• 0 Votes
    2 Posts
    1k Views
    T

    OK, so deep diving, this does not function as expected in pfSense if you try and chain CA certificates. It just doesn't and hard-fails.

    The only way to do this is to use a single-tier OpenVPN Certificate Authority and then things just work. Unfortunate, but this is a solution we can work with (everything's stored in a X.509 cert management utility so nothing is lost and everything is equally secure).

    Just annoying I can't use the intermediate chains...

  • OpenVPN with 22.05

    8
    0 Votes
    8 Posts
    1k Views
    R

    @bartkowski Try removing WireGuard and then going again.

  • Allowing OpenVPN C2S Users go across Site 2 Site IPSEC VPN

    2
    0 Votes
    2 Posts
    679 Views
    V

    @wspence
    Yeah, it's not expected to see any route for an IPSec P2P with traditional phase 2.
    The IPSec Status page shows if the connection is established properly. And if you can reach the other site everything should be fine.

    To give the OpenVPN users access to the remote sites you have to add two P2 to each site:

    On location 1:
    P2-2:
    local network: 10.10.10.0/24
    remote: 192.168.11.0/24 (I guess)
    P2-3:
    local network: 192.168.1.0/24
    remote: 10.10.50.0/24

    loc 2:
    P2-2:
    local network: 192.168.11.0/24
    remote: 10.10.10.0/24
    P2-3:
    local network: 10.10.50.0/24
    remote: 192.168.1.0/24

    Also to the OpenVPN access Servers you have to add the remote network to the "IPv4 Local Network/s" on both sites:

    loc 1 / 2:
    IPv4 Local Network/s: 192.168.1.0/24,192.168.11.0/24

  • Cannot connect to NordVPN

    Moved
    7
    0 Votes
    7 Posts
    1k Views
    T

    Found the problem, sort of, and it's not with pfSense (never really thought it was to be honest).
    In the GUI version of NetworkManager it shows the VPN connection as down every time I connect, but if I connect manually in the terminal with the exact same credentials the connection is up, and I think I know the reason why.
    I use an external dongle to get ethernet on my utrabook. NetworkManager does not see the card, not in the GUI or in "nmtui". Still it has a driver and is working obviously. So because the Ethernet interface is not present in NetworkManager, then it seems it cannot use that interface to establish the connection, which seem logical.
    Before I set up pfSense I always used the Wireless interface to connect to NordVPN, and that is present both in the GUI and in nmtui.
    The strange thing is that it is NetworkManager that manages my network connections, and when NetworkManager stars in boot up and the dongle is connected the interface works and gets a name if you look it up in the terminal with "ip a", yet the interface does not show up in "nmtui" or the GUI version of NetworkManager. Oh well, as long as it works.

  • 22.05 Upgrade breaks Remote Access OpenVPN

    19
    0 Votes
    19 Posts
    3k Views
    A

    I’m no longer receiving the route from the server, log output above. I can mainly add the route manually on the client side and get it to work. Also - Radius logins is broken in this release.

    Jul 11 19:53:39 openvpn 55807 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

    Jul 11 19:53:39 openvpn 55807 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.20.0

  • what setting do i have wrong "Certificate (SSL/TLS, no Auth)"

    6
    0 Votes
    6 Posts
    732 Views
    C

    ok i got it working i did have that the "SSL/TLS + User Auth"
    what i noticed i didnt notice before

    for both site to site and remote access

    the description is "openvpn remote access" i had for both..

    i did not know that under Client Export under "Remote Access Server" it goes by description

    and when i read it saying "openvpn remote access" thought i was fine.. when i clicked it i had 2 "openvpn remote access" i never knew that was "Description" and not name of the certificate...

    i know if i used openvpn alot i wouldnt make mistakes like that....

    too bad for newbs they didnt offer a little note under Client Export
    under Remote Access Server.. Server name is from Description Name from Server Tab... or under the Servers.. when you write Description.. like it say "This will be Remote Access Server Name"

    i never clued in at all till i found i had both desc same and that made the difference... didnt even know

  • Open VPN Logs for a Server

    1
    0 Votes
    1 Posts
    288 Views
    No one has replied
  • User Auth Failed

    15
    0 Votes
    15 Posts
    4k Views
    B

    @blasterspike Thank you for updating the bug. Since Jim Pingle took ownership and rejected it, I'm hoping he'll get update notifications, review it, and consider reopening it. If not, I'll look for other ways to reach out. I suppose you could open a bug of your own, too, if you thought that was a good idea. You could just refer to 13327 and report you're having the same experience on the current release. I'm not sure which approach will be the most effective. We know it's a real bug - it's just that the developers don't.

  • Bulk edited openvpn-csc

    3
    0 Votes
    3 Posts
    543 Views
    K

    @heper Thank you

  • OpenVPN cloud site to site packets not coming through

    2
    0 Votes
    2 Posts
    506 Views
    D

    @ddbnj

    If I packet capture on the remote side, I can see ping packets coming over after I turned off the cloud NAT (SNAT) function.

    However, when using BGP, if I capture packets on the cloud interface on the local side, BGP is not sending any requests out.

    BGP is sending out requests on my other openvpn client interfaces as appropriate.
    localBGP-working.JPG

    closter neighbors.JPG

    But not on the openvpn client connected to OpenVPN cloud.

  • OpenVPN service can't start

    7
    0 Votes
    7 Posts
    1k Views
    L

    @gertjan

    Will do so. @gertjan, thank you very much for all your help.
    Take care.

  • OpenVPN clients can't resolve local server names

    11
    0 Votes
    11 Posts
    1k Views
    D

    @johnpoz I found somewhere on the web that it is useful to install the 'openresolv' package. This helped :)

    Thank you for your activity on the forum and quick support on any issue :)

  • openvpn automation for certificate and key script

    1
    0 Votes
    1 Posts
    321 Views
    No one has replied
  • Multiple VPN tunnel networks with RADIUS

    2
    0 Votes
    2 Posts
    565 Views
    R

    The way I see it I have two choices. I can get a second external IP address and link the client IP address as a second policy condition, although I doubt my ISP will want to hand out IPv4 hens teeth and I am not keen on trail blazing IPv6. My other option is to set up a second RADIUS server which is a bit clunky as well. Fortunately at this stage I only need two different types of VPN's
    I forgot to mention this is Windows Server RADIUS (NPS). Maybe I need to set up FreeRADIUS and use the rules from the man pages, or use LDAP?

  • OpenVPN doesn't work on 2.6.0

    2
    0 Votes
    2 Posts
    650 Views
    J

    @vbianconi88 I'm not following what you're saying in number 1 so I'll skip that. Number 2, select "other" then enter your DDNS in the box it gives you.

  • Routing to Openvpn Client

    2
    0 Votes
    2 Posts
    813 Views
    V

    @m229m
    Either set up the OpenVPN server on the router (default gateway) or set up a transit network on the router and move the VPN server into it.

    Your setup ends up in asymmetric routing issues.

  • PfSense 22.05: Openvpn site to site shared key to SSL/TLS wrong gw ?

    8
    0 Votes
    8 Posts
    1k Views
    L

    @jimp Sorry, you were right, it was my config error, now it works correctly (pear to pear SSL / TLS) no bugs.

    Thanks

  • Problem with Virtual Address

    11
    0 Votes
    11 Posts
    1k Views
    V

    @nogbadthebad said in Problem with Virtual Address:

    I'm at a loss why Surfshark said talk to Netgate ...

    Because that’s an easy way for the first level support to get rid of an onerous customer.

  • Sudden poor OpenVPN Performance

    2
    0 Votes
    2 Posts
    518 Views
    R

    Attributed this to Windows Update KB5013887. Once removed, OpenVPN performance is back to normal.

  • Multi-Hop OpenVPN

    3
    0 Votes
    3 Posts
    676 Views
    J

    @rolster said in Multi-Hop OpenVPN:

    I have an OpenVPN installation running between my head office for Business "A" and the Head Office for Business "B".
    It works really well and does what I want it to do.

    In both businesses, I have multiple sites that also need to connect across the OVPN tunnel, but we don't the necessay L3 routing in place to get their traffic to each of the head offices.

    In my head, I believe that this should be possible, by installing a PFS OVPN client at each site.
    The local traffic can be forwarded into the LAN interface without issue.
    I want the traffic to travel via the WAN interface to the LAN interface of the successfully connected installation, then travel through the working inter-site tunnel to the partner business.

    I think it should be "do-able", but haven't got it working yet.

    Any tips or advice?

    So you have a site to site tunnel between A and B?
    How are the "multiple sites" connected? Just to A, just to B, between both?
    I don't know what PFS is, do you mean pfSense? If so, yes, that would work, but not necessary. Any OpenVPN client would work.

    What JKnott means is you just need the correct static routes between sites. The OpenVPN config will add them if done right.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.