Speed Tests with VPN and Encryptions. Help by Sharing your results :)

[Rango]

Maybe Rango can share his pfsense configurations...

Honestly guys i love what pfsense can do but for few days now i can't get it to work anymore even on wan and lan. I did reinstall from scratch, no luck.
For wan i couldn't get isp wan ip address, so then i spoofed my physical nic in wan portion of pfsense where mac is. That worked and got wan ip.
Internet worked but resolving host names, namely pia vpn server woudl not resolve pia server name, maybe i got blocked.

Then i reconfigured again and i couldn't get web configuration to come up. It has everything to do how you configure ip networks and it's subnets.
For example my router is 192.168.1.1 but pfsense is also 192.168.1.1 so you have to change one, i changed pfsense .2 and pfsense would not come up
So then i set my router as AP only mode with .3 ip address and .1 pfsense and still no luck. I spent 3 days on this and i gave up. Posted 2 threads on pfsense formu and crikcets i hear until today. Initially i got pfsense to work right a way and PIa worked too. I wonder maybe comcast blocked me somehow, i don't know.
I watched numerous videos on setups and it just won't work anymore. I even tried setting up my 87u to still be router and then setup private network for pfsense so i can only do vpn and later firewall later but there is some routing configuration i'm doing wrong which i don't understand frankly or i'm being blocked by comcast hance i won't get wan ip unless i spoof mac but that then won't resolve vpn host name but i will get on internet just fine. As you see it's confusing. I do like pfsense but one has to get config right. I don't understand anymore why it's not wokring for me and i tried in different scenarios. Initially worked right a way and easy. I was up on wan and vpn with 8ombps.

 

[yorgi]

Honestly guys i love what pfsense can do but for few days now i can't get it to work anymore even on wan and lan. I did reinstall from scratch, no luck.
For wan i couldn't get isp wan ip address, so then i spoofed my physical nic in wan portion of pfsense where mac is. That worked and got wan ip.
Internet worked but resolving host names, namely pia vpn server woudl not resolve pia server name, maybe i got blocked.

Then i reconfigured again and i couldn't get web configuration to come up. It has everything to do how you configure ip networks and it's subnets.
For example my router is 192.168.1.1 but pfsense is also 192.168.1.1 so you have to change one, i changed pfsense .2 and pfsense would not come up
So then i set my router as AP only mode with .3 ip address and .1 pfsense and still no luck. I spent 3 days on this and i gave up. Posted 2 threads on pfsense formu and crikcets i hear until today. Initially i got pfsense to work right a way and PIa worked too. I wonder maybe comcast blocked me somehow, i don't know.
I watched numerous videos on setups and it just won't work anymore. I even tried setting up my 87u to still be router and then setup private network for pfsense so i can only do vpn and later firewall later but there is some routing configuration i'm doing wrong which i don't understand frankly or i'm being blocked by comcast hance i won't get wan ip unless i spoof mac but that then won't resolve vpn host name but i will get on internet just fine. As you see it's confusing. I do like pfsense but one has to get config right. I don't understand anymore why it's not wokring for me and i tried in different scenarios. Initially worked right a way and easy. I was up on wan and vpn with 8ombps.

you need to pull the plug on your modem for about 20 minutes and that will reset the IP from comcast.

Btw how are the crickets doing?
then your pfsence will work. You can't just unplug the modem into a new router that will never work this is why you had to clone the mac.
anyways if i where you I would let go of pfsence and move on with life. This stuff can get super complicated and zero results at the end

btw how are the crickets doing?
LOL

 

[Rango]

you need to pull the plug on your modem for about 20 minutes and that will reset the IP from comcast.

Btw how are the crickets doing?
then your pfsence will work. You can't just unplug the modem into a new router that will never work this is why you had to clone the mac.
anyways if i where you I would let go of pfsence and move on with life. This stuff can get super complicated and zero results at the end

btw how are the crickets doing?
LOL

I just reinstalled everything including vm while my modem was unplugged for 30 min. Got into pfsense web interface. Cant get ip unless i spoof mac.

I did find out what the issue is. I cant ping any internet address from pfsense box which is why i cant get onto vpn. So maybe i need to create or define gateway for comcast gatway.

Thing is my physical nic of desktop that hosts vm and pfsense gets comcast ip address.

Im gonna pop a gasket soon lol

 

[scaramonga]

65Mbs on no encryption though (PIA), so that will do me on VPN I'm only using it for my media box, so go hack lol.

 

[Rango]

It means that because the benchmark tends involves very little data and program code, all the data or program code can be stored in the L1 cache so the benchmark is more of a math processing test which doesnt require data flowing to different components. .........

My friend. I have an issue with lan talking to wan on pfsense platform yet both are on same subnet and i can ping within pfsense other subnet but when i try to lunch web configurator which i assigned ip address to it wont' come up. It seems my pc which host vm workstation that runs pfsense won't talk to pfsense.
I don't understand i guess how to setup two network cards, bridge (physical connection, NAT or host or cutom lan. It gets confusing. withing pfsense subnets talk but i'm technically on wan interface, i did define upsteam gateway but not sure what that is. For example purposes can we us 192.168.1.xxx subnet. ? Any help would be greatly appriciated.

I followed this and this is what it seems like it's setup, problem is my physical nic card can't talk to any of lan on pfsense that is located on vmware host box. I think i may have internal adapters incorrrectly configured or subnets but that's bit above my head. The only way i got it work it with only one interface which is my wan, physical card. As soon as i add any other interface (virtual or even physical second nic card) web interface won't come up as i suspect my wan (physical card, my desktop) can't talk to any of the lans (on virtual box). Not sure what' i'm doing wrong.

http://www.tecmint.com/how-to-install-and-configure-pfsense/2/

 

[sfx2000]

Just a thought - and perhaps a thought experiment - has anybody considered off-loading OpenVPN to an external machine rather than running the client/server on the Router/AP itself?

Intel's Z3000 series chips have better bandwidth, and those particular cores support Intel's AES-NI instructions, so a "mini" PC like a Zotac, ECS, or similar (Z3537F quad core @ 1.33GHz) might offer better performance... these little boxes are fanless, run cool, and typically use less than 15W at full tilt... step things up a small level to like a Dell Inspiron Mini i3050 or Intel NUC NUC5PGYH, where there is even more capability, but still low power (these two have GiGE on PCI-e, most of the very low Z-chip based units have 100BaseT on a USB adapter)

Would take some IP tables work to facilitate - but it would be an interesting, and perhaps compelling solution given that we're moving load off the Router onto a dedicated, yet low power unit...

Your Thoughts?

 

[Rango]

Just a thought - and perhaps a thought experiment - has anybody considered off-loading OpenVPN to an external machine rather than running the client/server on the Router/AP itself?

Intel's Z3000 series chips have better bandwidth, and those particular cores support Intel's AES-NI instructions, so a "mini" PC like a Zotac, ECS, or similar (Z3537F quad core @ 1.33GHz) might offer better performance... these little boxes are fanless, run cool, and typically use less than 15W at full tilt... step things up a small level to like a Dell Inspiron Mini i3050 or Intel NUC NUC5PGYH, where there is even more capability, but still low power (these two have GiGE on PCI-e, most of the very low Z-chip based units have 100BaseT on a USB adapter)

Would take some IP tables work to facilitate - but it would be an interesting, and perhaps compelling solution given that we're moving load off the Router onto a dedicated, yet low power unit...

Your Thoughts?

That is my thought behind running opvenvpn fully featured client on pfsense on vmware utilizing 4 core 4.1Ghz, 12GB RAM...welll 2GB assigned and i hit 80Mbps initialy and then i couldn't get on the box anymore so i'm back on router again.

My thought was to run vmbox all the time, use client and use router in AP mode as wifi and wired switch and learn more pfsense and it's features, play with packages etc.

 

[Blade Runner]

Rango,

Your internet connection is not being blocked because of pfSense. The modem has to reset itself.

1. Reset cable modem by unplugging PSU, wait until all indicator lights are out (30-60 sec), then replug PSU, and wait until indicator lights are on (30-60 sec).
2. Reset AP to factory defaults, then unplug from router.
3. Line cable modem into pfSense NIC1 (or whatever).
4. Reinstall pfSense or reset to factory defaults. DO NOT change pfSense default IP address.
5. Select 'Assign Interfaces', select 'Automatic Detection'. Wait for 'make sure link is up' prompt, then,
6. Plug pfSense NIC2 into desktop/laptop.
7. Setup should recognize interface as LAN.
8. Do not configure additional interfaces.
9. Reboot.

WAN and LAN interfaces should be configured after system reboots.

Existing wireless router configuration
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
Follow the above instructions and you should be good to go.

PIA configuration
Do not check box for TLS Authentication as it should be disabled.

 

[Rango]

Rango,

Your internet connection is not being blocked because of pfSense. The modem has to reset itself.

1. Reset cable modem by unplugging PSU, wait until all indicator lights are out (30-60 sec), then replug PSU, and wait until indicator lights are on (30-60 sec).
2. Reset AP to factory defaults, then unplug from router.
3. Line cable modem into pfSense NIC1 (or whatever).
4. Reinstall pfSense or reset to factory defaults. DO NOT change pfSense default IP address.
5. Select 'Assign Interfaces', select 'Automatic Detection'. Wait for 'make sure link is up' prompt, then,
6. Plug pfSense NIC2 into desktop/laptop.
7. Setup should recognize interface as LAN.
8. Do not configure additional interfaces.
9. Reboot.

WAN and LAN interfaces should be configured after system reboots.

Existing wireless router configuration
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
Follow the above instructions and you should be good to go.

PIA configuration
Do not check box for TLS Authentication as it should be disabled.

Blade thank you so much for help. I much appreciate it. I followed it to the tee and comcast will not issue wan ip to pfsense box virtual box. Maybe my adapters are not configured properly. What i just tried is i am running 87u router as my router dhcp, firewall etc but i setup pfsense on lan as client, pia vpn client is up
and i check logs and opvenvpn client is up but gateway for pia is down. Interface for pia shows up and in openvpn log it shows it's initiated but when i check if tunnel is up on website (whoer.net or whatismyipaddress.com) it shows comcast ip NOT PIA vpn so to me that means tunnel is down as it should create tunnel to pia. I suspect that is because of opvenvpn gateway is down in pfsense or my 87u router needs a route for pia tunnel or i need to disable something in firewall of 87u router. How do i fix that this tunnel and gateway initiates correctly and external websites show PIA vpn ip not comcast. I'm attaching screenshots. I greatly appreciate help. Thank you.

 

[Rango]

additional screenshots. The log is reversed meaning latest entries are on top

 

[Rango]

ethernet adapters config

 

[Rango]

pfsense console & vmware virtual ethernet adapters.

 

[Rango]

So here is the issue....Unable to redirect default gateway. Cannot read current default gateway from system.

I suspect this is due to pia vpn gateway being down in gateways in pfsense. Not sure how i fix this issue.

The network cloud looks like this ISP (comcast) to asus87u router as wan connection (dhcp, fireway all default service running) 87u Lan to pfsense wan interface to pfsense lan interface physically connected by 2 nic cards (desktop physical box hosting vmware hosting pfsesnse) to 87u lans switch. Pia interface on lan of pfsense.

 

[Rango]

Also pfsense has dns issue it appears as packages are not showing. Probably related to original issue.

 

[Rango]

Ok so looks like pfsense has no internet connectivity yet pia is up? whaattttttttttttttttttttt
This pfsense is giving me a headache. Why is this so complicated.

It looks like i need to define a route to my 87u or maybe gateway needs to come up in pfsense.

 

[System Error Message]

Some ISPs are a bit crazy.
What you should do is put your pfsense WAN behind another router to test if DHCP works. Another thing you need to know is that in various configurable routers, PPPOE is an interface, VLAN is an interface.
So you could have a PPPOE interface that runs on a vlan interface which runs on a physical port. You will need to check your settings include the interface as well if this is the case.

If you are looking at routes by default you should have
0.0.0.0/0 WAN interface or ISP gateway metric 1
192.168.x.x LAN interface metric 0

If you use VPN and dont want to use internet through it make sure it is not a gateway or that its route metric is 2 for 0.0.0.0/0.

Do a trace and see which where it tries to go.

 

[Rango]

Thanks guys for help. I think i found THE issue of my problem which is my NICs are really not working with pfsense. I found that out threw ESX which tole me no network adapters detected, but pfsense would not tell me that. 6 days of troubleshooting down the drain. I have realtek adapters which by default won't work with ESX and i suspect is same issue with pfsense which runs on FreeBSD so i just ordered intel 1000 pro dual nic card and will try again. What i was doing about is NAT which will work on lan but my wan which should be bridged to physical adapter, not NATed would never get my isp ip. Anyway i will try again once i get my nics. Thanks for support. I got zero respone on 3 threads on pfsense forum. Werid.

 

[Rango]

Some ISPs are a bit crazy.
What you should do is put your pfsense WAN behind another router to test if DHCP works. Another thing you need to know is that in various configurable routers, PPPOE is an interface, VLAN is an interface.
So you could have a PPPOE interface that runs on a vlan interface which runs on a physical port. You will need to check your settings include the interface as well if this is the case.

If you are looking at routes by default you should have
0.0.0.0/0 WAN interface or ISP gateway metric 1
192.168.x.x LAN interface metric 0

If you use VPN and dont want to use internet through it make sure it is not a gateway or that its route metric is 2 for 0.0.0.0/0.

Do a trace and see which where it tries to go.

This is way over my head hehe...i guess i need to brush up on my subnetting lol
System if i'm saying something that doesn't make sense to you straighten me out. I could be wrong on nics but i think i'm right based on what i 've seen with ESX virtualization.

 

[Blade Runner]

Rango,

Several items from your screenshots:

1. Dashboard-Comcast should assign WAN IP as if pfSense were not present. It appears WAN and LAN are on the same subnet.
2. LAN IP Address-Let pfSense configure as default 192.168.1.1
3. Gateways: WAN_DHCP and GW_LAN IP addresses are identical(?). WAN_DHCP gateway should be IP address assigned from Comcast. What is GW_LAN and reason it's needed?
4. Status: System logs: OpenVPN-open vpn[7054]Initialization Sequence Completed; means PIA is correctly configured
5. Virtual Machine Settings-Bridging is unnecessary because pfSense is a router not a switch
https://forum.pfsense.org/index.php?topic=107455.msg598157;boardseen#new

Use pfSense setup wizard to resolve connection issues during initial configuration.

NIC
Intel is gold.
Broadcom is silver.
Realtek is OK.

 

[Rango]

Blade Runner, post: 241083, member: 24257 Rango,

Several items from your screenshots:

1. Dashboard-Comcast should assign WAN IP as if pfSense were not present. It appears WAN and LAN are on the same subnet.

That is the part of the problem. I can't get comcast ip address. If i set nic to bridged it shows blank, if i do nat it give 192 ip for wan.
Could it be possible comcast is blocking pfsesne from getting ip address. It's possible i'm not configuring virtual adapters in vmware coorectly but i tried all configurations. Any ideas? I figured it's my realtek driver that is not being recognized in pfsense so therefore i ordered intel 1000 pro nics. vmware esxi is also not seing my adapters but not sure about workstation. Also if i don't setup nic as nat i won't connect to web interface.

You are right i have them on same subnets. Should lan be 10.x..x.x subnet and wan whatever comcast ip asssigns correct?

2. LAN IP Address-Let pfSense configure as default 192.168.1.1

3. Gateways: WAN_DHCP and GW_LAN IP addresses are identical(?). WAN_DHCP gateway should be IP address assigned from Comcast. What is GW_LAN and reason it's needed?

That is because this was setup threw router so that's why. it's incorrect setup i know i was just testing it.

4. Status: System logs: OpenVPN-open vpn[7054]Initialization Sequence Completed; means PIA is correctly configured

5. Virtual Machine Settings-Bridging is unnecessary because pfSense is a router not a switch
https://forum.pfsense.org/index.php?topic=107455.msg598157;boardseen#new

How should this be setup then?

Use pfSense setup wizard to resolve connection issues during initial configuration.

NIC
Intel is gold.
Broadcom is silver.
Realtek is OK.