Why Should I Use a VPN

If you get this thing working, you should post on the AirVPN forum

And, if we run out of ideas about getting Incognito routed through AirVPN on pfSense, it might be worth starting a thread there.

 

I'll ask ra about that. Incognito runs the latest Tor version, while Gateway 5.3 runs an old one. So it could be a Tor update that breaks connecting over UDP.

Just in case, please try pfSense AirVPN in TCP mode with the Advanced string "ns-cert-type server;redirect-gateway def1;verb 5". We might be stuck with TCP in order to use updated Tor.

OK, if I have to. But not now.

 

ok ive done a retest with



ns-cert-type server;redirect-gateway def1;verb 5


works both tcp and udp so seems you was right

 

?

incognito , sure , but tor gateway works with air vpn pfsense upd and tcp , btw i deffinitely will post this on air once complete,im sure there will be quite a few who would like to get a nice mindboggle , lols

 

Cool.

You could include "explicit-exit-notify 5" when you use UDP, if you like.

 

There might be important stuff in the updated Tor, so don't forget about Incognito yet.

Anyway, on to Mullvad

 

ok , lols

 

wait , maybe ill try it with tor 5.3 , one sec

not quite ready yet , lemme test that theory of yours out , then on to mullvad

 

you could include "explicit-exit-notify 5" when you use UDP, if you like.

worked

ok so now we know it was incognito , and that tcp works but without

explicit-exit-notify 5

 

ok ive tried to setup mullvad but i have no idea what to enter into ip address nor port , nor what dns to set -.-, i do know it uses BF-CBC

anyhow ill send you a openvpn mullvad client connection log maybe youll find something i couldnt , check your inbox

 

Very cool, we're making considerable progress

In case I forget later, once you get everything working, there are some tweaks. Most importantly, in case the AirVPN connection dies, we need firewall rules in the pfSense AirVPN client to block DNS lookups from LAN to WAN using AirVPN's DNS server(s). That's the infamous VPN DNS leak.

And generally, you'll need to check everything for leaks with Wireshark.

 

OK, thanks.

Here's what I'd use first:

In OpenVPN Client Setup

Server: 46.21.99.21
Port: 1197

Code:

TLS Authentication 	
     [checked] Enable authentication of TLS packets.
     [checked] generate a shared TLS authentication key.

Encryption algorithm: BF-CBC (128-bit)

In DHCP Server Setup

DNS Server: 10.11.0.1

That's what I get from the Mullvad connection log that you sent.

If that works, try using the server URL instead:

Server: se2.mullvad.net
Port: 1197

 

You two need to get a room

 

Yeah, you're probably right But hey, somebody else might be curious.

When we're done, we'll add a tutorial.

 

lols , id like to see you try then talk


thanks mirimir ill go and try out those settings now


update: ok that worked both tcp and udp , just had to change the port number and uncheck tls auto creation, worked with both server name and ip , so i asume leave it set to a tcp ip right, since you said you wanted me to set the outer vpn aka mullvad to tcp or something?

lets get this done first , so whats next

 

That's is extremely cool

You now have working pfSense clients for AirVPN and Mullvad, and ra's Tor Gateway!

It's interesting that it worked without automatic TLS authentication. I guess that it's enough that the Mullvad server pushes that. Does it work if automatic TLS authentication is enabled in the pfSense client?

Yes, leave the Mullvad pfSense client set to one of the TCP IP address and port combinations. Once you verify that it connects through Tor, you can change to se2.mullvad.net and test.

Next is testing the full VPN>Tor>VPN chain. I don't remember what you've named the VBox internal networks, but this is the setup:

AirVPN pfSense client VM (UDP mode)
..........adaptor 1 = WAN : NATed to host machine
..........adaptor 2 = LAN : connected to internal network "AirVPN"

Tor Gateway VM
..........adaptor 1 = WAN : connected to internal network "AirVPN"
..........adaptor 2 = LAN : connected to internal network "Tor"

Mullvad pfSense client VM (TCP mode)
..........adaptor 1 = WAN : connected to internal network "Tor"
..........adaptor 2 = LAN : connected to internal network "Mullvad"

Ubuntu workstation VM
..........adaptor 1 : connected to internal network "Mullvad"

 

Why don't you use Zentyal It's actively developed, updated regularly & has OpenVPN built into it.

Get it here http://www.zentyal.com/

 

I looked at their website, and honestly can't tell what it is

Please explain a little why you suggested that.

 

ummm... of course not or else i wouldve kept tls auto creation activated as ive already explained


update:


ok mullvad works both with host name and ip over torgateway , so next to vpn:tor:vpn .. (rolls back sleeves)

 

OK, good to know

 

well , not working , could it be that i have to change the LAN of one pfsence since they both have 198.168.1.1

 

No, that shouldn't matter unless you route Mullvad directly through AirVPN. They can't see each other through Tor.

With everything running and the pfSense and Tor gateway VMs connected as I described, use the Ubuntu VM to check each internal network (AirVPN, Tor and Mullvad). Check for Internet connectivity, and what your IP is. And look at the AirVPN and Mullvad pfSense web GUIs, check VPN status (up/down) and look at the OpenVPN logs to see what's going wrong.

I'm done for the night. Congratulations again on your successes

PS Just FYI, you can have several Tor>VPN chains connecting to each primary VPN. You can probably get 1-2Mbps out of each one, so 5-10 would max out typical 20Mbps broadband. And you could put chains in separate computers, connected via CAT5 cables, to connect an entire workgroup. I know that you don't want that now, but just FYI

 

it wasnt the same lan addresses fault!!


ok so ive checked every possible combination and following

so vpn>tor>vpn is up and running ,

btw let me tell you what did and did not work

so ive tried tcp in air then tcp in mullvad and removed the rule

explicit-exit-notify 5

and it worked! , then ive thought , lets see what else we can try, so ive tried again with mullvads nameserver instead of the ip , no luck , so no nameservers, then ive tried with setting air to udp and mullvad to udp , no luck , then ive tried air to upd and mullvad to tcp , works!

mind you ive tried all this with and without the rule explicit-exit-notify 5

and everytime it failed due to explicit-exit-notify 5 apparently it dont like that rule



btw what do you mean with

now your confusing me,please elaborate on this, btw rest well


so now what , how do i get to what i wanted mirimir, you know have my host pc use the vpn>tor>vpn connection for all traffic and that i have a seperate vm just for banking and real life stuff with my real ip,and about those special firewall rules you was mentioning? , thanks in advance

 

You know happy, your a smart guy BUT with this setup you are just forcing someone to bring a sledgehammer instead of a hammer to break your setup.

I'm not sure if it's a good thing these setups, brings attention to yourself.

 

lols sure ,you know how the saying goes , you just gotta know how to wield it , thats all, not to mention mirimir is no stupid kid , he knows his stuff and alot of thought has gone into this aka a "sledgehammer" will just be a waste of money , not to mention its all off the radar and blends right in thats the goal here, not to gain ANY attention to yourself , its sad but thats the way the world has come to be , you cant even go to a simple freakin website without being logged and tracked and traced every waking moment and people abusing that data till kingdom come

btw this is just to mitigate the attack surface to a minimum possible percentage , since the first attack vector is your net access , remember that, thats your most vulnerable spot in your setup , the rest comes after that and of course a tightened down system is a given, where not talking about physical security , thats a different topic for itself


more and more people are and will be using setups like these and they should , you know why, cause the internet and corporations are getting money hungrier from day to day , meaning your the target , no matter what you think aka the attention is on you and everyone around you, theres money to be had and perfectly law abiding and working citizens to be fd over , your just not realizing it yet, apparently , not paranoid,

just being real, just open your eyes and look at it from outside the box, when doing research you dont just start and stop with pc hardware you delve so much deeper , trust me its worth every second , the more experience , the longer youl enjoy your freedom and stay away from the "good" guys theyre intentions are anything but, thou im sure you know all this already