VyprVPN on pfSense (Working)

Hello all,

I struggled for a little bit to get this working, and figured I would share with everyone else - how to use VyprVPN on pfSense (2.4.3 latest).

Get your OpenVPN certificate from: https://support.goldenfrog.company/hc/en-us/article_attachments/201553633/CA_Cert.txt. Download the file and open in notepad (or your fav text editor). Copy all the content to your clipboard.

Adding Cert to pfSense:

  1. System -> Certificate Manager -> Add
  2. Name: VyprVPN
  3. Certificate Data: Paste the cert here.
  4. Leave all remaining fields as default / blank.
  5. Click Save.

If everything worked, you will be redirected to the certificate page and should see an email address, valid dates, etc. We are done here.

Setup OpenVPN in pfSense (assume all fields are default unless otherwise mentioned):

  1. VPN -> OpenVPN -> Clients (tab) -> Add
  2. Server Mode: Peer to Peer (SSL/TLS)
  3. Protocol: UDP IPv4 and IPv6 on all interfaces (multihome)
  4. Device Mode: tun - Layer 3 Tunnel Mode
  5. Interface: WAN
  6. Server host or address: us3.vpn.giganews.com (Can be whichever server suites you best. Note: I get my VyprVPN as a part of my Giganews sub, so I needed to use their domain to resolve the server - if you just have a VyprVPN sub, then use a domain they provide https://support.goldenfrog.com/hc/en-us/articles/203733723-What-are-the-VyprVPN-server-addresses).
  7. Server port: 443
  8. Description: VyprVPN Texas (or whatever server you used)
  9. Username: fill this in with your credentials
  10. Password: fill this in with your credentials
  11. TLS Configuration: (uncheck)
  12. Peer Certificate Authority: VyprVPN (the certificate we added earlier)
  13. Client Certificate: none
  14. Encryption Algorithm: AES-256-CBC
  15. Enable NCP: (uncheck)
  16. NCP Algorithms: AES-256-CBC (should be the only one in the grey box)
  17. Auth Digest Algorithm: SHA256
  18. Hardware Crypto: If you got it, use it (e.g. - Intel RAND)
  19. Compression: Adaptive LZO Compression

Do not click save yet… Now In the Advanced Configuration:

Custom options: Copy the following into this box…

resolv-retry infinite
keepalive 10 60
persist-key
persist-tun
persist-remote-ip
verify-x509-name us3.vpn.giganews.com name
verb 3
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
redirect-gateway autolocal

Change the domain / server address in the above text, to the same one you used above in step 6.

Next set, Verbosity level: 3 (recommended)

Finally click save. To confirm the VPN is established and working, click on the Graph Icon (Tool Tip: Related Status). You should now see Status as UP and have a new IP Address. At this point, you will lose the ability to surf the web, this brings us to our last needed configuration.

Configure the Firewall in pfSense:

  1. Firewall -> NAT -> Outbound (tab)
  2. Mode: Select the third option, Manual.
  3. Click Save. (This will populate some default mappings)

For each mapping you will do the following:

  1. Copy the mapping (Under actions, the Paper on top of a Paper icon)
  2. This will bring you into the edit mapping, here you will change the Interface to OpenVPN.
  3. Click Save.

After you have done this for all of the mappings (there should have been 4 by default, 8 when you have copied each rule), you will have access to the internet again and be tunneling through VyprVPN service.

You can confirm with their page: https://www.goldenfrog.company/whatismyipaddress

Hope this helps out anyone using pfSense and was wanting to route all traffic through their VyprVPN service!

Edit: Since VyprVPN does not currently support IPv6, ensure you disable IPv6 in pfSense, or you will leak your IPv6 address, then what was the point of all of this.

To disable IPv6:

  1. System -> Advanced -> Networking (tab)
  2. Allow IPv6: (uncheck)
  3. Click Save

Hey @buckeyez,

That’s awesome! Thank you very much for sharing!

Regards,
Tyler | Customer Support

When I enter that cert in the CA’s I get an “x” that it does not function properly. Am I missing something?

Nevermind, got that to work… but Netflix is being blocked and if I include your advanced properties tab it doesn’t connect at all. I get a tls-auth failure.

I’m using the Austin server and on pfsense it denies me, but on the client on Windows 10 it works fine.

Hello, thank you for posting this. Any reason why I would be getting an authentication error ? I am using my username and password , same as my giganews account ?

|Dec 28 12:46:54 |openvpn |64213 |SENT CONTROL [us3.vpn.giganews.com]: ‘PUSH_REQUEST’ (status=1)|
|Dec 28 12:46:54 |openvpn |64213 |AUTH: Received control message: AUTH_FAILED|
|Dec 28 12:46:54 |openvpn |64213 |SIGUSR1[soft,auth-failure] received, process restarting|

Any comments welcome

Hey @jokersbluff

Sorry to hear you are having trouble with that. I would recommend trying your GN number or customer GN username if you have one setup on your account. As we don’t actually support pfSense we can’t make any guarantee on functionality. If you have any questions or concerns you are welcome to contact us at https://www.giganews.com/contact.html

Regards,

Kane can you help target the auth error I am getting as this should not by related. I am my user name in some places as my email others as my gn1234569 user number and in some places I see my username followed by the “|iad” string. if you could help resolve the auth issue I am sure I can read my logs to resolve any other issues. thanks.

Hey @jokersbluff

Sorry about the continued trouble with this. In order to confirm the proper login info that is needed, this would be best handled with the Giganews support team instead of the forum due to sensitive information and our inability to view your Giganews account. The Giganews support team will be able to let you know what username will need to be used when accessing your VyprVPN service. You can reach them at https://www.giganews.com/contact.html

Once you have the correct login info that should be used, you can try these setup steps again on pfSense.