pfSense Support Subscription

Author Topic: I need help here. I am hitting the wall. Please help a noob.  (Read 728 times)

0 Members and 1 Guest are viewing this topic.

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #30 on: November 25, 2017, 11:16:03 pm »
I followed your suggestions on the NAT outbound. I also deleted the Firewall/Rules/EXPRESSVPN and instead put back the Firewall/Rules/Lan.


I also change System/General /Setup as suggested. I was able to connect back to expressvpn but it resulted to a slow connections. some sites are not available. Is there a way to coorect this?


Also I am not in the process of setting up the Roku yet. I just want to make sure I won't have any problem with browsing. If connection is slow on browsing I think I can not be able to stream my Rokus.


I tinker on Interface/ExpressVPN. Under general Information, IPv4 Configuration Type = DHCP. this was the instruciotns by expressvpn. If I change from DHCP to NONE, I get faster browsing but I get disconnected from VPN.

I have not use any traffic shaper for the moment fyi.



I am providing some screenshots for your perusal.

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #31 on: November 26, 2017, 01:15:29 am »
I was able to connect back to expressvpn but it resulted to a slow connections. some sites are not available. Is there a way to coorect this?
Let's compare apples to apples.

1.  Is your OpenVPN configuration on pfSense identical to your OpenVPN configuration on your Asus router?
2.  On your Asus router, are you able to visit Amazon and other sites, or are you getting the same error message?  If so, why?
3.  On your Asus router (which I assume has much slower CPU than your pfSense box), is VPN throughput slow?
4.  On your Asus router, are you also connected to ExpressVPN - Los Angeles?
5.  Are you in Europe?  Asia?  Somewhere else?  You may want to try out different VPN servers and see if speed improves.
6.  Where did you get the config settings in "Custom options"?  Also, is everything else correct such as the SHA512 HMAC?


I tinker on Interface/ExpressVPN. Under general Information, IPv4 Configuration Type = DHCP. this was the instruciotns by expressvpn. If I change from DHCP to NONE, I get faster browsing but I get disconnected from VPN.
FYI:  I have my VPN interfaces all set to "None."

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #32 on: November 26, 2017, 01:31:44 am »
I followed your suggestions on the NAT outbound.
Dude, you're tweaking mah OCD.  :P  I'd edit your Descriptions for sanity purposes as in my screenshot.  Just two edits.  "LAN to ExpressVPN" and "localhost to ExpressVPN"
« Last Edit: November 26, 2017, 01:35:26 am by Finger79 »

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #33 on: November 26, 2017, 02:05:45 am »
I was able to connect back to expressvpn but it resulted to a slow connections. some sites are not available. Is there a way to coorect this?
Let's compare apples to apples.

1.  Is your OpenVPN configuration on pfSense identical to your OpenVPN configuration on your Asus router?
2.  On your Asus router, are you able to visit Amazon and other sites, or are you getting the same error message?  If so, why?
3.  On your Asus router (which I assume has much slower CPU than your pfSense box), is VPN throughput slow?
4.  On your Asus router, are you also connected to ExpressVPN - Los Angeles?
5.  Are you in Europe?  Asia?  Somewhere else?  You may want to try out different VPN servers and see if speed improves.
6.  Where did you get the config settings in "Custom options"?  Also, is everything else correct such as the SHA512 HMAC?




I tinker on Interface/ExpressVPN. Under general Information, IPv4 Configuration Type = DHCP. this was the instruciotns by expressvpn. If I change from DHCP to NONE, I get faster browsing but I get disconnected from VPN.
FYI:  I have my VPN interfaces all set to "None."









1.  Yes they are exactly the same as my Asus router.

2.  I don't have any problem on any website on Asus on Expressvpn. In fact 1 have 3 simultaneous connections in the US.

3.  Yes the throughput is slow 3 to 5 mpbs Up/down. That is the reason I want to migrate to Pfsense.

4.  On the Asus I have 2 connections to Los Angeles and 1 connection to New Jersey

5.  I am from SE Asia. I have tried to connect to different US servers they are almost all the same when it comes to speed. Not all  Expresss vpn servers are good for geolocation blocking. so far the 3 I mention works well on my Asus.

6  I followed expressvpn link provided.


https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/



This is the custom options provided on their website.



fast-io;persist-key;persist-tun;remote-random;pull;tls-client;verify-x509-name Server name-prefix;ns-cert-type server;key-direction 1;route-method exe;route-delay 2;tun-mtu 1500;fragment 1300;mssfix 1450;verb 3;sndbuf 524288;rcvbuf 524288



Its SHA512 bit. I am not sure if its HMAC.




Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #34 on: November 26, 2017, 02:26:02 am »
I followed your suggestions on the NAT outbound.
Dude, you're tweaking mah OCD.  :P  I'd edit your Descriptions for sanity purposes as in my screenshot.  Just two edits.  "LAN to ExpressVPN" and "localhost to ExpressVPN"


My apologies to you. I am thinking of taking some Xanax with these pfsense ordeal.

Anyway I am attaching some desktop screenshots.






Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #35 on: November 26, 2017, 06:31:15 pm »
I finally able to solve my pfsense ordeal. It took me 15 hours to figure everything out. Geolocation blocking is finally fixed. Netflix and Hulu are working but at the moment I can not get access to Amazon website on OpenVPN.

I would like to thank Finger79 and kenjianshi for their resolute support.


I will post some instructions later the day but until I resolve Amazon DNS problem.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4952
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #36 on: November 27, 2017, 09:30:57 am »
Yes - It is very odd that netflix would work but not amazon.  Its probably a simple fix.  We can see after you post your final configuration. 

This could be a DNS issue.  You might want to find out if your VPN provider has their own dedicated reliable DNS IP and use that. 

The problem I have with 8.8.8.8 and 8.8.4.4 is those can connect you to many different servers depending on your location.

In my laptop off the VPN from Manila when I ping 8.8.8.8, its 30ms

When in my vpn I use my remote pfsense LAN IP as my DNS server IP.  When I ping that IP, it shows about 250ms.  Far away as it should be.

When I ping 8.8.8.8 in the vpn, again over 250ms.  So, it is being tunneled properly.

We might want to do that test with you to be sure that the DNS servers you are connecting to are physically in the USA and not close by.

Could be something else though.  Not sure.  Its strange. 

« Last Edit: November 27, 2017, 09:44:22 am by kejianshi »

Offline wayne622

  • Newbie
  • *
  • Posts: 6
  • Karma: +1/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #37 on: November 27, 2017, 03:17:04 pm »
I have a question because I have the same dilemma. If I am using 3 OpenVPN connections for my Outgoing DNS Resolver settings I would select all 3 for the Outgoing Interfaces.  But, when Unbound is doing the resolving will it send a query out to all 3 Interfaces or only 1?

I also have a Gateway Group that is setup for fail-over purposes for the OpenVPN not sure if that matters as to whether or not Unbound will send a query to all interfaces or just the one that traffic is suppose to be going out at that time.

Offline tagit446

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +1/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #38 on: November 27, 2017, 08:47:22 pm »
You can check your ExpressVPN IP and DNS here: https://www.expressvpn.com/dns-leak-test
pfSense v2.4.2 - RELEASE (amd64) running on AMD Phenom(tm) II X4 965 Processor, Asus M4A89GTD PRO motherboard, Dell / Intel Pro/1000 VT Quad Port PCI-E Gigabit NIC Dell P/N 0H092p

Offline lovan6

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +1/-1
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #39 on: November 27, 2017, 09:16:14 pm »
Yes - It is very odd that netflix would work but not amazon.  Its probably a simple fix.  We can see after you post your final configuration. 

This could be a DNS issue.  You might want to find out if your VPN provider has their own dedicated reliable DNS IP and use that. 

The problem I have with 8.8.8.8 and 8.8.4.4 is those can connect you to many different servers depending on your location.

In my laptop off the VPN from Manila when I ping 8.8.8.8, its 30ms

When in my vpn I use my remote pfsense LAN IP as my DNS server IP.  When I ping that IP, it shows about 250ms.  Far away as it should be.

When I ping 8.8.8.8 in the vpn, again over 250ms.  So, it is being tunneled properly.

We might want to do that test with you to be sure that the DNS servers you are connecting to are physically in the USA and not close by.

Could be something else though.  Not sure.  Its strange.





I talk to my local ISP and bought their decommissioned DNS server ($$$$) on a condition that I have a dedicated US DNS connection.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4952
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #40 on: November 28, 2017, 12:36:36 am »
Swatting flies with cannons?

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #41 on: November 28, 2017, 12:24:27 pm »
I have a question because I have the same dilemma. If I am using 3 OpenVPN connections for my Outgoing DNS Resolver settings I would select all 3 for the Outgoing Interfaces.  But, when Unbound is doing the resolving will it send a query out to all 3 Interfaces or only 1?

I also have a Gateway Group that is setup for fail-over purposes for the OpenVPN not sure if that matters as to whether or not Unbound will send a query to all interfaces or just the one that traffic is suppose to be going out at that time.

Unbound sends DNS queries out all interfaces.  You can verify this from a DNS Leak tester such as this one:  https://www.dnsleaktest.com/ and click on "Extended Test."  You'll see the IP addresses for all 3 of your OpenVPN connections.

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #42 on: November 28, 2017, 12:26:09 pm »
Yes - It is very odd that netflix would work but not amazon.  Its probably a simple fix.  We can see after you post your final configuration. 

This could be a DNS issue.  You might want to find out if your VPN provider has their own dedicated reliable DNS IP and use that. 

The problem I have with 8.8.8.8 and 8.8.4.4 is those can connect you to many different servers depending on your location.

In my laptop off the VPN from Manila when I ping 8.8.8.8, its 30ms

When in my vpn I use my remote pfsense LAN IP as my DNS server IP.  When I ping that IP, it shows about 250ms.  Far away as it should be.

When I ping 8.8.8.8 in the vpn, again over 250ms.  So, it is being tunneled properly.

We might want to do that test with you to be sure that the DNS servers you are connecting to are physically in the USA and not close by.

Could be something else though.  Not sure.  Its strange.
He's using unbound for DNS resolution though.  The Google 8.8.8.8/8.8.4.4 settings are only used by the pfSense box if the VPN tunnel goes down.  No LAN DNS queries should be forwarded to Google DNS.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4952
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #43 on: November 28, 2017, 01:36:38 pm »
Why should netflix work and amazon not?  That is fairly backwards

Offline Finger79

  • Full Member
  • ***
  • Posts: 188
  • Karma: +17/-0
    • View Profile
Re: I need help here. I am hitting the wall. Please help a noob.
« Reply #44 on: November 28, 2017, 04:00:50 pm »
Why should netflix work and amazon not?  That is fairly backwards
That's never made sense to me.  All else being equal, why would Amazon work when using the Asus router for OpenVPN but Amazon doesn't work when using pfSense for OpenVPN?  So weird.  lovan6 says the configurations are exactly the same, which means we should expect the same results.  *shrug*