Can someone please help me get AirVPN to work with pfSense?

[BirdDad]

All the tutorials have three certificates, all I get generated from it is two certificates and two keys a static and an RSA key.

 

[CubanlB]

OpenVPN type setups (Usually) need the

VPN server Public Certificate (Lets you encrypt traffic to be sent to the server, and identifies that it is being sent to the correct server)
The clients Public Certificate (Lets the server encrypt data sent to you, and identifies that it is being sent to the correct client)
The clients private key (Lets you decrypt the data sent to you)
Someimes a TLS auth key - (your second key - this is a symmetrical key you need this to even start talking to the VPN server)

You also need to import the Public Cert of the CA that Signed AirVPNs VPN server public cert. (doesn't look like it in the instructions I found)

It would help if you provided the tutorial you are using.

You should have everything you need.

Read about what the certs and keys you have are
https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/#entry16200

 

[BirdDad]

I with some help have got it figured out that one was a key and not a cert
I just need help in getting this thing to work and I am going by the tutorial that you showed me. A lot of it is outdated and my version of pfSense either doesn't have it or it is different.
like the the DNS forwarder/vs resolver

 

[BirdDad]

I am using the https://airvpn.org/topic/11245-how-t...21-for-airvpn/ tutorial

 

[mxnerd]

You have to disable DNS resolver in order to set DNS forwarder.

The instruction Step 6 mistakenly states that you have to disable DNS forwarder, it's wrong.

If you don't disable DNS resolver, you will get an error whenyou try to save DNS forwarder settings.

You can use any public DNS like

Level3 4.2.2.1, 4.2.2.2 or
Google 8.8.8.8, 8.8.4.4 or
OpenDNS 208.67.222.222 . 208.67.220.220, etc.,

or
https://airvpn.org/specs/ like 10.4.0.1, 10.5.0.1 etc, I think. (Maybe not if you are not connecting to AirVPN)

in System menu, General Setup, DNS servers

 

[Red Squirrel]

I find the DNS forwarder in pfsense can be flaky at times, like sometimes it will randomly stop resolving a specific internal domain from a specific box. Rebooting the forwarder services fixes it temporarily.

Also is the VPN server sitting on the network or are you trying to do it within pfsense? I find that when I setup my VPN server I had to set it up in it's own vlan. Pfsense has a built in security rule that will not allow traffic to come out of the same interface it come out on. So basically speaking if you are connected to the VPN from a remote location and try to connect to a server that's on the same vlan as the VPN server, the traffic goes out of that interface to the pfsense server, then is routed back to that same interface, and pfsense blocks this. So I ended up creating a separate vlan for just the VPN server and now everything works. I also found that setting up a separate openvpn server was easier than doing it in pfsense, as there is more tutorials online for setting up openvpn directly.

 

[Essence_of_War]

deleted