Configuring pfSense as VPN client to Private Internet Access

https://forum.pfsense.org/index.php?topic=76015.0

copy & paste PIA's 4096 certificate data (ca.4096.crt) in first step that create the CA Certificate

You have to use pfSense 2.1.5, since NAT outbound config doesn't work if you use 2.2.4
(seems 2.2.4 can't set NAT port range 1024 to 65536 like 2.1.5)

Seems all the instruction on the web, regardless which VPN provider, all use older 2.1.5

http://mirror.transip.net/pfsense/downloads/pfSense-LiveCD-2.1.5-RELEASE-amd64.iso.gz

===

don't know what's XavierMace's [H] mean

I can't find 2.1.5 I can only find 2.1.3 any one know of a mirror that has 2.1.5?

 

[BirdDad]

thanks mxnerd
I found 2.1.5 but it is a cd installer can I use rufus to convert it to a USB installer?

 

[sdifox]

http://files.nyi.pfsense.org/mirror/downloads/old/

 

[sdifox]

[H] is [H]ardOCP or their forums. I searched and didn't find the particular guide but we all know how my Google skills are based on this thread, lol!

Found this thread but seems old:

http://hardforum.com/showthread.php?t=1663797

That's because you didn't notice you are using yahoo now :awe:

 

[mxnerd]

thanks mxnerd
I found 2.1.5 but it is a cd installer can I use rufus to convert it to a USB installer?

You have to use 7zip or WinRAR to extract the iso file from that .gz file first.

However last night I use rufus and UNetbootin and neither works and always gives me errors. I have to burn it on CDROM to make it work.

The ISO file works perfectly in virtual environment.

You have to read config instruction very, very, very carefully. Anything missed or misconfigured will make it not working.

For the Encryption algorithm = BF-CBC (128-bit) change it to AES-256

and since you also wants to use SHA256, in OpenVPN Client config part, you add "auth sha256" to the end of Advanced configuration so it looks like

auth-user-pass /etc/openvpn-password.txt;
verb 5;
remote-cert-tls server;
auth sha256

be sure to put those semicolons, I don't know if it will work if you don't put them in there

 

[Engineer]

That's because you didn't notice you are using yahoo now :awe:

I actually used to use Yahoo but they have more pages of ads now than search results. It's almost unbearable to do any searching with them. I like their finance page and still use e-mail with them (sports too) but can't stand their searching at this point.

 

[XavierMace]

[H] is [H]ardOCP or their forums. I searched and didn't find the particular guide but we all know how my Google skills are based on this thread, lol!

Found this thread but seems old:

http://hardforum.com/showthread.php?t=1663797

Sorry, yeah, [H]ardOCP. That looks like the thread I was thinking of. The threads a bit old, but still got me most of the way there when I did a pfSense/PIA setup a year or so ago.

 

[BirdDad]

thanks all

 

[sdifox]

so you got it all working?

 

[BirdDad]

You have to use 7zip or WinRAR to extract the iso file from that .gz file first.

However last night I use rufus and UNetbootin and neither works and always gives me errors. I have to burn it on CDROM to make it work.

The ISO file works perfectly in virtual environment.

You have to read config instruction very, very, very carefully. Anything missed or misconfigured will make it not working.

For the Encryption algorithm = BF-CBC (128-bit) change it to AES-256

and since you also wants to use SHA256, in OpenVPN Client config part, you add "auth sha256" to the end of Advanced configuration so it looks like
No it's not working yet.


be sure to put those semicolons, I don't know if it will work if you don't put them in there

nevermind the tut explained it

 

[BirdDad]

Nope it does not work.
Really frustrated.
Thanks all for bearing with me.
I hate to think that the best encryption I can get out of this would be Blowfish128bit

 

[BirdDad]

it always shows openVPN is down under status, I restart it and get all green arrows then check the status and it is down
I've tried both the 4096 and the 2048 crts

 

[mxnerd]

I have said pfsense is extremely complex. You have to follow the steps very carefully.

I have made VPNBook working following the PIA instruction.

Did you turn on the "infinitely resolve server" & "LZO compression on this page" ?