Netgate m1n1wall

Author Topic: How to create an OpenVPN client to StrongVPN  (Read 92248 times)

0 Members and 2 Guests are viewing this topic.

Offline pkwong

  • Jr. Member
  • **
  • Posts: 53
    • View Profile
    • Swimming in thought
Re: How to create an OpenVPN client to StrongVPN
« Reply #90 on: May 11, 2012, 05:43:50 pm »
While I've written a howto on how to implement StrongVPN with Pfsense (that actually works), I thought it would be interesting reading to take a look at Amazon's free tier.  I like StrongVPN, but the reality is why pay for something you can get for free?

Check it out:  http://swimminginthought.com/201204amazons-free-tier-personal-vpn-server/

Getting a VPN for free for one year isn't a bad deal considering you control both ends of the pipe.  You're guaranteed to know whether or not you're having any ports blocked (you choose).  Just a thought.

My posting for employing strongvpn via pfsense is still at: http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/

It works flawlessly by the way.  Over 30+ happy customers that I've personally set up.
When all else fails, don't blame the machine.  Blame your architecture.

Offline yu130960

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #91 on: July 11, 2012, 10:16:43 am »
I have to agree with the previous posts that something is weird.

I was using PFsense and strongvpn for over a year and successfully upgraded to the latest 2.01.

However when I changed servers I did a factory reset and have never been able to get the traffic to pass through again.  It acutally locks up PFsense and it does not pass internet traffic on aspects of the Lan.

I have spent two days trying to figure it out and even did a restore to the old settings and simply changed out the certificates and other server info to address the new open vpn server and it still does not work.


Offline pkwong

  • Jr. Member
  • **
  • Posts: 53
    • View Profile
    • Swimming in thought
Re: How to create an OpenVPN client to StrongVPN
« Reply #92 on: July 23, 2012, 06:15:55 pm »
Since StrongVPN has changed their set up Again.. Here's the updated link on how to get it working: http://swimminginthought.com/update-strongvpn-pfsense-working-file-config/

Works perfectly.. tested.. etc.
When all else fails, don't blame the machine.  Blame your architecture.

Offline singerie

  • Jr. Member
  • **
  • Posts: 73
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #93 on: July 30, 2012, 01:45:55 am »
Since StrongVPN has changed their set up Again.. Here's the updated link on how to get it working: http://swimminginthought.com/update-strongvpn-pfsense-working-file-config/

Works perfectly.. tested.. etc.



what did they change ?

Offline pkwong

  • Jr. Member
  • **
  • Posts: 53
    • View Profile
    • Swimming in thought
Re: How to create an OpenVPN client to StrongVPN
« Reply #94 on: August 24, 2012, 02:54:23 pm »
I honestly have no idea.  I found it interesting that they don't support AES encryption in my latest round of helping someone get their vpn up.  So it's basically easy to break via Deep Packet Inspection tech.  Essentially, no security of privacy in my eyes. 
When all else fails, don't blame the machine.  Blame your architecture.

Offline singerie

  • Jr. Member
  • **
  • Posts: 73
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #95 on: August 26, 2012, 03:07:55 am »
i saw they support AES-256-CBC in their 'ultra-secure config' in their vpn summary pannel.


Also, 1 question.

I managed to have strongvpn to work, but now pfsense in 'unable to check for update' on the dashboard (using beta 2.1).

this is my oopenvpn option : verb 5;tun-mtu 1500; route-delay 2;explicit-exit-notify 2;fragment 1390;key-direction 1;

and i've put 2 manual dns server in the general config, and disabled Allow DNS server list to be overridden by DHCP/PPP on WAN.

but i see ovpn has created a route 0.0.0.0 to strongvpn. Do you guys think it might be my issue ? And i have to manage to remove this route ?


edit : config issue, now working after a reboot :)
« Last Edit: August 26, 2012, 03:39:02 am by singerie »

Offline pkwong

  • Jr. Member
  • **
  • Posts: 53
    • View Profile
    • Swimming in thought
Re: How to create an OpenVPN client to StrongVPN
« Reply #96 on: August 26, 2012, 08:14:35 am »
Just my personal opinion, but I don't see the purpose of charging extra for encryption that works, although, they are a business and AES is 14 levels deep when it comes to AES 128.  So it is more CPU intensive and any business deserves to make money.  I am, however, using an Amazon Free Tier OpenVPN server that does it just fine.  All incoming traffic is free so unless you're doing tons of outbound (even then it's only .12 per Gigabyte), it's still a bargain.

If you take a look at your upstream bandwidth and calculate it out to what you can maximally push over the month, you'll realize it's VERY cheap.

Cheers.

Percy
http://swimminginthought.com/free-server-it/
« Last Edit: August 26, 2012, 09:15:49 am by pkwong »
When all else fails, don't blame the machine.  Blame your architecture.

Offline V.A.L.I.S

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #97 on: September 16, 2012, 10:06:27 am »
I followed your tutorial to a tee and it didn't work.  StrongVPN's tech support wasn't much of a help.  After much experimentation, I got it working.  I made a step by step post on it: http://www.swimminginthought.com/2012/02/15/netflix-and-isp-throttling-bypassed-by-vpn-solved/

Something must have changed in 2.0.1

Thank you for your detailed tutorial :)   
"God helps those who help them selves."

Offline yu130960

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #98 on: September 18, 2012, 02:37:01 pm »
To those that have read through the thread you can see that I have been working and at times struggling with this set up for some time.

I had to do a factory reset on pfsense after trying some betas and was having trouble.

It seems that I have pinpointed my problems with the default routing not always taking hold.  In the rules I have set the default Lan rule to explicitly state the WAN rather than default routing gateway and also turned on LZO compression with the following settings

verb 5;tun-mtu 1500;fragment 1300;keysize 128;redirect-gateway def1;persist-key;comp-lzo adaptive;

Offline raclure

  • Newbie
  • *
  • Posts: 16
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #99 on: December 07, 2012, 07:13:29 am »
Hi everyone,

I followed part of this tutorial to set-up a working VPN connection to vpntunnel.com. It works like a charm, and i'm able to redirect certain LAN ip through the VPN, while all others goes to the normal route.

As all the traffic reaching the VPN ip is redirected to the box, i tried to build some firewall rules to block traffic coming from the VPN and going to certain port (like the ssh port and the http port). I added 2 rules in the appropriate firewall rules tab (the tab dedicated to the VPN connection) to drop any tcp packet hitting port 22 or port 80. But this had no effect, even after a reboot.

Am i doing this right ? Has someone already tried this ?

(I'm using version 2.1-BETA0 (i386)built on Tue Dec 4 21:53:03 EST 2012)
« Last Edit: December 07, 2012, 09:00:13 am by raclure »

Offline raclure

  • Newbie
  • *
  • Posts: 16
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #100 on: December 07, 2012, 09:19:55 am »
Ok, the solution to my problem lies within the 'floating' rules. It's where the block rules are to be set. Now it works perfectly.

« Last Edit: December 07, 2012, 09:22:04 am by raclure »

Offline pelle_chanslos

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #101 on: January 13, 2013, 08:21:15 am »
Hi everyone,

I followed part of this tutorial to set-up a working VPN connection to vpntunnel.com. It works like a charm, and i'm able to redirect certain LAN ip through the VPN, while all others goes to the normal route.

(I'm using version 2.1-BETA0 (i386)built on Tue Dec 4 21:53:03 EST 2012)

How do you manage to redirect certain LAN IPs through the VPN and others through the normal WAN?

Offline raclure

  • Newbie
  • *
  • Posts: 16
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #102 on: January 16, 2013, 03:42:41 am »
For version 2.1:

In Firewall->Rules->LAN you simply add a rule where source is your LAN IP, DESTINATION is * and in advance features, you set the Gateway to the VPN.
Be careful to look what is the default gateway, as it might have become the VPN.
Be also careful that the rules work as 'first match applies', so as long as a rule doesn't match, it'll look at the next one down.
Also, if the VPN is down, packet might be routed through the default gateway (and you might not want that), be sure to set up rules correctly

I hope it helps.
« Last Edit: January 16, 2013, 03:44:37 am by raclure »

Offline arisap3

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #103 on: June 27, 2013, 10:52:43 pm »
 ;D ;D ;D ;D Working... thanks guys

Offline panz

  • Jr. Member
  • **
  • Posts: 93
    • View Profile
Re: How to create an OpenVPN client to StrongVPN
« Reply #104 on: August 07, 2013, 05:04:17 am »
After reading/experimenting with OpenVPN + AirVPN my doubt is: is my internal LAN exposed to Internet if i change the "Firewall Rules" according to the first (original) post?

For VPN to work, I thought it was sufficient to set manual NAT rules. Touching firewall rules seems overkill to me.