pfSense Support Subscription

Author Topic: I need help here. I am hitting the wall. Please help a noob.  (Read 711 times)

0 Members and 1 Guest are viewing this topic.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #15 on: November 25, 2017, 05:35:49 pm »
Well as of today I decided to stop using my Pfsense box and decided to use back my Asus RT AC 87U with Expressvpn. It took me 2 1/2 straight days trying to figure out how to unblock Netflix and Amazon prime with Pfsense.

I'm confused.  You had it working but gave up anyways.

The policy-based routing firewall rule is just one rule, described above, and it would allow your Roku devices to be routed through ExpressVPN.  I fail to see what difficulty you are encountering or why you gave up when you were a few seconds from success.






My main concern in going to Pfsense route is geolocation unblocking. The 3 major streaming company are getting tougher every day. It used to be a simple paid DNS service and your done. I have been tinkering routers for years starting from DD-WRT, Tomato to current Asus Merlin. Time has changed and I have to follow what is current.

 Asus merlin firmware is so simple to use for an average guy like me but there are some limitations too when it comes to hardware. And this is the reason why I wanted to learn Pfsense because I have the freedom to do so.


I am no expert on things and it takes time to learn. for me its no pain no gain.


I will be posting some desktop configuration on ExpressVPN later so the community can take a look. including some problems I encounter.








Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #16 on: November 25, 2017, 08:39:37 pm »
Ok I am back to pfsense today and decided to start with a clean slate by doing a factory restore on the GUI.

After doing the wizard, I proceed to install Expressvpn.



Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #17 on: November 25, 2017, 08:43:46 pm »
Here are more shots Expressvpn config.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #18 on: November 25, 2017, 09:17:13 pm »
I rebooted pfsense after configuring Expressvpn and vpn is up after reboot. I then proceed to System/General setup/ DNS Server settings. (see attachments). Next is Services /DNS Resolver/General Settings including     Services/DNS Resolver/Advanced Settings.


I did run DNS leaktest and it pass but I can not access some websites including Amazon (see attachment) and internet speed is slow. This is connected to Expressvpn.


I also try to install Pfsense package and its giving me error. I am currently on 2.3.5. Can not install 2.4.2 due to HPET error but let set that aside.


I did also check my ip location and its connected thru expressvpn result is Los Angeles location.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #19 on: November 25, 2017, 09:31:41 pm »
I was really scratching my head. Next is to check my firewall settings (see attachment). On Firewall rules expressvpn i noticed it was empty.


I decided to click add on expressvpn firewall rules and this is how it looks like (see Attachement).


I noticed on Lan firewall lan did have some changes.



Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #20 on: November 25, 2017, 09:35:47 pm »
This is my NAT outbound.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #21 on: November 25, 2017, 09:45:32 pm »
Here are the results so far:

1. I am currently connected to my Local ISP and can be able to access sites.

2. ExpressVPN is up and connected but I am pretty sure I am not on vpn. Why? because I did check my ip location and since I am not on VPN DNS leak is the result.

3. I have not check my Roku streaming boxes yet because I am pretty sure it's going to be block.



Any suggestions guy?


Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #22 on: November 25, 2017, 09:52:09 pm »
Your NAT rules look fine.  Here is a screenshot with some cosmetic edits. :P

The ISAKMP rules are unnecessary in my opinion and can be deleted.  The other two edits are just to make the Description more accurate.
« Last Edit: November 25, 2017, 09:56:09 pm by Finger79 »

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #23 on: November 25, 2017, 09:54:04 pm »
Attach are additional information if somebody wants to know. This is my current stats.

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #24 on: November 25, 2017, 09:55:10 pm »
I was really scratching my head. Next is to check my firewall settings (see attachment). On Firewall rules expressvpn i noticed it was empty.

It should be empty.  The way pfSense firewall rules work is they apply to traffic coming into that interface.  So you probably do not want anyone coming *into* your home and pfSense router from the outside world through the ExpressVPN interface.

I would delete all firewall rules on the ExpressVPN interface and only use LAN rules.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #25 on: November 25, 2017, 10:00:17 pm »
Your NAT rules look fine.  Here is a screenshot with some cosmetic edits. :P

The ISAKMP rules are unnecessary in my opinion and can be deleted.  The other two edits are just to make the Description more accurate.


If I deleted ISAKMP rules, Is there any order on Mappings? or just leave it as is?



Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #26 on: November 25, 2017, 10:02:20 pm »
Your DNS Server Settings (in General Setup) should be non-ExpressVPN DNS servers that your pfSense box will use if the ExpressVPN connection goes down.  It's for backup purposes only.

1.  Change the DNS servers to any public resolver of your choice.  OpenDNS, Level3, Verisign, Comodo, Google, etc.
2.  Change the Gateway to WAN instead of ExpressVPN.  (Yes, this is a DNS "leak" but only to be used by your pfSense box itself, not your LAN devices, and it's only used if your VPN fails.  It's a temporary backup setting.)

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #27 on: November 25, 2017, 10:03:10 pm »
If I deleted ISAKMP rules, Is there any order on Mappings? or just leave it as is?
As is is fine.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #28 on: November 25, 2017, 10:08:56 pm »
I was really scratching my head. Next is to check my firewall settings (see attachment). On Firewall rules expressvpn i noticed it was empty.

It should be empty.  The way pfSense firewall rules work is they apply to traffic coming into that interface.  So you probably do not want anyone coming *into* your home and pfSense router from the outside world through the ExpressVPN interface.

I would delete all firewall rules on the ExpressVPN interface and only use LAN rules.


Expressvpn firewall rules was originaly on Lan rules "Local_Subnets = Lan Traffic expressvpn" but I can not access websites. The only thing that work for me is to move it to Firewall/ Rules/ExpressVPN which resulted to no connection to VPN.

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #29 on: November 25, 2017, 10:18:54 pm »
Expressvpn firewall rules was originaly on Lan rules "Local_Subnets = Lan Traffic expressvpn" but I can not access websites. The only thing that work for me is to move it to Firewall/ Rules/ExpressVPN which resulted to no connection to VPN.
I say again:  Your ExpressVPN interface rules should be completely empty, unless you want traffic coming INTO that interface, which I would guess is a solid "no."  Leave that whole interface rules blank.

Regarding the one rule you set up:  I thought you wanted to set up an alias for your three Roku devices.  It's unnecessary to really set up an alias for 192.168.1.0/24 since you can just put that directly in the firewall rule.

In fact, if you want your entire LAN subnet to go out through ExpressVPN, then it's not really necessary to have that rule in the first place.  Your ExpressVPN configuration should automatically pull routes.