1. Home
  2. pfSense® Software
  3. OpenVPN
Log in to post
Load new posts
  • jimpJ

    HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection

    Pinned
    23
    10 Votes
    23 Posts
    33k Views
    GertjanG
    @Bambos said in HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection: for the remote access VPN, if is SSL/TLS + User auth, does this working with freeradius as well ? I'm using FreeRadius myself for the captive portal. Never tried to do this ... You probably want also see this one also : FreeRadius on pfSense software for Two Factor Authentication although I presume that article was written for those who wanted to "why do things the easy way if much harder is so much better ?" @Bambos said in HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection: i have many 2.6 versions clients to upgrade Keep in mind that 2.6.0 uses the "old" (now completly ditched because of security) OpenVPN (and now also old OpenSSL !!) libaries. The recent pfSense uses the more modern OpenVPN and OpenSSL. All this means that some options won't work anymore. Some more options will work, but will be depreciated soon (as usual). I Use OpenVPN myself, so I always have a look at the "source" : web pages like this and the classic openvpn support forum. The OpenVPN client also changed to support the newer OpenVPN server. And yes, I agree, syncing the entire openvpn user fleet can be a hassle.
  • jimpJ

    Scaling OpenVPN (and VPNs in general)

    Pinned
    12
    6 Votes
    12 Posts
    20k Views
    M
    I have discovered that OpenVPN implementation in PFsense is slow even without ciphering data, look at my post: link text
  • C

    OpenVPN Documentation

    Pinned Locked
    1
    0 Votes
    1 Posts
    39k Views
    No one has replied
  • N

    Crash on saving after deselecting all allowed ciphers

    4
    0 Votes
    4 Posts
    167 Views
    A
    @nobanzai +1 amd64 15.0-CURRENT FreeBSD 15.0-CURRENT #21 RELENG_2_8_1-n256095-47c932dcc0e9: Thu Aug 28 16:27:48 UTC 2025 root@pfsense-build-release-amd64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-CE-snapshots-2_8_1-main/obj/amd64/AupY3aTL/var/jenkins/workspace/pfSense-CE- Crash report details: PHP Errors: [16-Nov-2025 21:48:05 Europe/] PHP Fatal error: Uncaught TypeError: Form_Select::__construct(): Argument #4 ($values) must be of type array, null given, called in /usr/local/www/vpn_openvpn_client.php on line 942 and defined in /usr/local/www/classes/Form/Select.class.php:31 Stack trace: #0 /usr/local/www/vpn_openvpn_client.php(942): Form_Select->__construct() #1 {main} thrown in /usr/local/www/classes/Form/Select.class.php on line 31 I'm temporery fix it. Use diag_edit.php edit /usr/local/www/vpn_openvpn_client.php & saved history version 4b9165e "Default to an empty array for functions expecting a countable value Do this for foreach() and count()." https://github.com/pfsense/pfsense/blob/4b9165e5ad3f47c36d1dec3a585a60b629bcdc3a/src/usr/local/www/vpn_openvpn_client.php and edit ciphers in client.
  • M

    Can not access remote network via tunnel.

    8
    0 Votes
    8 Posts
    121 Views
    M
    OK... I figured it out... I need a rule set on Firewall->NAT->Outbound. Set Mode to Manual and save. Add a rule set below [image: 1762981320073-nat.png]
  • 4

    wireguard / protonvpn MSS/MTU config issues.

    3
    0 Votes
    3 Posts
    193 Views
    4
    I set MTU 1472 and MSS to 1432 on both links. I have tried a range of mtu-tun for wireguard down to 1320. everything causes SSL error An error occurred during a connection to thermalright.com. PR_END_OF_FILE_ERROR Error code: PR_END_OF_FILE_ERROR The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. just started about 2 weeks ago. have tried switching to configs from different countries, routing through different wans. nothing works
  • T

    OpenVPN instructions for ubuntu server behind router firewall and no ufw

    7
    0 Votes
    7 Posts
    143 Views
    JKnottJ
    @timbopoise said in OpenVPN instructions for ubuntu server behind router firewall and no ufw: Or am I missing something? Setting up a VPN behind the router, instead of on it, causes routing issues. Devices on your LAN have to learn somehow what the route to the other end of the VPN is. DHCP won't do it. If the VPN is on the routing, it sorts things out as usual.
  • S

    Help setup nested (multi-hop) Surfshark VPN chain inside pfSense

    1
    0 Votes
    1 Posts
    51 Views
    No one has replied
  • S

    Help setup nested (multi-hop) Surfshark VPN chain inside pfSense

    1
    0 Votes
    1 Posts
    52 Views
    No one has replied
  • J

    Client server with two point-to-point VPNs (SSL/TLS) connection drops.

    2
    0 Votes
    2 Posts
    49 Views
    V
    @jucelio_rosa said in Client server with two point-to-point VPNs (SSL/TLS) connection drops.: On the server, we have two links (a "primary" link and a "backup" link). What exactly do you mean with the term "link" here? Where is the OpenVPN server running on? Where is the clinet running on? How does the config look like?
  • S

    Need help setting up Multi-Hop OpenVPN Surfshark

    1
    0 Votes
    1 Posts
    45 Views
    No one has replied
  • B

    NordVPN Curiosity with 2.8.1

    11
    0 Votes
    11 Posts
    352 Views
    B
    @elvisimprsntr Thanks for that elvisimprsntr. I don’t use “privacy” vpns for privacy, just for casual defense against geo-blocking and it works for me. Thumbs up for that video though.
  • J

    Servidor cliente com duas vpns ponto a ponto (ssl/tls) conexão cai

    1
    0 Votes
    1 Posts
    42 Views
    No one has replied
  • T

    OpenVPN with ipv6 delegated prefix

    8
    0 Votes
    8 Posts
    199 Views
    JKnottJ
    @TheGushi said in OpenVPN with ipv6 delegated prefix: I do not know what prefix my ISP will delegate to me. Hopefully, it won't change. I've had the same prefix for almost 7 years. However, you have to select System /Advanced / Networking Do not allow PD/Address release to keep from getting different prefixes. But not all ISPs obey that.
  • F

    Openvpn client access Rustdesk server

    2
    0 Votes
    2 Posts
    160 Views
    F
    Hi Everyone after hours of log investigation i find out the problem is the DNS. what a waste of time. thanks
  • A

    Having trouble accessing NAS through VPN server

    29
    0 Votes
    29 Posts
    1k Views
    A
    @the-other Ok, I made a specific rule in the OpenVPN interface to allow any to both NAS servers. [image: 1761707110778-2cd0716f-d4f0-4e63-94e8-4fc93788fd6d-image.png] Here you can see me connecting to the VPN server with my iPhone and attempting to ping both the NAS servers. The traffic passes through the firewall but the ping fails to the Synology (200.4). [image: 1761707746508-eb97e248-fbd4-43cf-977c-31d87df234ce-image.png] [image: 1761707789724-efcea745-54b9-4460-a44a-e2fffc8c5644-image.png] I can, however, successfully ping the backup NAS (200.5) but I cannot connect to that one either with the File Explorer app. BTW, the backup NAS is an old Asus AC-RT86 router in AP mode with WiFi disabled and a SAMBA SSD in the USB port.
  • D

    write TCPv4_CLIENT: Permission Denied on OpenVPN client 24.03 RC

    Moved
    26
    0 Votes
    26 Posts
    2k Views
    G
    Posting here because I found this thread when troubleshooting the same error message, so maybe this helps someone else: In my case it was due to an asymmetric routing situation that had developed because of static routes defined within the OpenVPN "remote network" settings. I have a multiple WAN situation with failover gateway and failover VPNs defined through policy routing groups. The behavior I experienced was very similar to what you describe, which in my case was caused by return packets flowing across a different interface than the origin packets. The firewall couldn't see the return packets, and closed the state. I couldn't figure out why traffic was coming in on one interface but going out on another, despite setting up policy routing in the firewall. In my case the "aha" moment came from reading https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html -- I removed the non-obvious static route in the OpenVPN settings and instantly resolved multiple issues.
  • R

    Multiple Static Assigned Addresses FreeRadius For OpenVPN

    7
    1
    0 Votes
    7 Posts
    344 Views
    R
    So, poking around in docs, seems like maybe the weapon of choice here is the framed-pool RADIUS attribute. Look like you can assign distinct IP pools to clients using this attribute. Anyone know if this attribute is compatible with the FreeRADIUS package that is available for PFSense? Can OpenVPN use this attribute for assigning IP addresses to clients? Anyone done this successfully?
  • B

    Comcast Business maintenace, now OpenVPN not working

    11
    0 Votes
    11 Posts
    499 Views
    B
    @SteveITS I agree 100%, I'm not complaining its working again and I have notes on it, when they do "maintenance" in the area again... Glad the onsite tech new something more than the support back at ISP office... Brian
  • M

    Tunnel max transfer rate significantly reduced since upgrading to pfense 2.8.1 CE

    1
    0 Votes
    1 Posts
    133 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.