build your own passthrough device capable of PIA openVPN AES 256 SHA 256 RSA-4096

[BirdDad]

10 had the network adapter disabled

 

[BirdDad]

The reason I am trying different VPNs is that I am trying to get better encryption working something besides BF128CBC which is all PIA supports even though their openVPN patch files should work they don't. I have no trouble whatsoever getting it to work with their defaults. The problem is that their defaults have weak encryption.

 

[XavierMace]

Ok, I thought you were having issues with the default setup too. My bad.

What's your physical network setup? Those example pfSense configs route all traffic out the VPN.

 

[dc0c06a9]

Hello everyone,

Just joined because of this interesting thread.

What I am looking for is a low power future proof build, if possible with QuickAssit and AES-NI. It should be low power.

Can you suggest me good hardware?

Have a PIA subscription, want to set up three or two PIA WiFi access point, one US server, one NL server and one Japan server.

Currently use a TP-Link router and must be able to link the pfsense system with the router.

Thank you very much.

 

[BirdDad]

Windows ICS would be ideal if there was a way to log into it when it gets STUCK and tell it to disconnect and reconnect or to switch the server that it uses.
Or worse yet is sometimes the client goes down in windows and does not disconnect the connection.

 

[BirdDad]

My setup in my head to do was to have the pfSense box right after the modem just before the router and have everything outgoing and incoming encryted.
There has got to be a way to get the new certificates and settings to work with pfSense. It works all the time with the Windows client.
They have the page up with the better certificates here:
https://www.privateinternetaccess.com/forum/discussion/9093/pia-openvpn-client-encryption-patch/p1
there has got to be a way to get the pfSense client to have the options that the windows client has.

 

[BirdDad]

Hello everyone,

Just joined because of this interesting thread.

What I am looking for is a low power future proof build, if possible with QuickAssit and AES-NI. It should be low power.

Can you suggest me good hardware?

Have a PIA subscription, want to set up three or two PIA WiFi access point, one US server, one NL server and one Japan server.

Currently use a TP-Link router and must be able to link the pfsense system with the router.

Thank you very much.

Unless I misunderstand(which happens often enough) I think that you can only have one server to connect to.

 

[Engineer]

BirdDad,

Have you posted for help in the pfsense OpenVPN forum (or other security subforum)? They seem to have a good following and many people willing to help. Might open up a new avenue...

https://forum.pfsense.org/index.php#c2

 

[mxnerd]

use Fullscreen capture capture extension https://chrome.google.com/webstore/...ure/fdpohaocaechififmbbbbbknoalclacl?hl=en-US

to capture your pfsense config webpage and post it online and embed those images in anandtech forum's post.

 

[BirdDad]

BirdDad,

Have you posted for help in the pfsense OpenVPN forum (or other security subforum)? They seem to have a good following and many people willing to help. Might open up a new avenue...

https://forum.pfsense.org/index.php#c2

yes
here https://forum.pfsense.org/index.php?topic=100420.0

 

[BirdDad]

use Fullscreen capture capture extension https://chrome.google.com/webstore/...ure/fdpohaocaechififmbbbbbknoalclacl?hl=en-US

to capture your pfsense config webpage and post it online and embed those images in anandtech forum's post.

it doesn't matter what my config is, if it deviates even a little from their default it does not work.

 

[sdifox]

They need to see your log.

 

[BirdDad]

I posted it
I need to find a key that will work or generate on(which I don't know how to do.

 

[sdifox]

I posted it
I need to find a key that will work or generate on(which I don't know how to do.

https://doc.pfsense.org/index.php/Certificate_Management

 

[mxnerd]

yes
here https://forum.pfsense.org/index.php?topic=100420.0

you partial log does not help much.

 

[BirdDad]

https://doc.pfsense.org/index.php/Certificate_Management

I don't understand how that shows me how to generate a key.
my log file is full of the same stuff

 

[BirdDad]

How the #$%#$ do I get it just to use AES256CBC nevermind the other stuff just that?

 

[BirdDad]

I am going to use windows 8.1 and PIA client-it at least gives me the option to use AES256 + 4096RSA+SHA256
I'm tired of fooling with pFsense, it just does not work if you try anything other than the default which has really weak encryption.
Do you guys know how I can make Windows more secure as it will be connected directly to the modem(DSL 3Mbps so I am not worried if the heavy encryption would cripple a fast connection as I have a very slow one to begin with)?
The reason I did not go with AirVPN is that the passwords are way too short, it would be easy for someone to crack.

 

[BirdDad]

Please correct me if I am wrong. My understanding of the password is this-it is used to login and be connected and is not used for the actual encryption. But if a password is like only 20 characters long it would be easy to crack and they would be able to login on my account and do stuff like download donkey shows or worse. So AirVPN is definitely out.

 

[JackMDS]

WPA2-AES was Bridged few Times in special Labs that have computers powers thousands time then Regular End Users computers.

Thus it does not considered as a Risk.

I am on this Forum on an daily basis for almost 20 years.

I am Not aware of even one time and issue of a user that its regular Wireless WPA2-AES was Bridged.

https://www.youtube.com/watch?v=s0sbTLCLpgY

 

[BirdDad]

Thanks JackMDS for replying. When I said bridge I meant a bridge in between my modem and router. The router would handle the wireless network. I was referring to AirVPN only allowing like 15 characters if I remember it correctly. I am very concerned that someone might log into my account impersonating me.

 

[JackMDS]

With all Due respect,

If you are Not doing any thing wrong then you can serve them with Coffee and cake when they are coming.

If you do something wrong, posts like this do the Job VPN or Not.


.

 

[sdifox]

https://www.privateinternetaccess.c...-setup-pfsense-with-strong-encryption-aes-256

That link says it's easy to do... So I don't get why you are having so much trouble. Maybe mail your NUC to someone on here to get it configured. And when you get it back just replace the cert and pwd?

 

[BirdDad]

I am not doing anything they would want me for, but I don't want them spying on me either.
And I sure do not want my account hijacked. I have a crazy ex that has tried to sneak into my home and has also taking over my email accounts.
I have nothing against LE they are doing their jobs, it is the crazy people that I fear.
I have ordered an Intel NIC-1 port because I can't get the puter to recognize my PCIe NICs that are two ports in the one and only 1x PCIe slot. The strange thing is that my desktop computers recognize these cards-both of them but my little ITX does not at all.
I wish that this board would recognize the dual Intel cards I don't want to be stuck using 1 Intel and the built in Realtek card.

 

[sdifox]

https://www.privateinternetaccess.com/forum/discussion/comment/38491/#Comment_38491