• PKI Site to Site does not work

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    P

    Question:
    It seems as if I need to have OpenVPN in bridged mode to get my setup running. I followed this article (http://doc.pfsense.org/index.php/OpenVPN_Bridging) but again -> trapped.

    In my OpenVPN custom options I added this:

    dev tap0; float; server-bridge 192.168.0.1 255.255.255.0 192.168.0.160 192.168.0.199

    Unfortunately this does not work, I get this error message:

    openvpn[4446]: Options error: –server and --server-bridge cannot be used together

    Are there any other ways to get this up and running? I read sth. about the ashahi package. Could this be my solution?

    Regards,
    Alexander

  • OpenVPN to Linux client connection issues

    Locked
    7
    0 Votes
    7 Posts
    6k Views
    jimpJ

    No specific settings for ubuntu, it should all just work as long as you have the settings match the server (proper keys, protocol, port, compression, cipher, etc)

  • Anything Special to Migrate From IPsec VPN to OpenVPN Site-to-Site?

    Locked
    16
    0 Votes
    16 Posts
    9k Views
    F

    Mine is for multiple sites so I am using PKI because it is much easier to manage after the initial setup of generating keys. I see you tried PKI but in your latest config you are back to Shared Key.

    If you want to try PKI again I could try to help by comparing my config against yours but otherwise the configs are a little different already and I don't know where the problem could be.

  • Per-user firewall rules with OpenVPN

    Locked
    3
    0 Votes
    3 Posts
    5k Views
    jimpJ

    You can also setup CSC entries for the CNs of the certificates being used to connect, force them to a specific IP addressed, and then firewall those addresses as normal. An alias containing all of the members of a given group would be helpful.

    As shadowadepts said though, two separate instances would work as well. You might even want to make sure they use separate CAs if you do not use any other form of auth (e.g. TLS+Local User Auth)

  • OpenVPN Road warriors sending traffic to remote side of site to site VPN

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    H

    @jimp:

    Sorry I missed the IPsec bit first. You'd have to add the OpenVPN client subnet as an additional subnet in the IPsec config (or expand the subnet definition to include it) on both sides.

    If it's pfSense at both sites you'd be better off making a shared key site-to-site tunnel instead of IPsec. Routing is much easier that way.

    I never could get this to work so my setup is exactly like this one. The site-to-site tunnel never connected with OpenVPN, never opened a route to the remote site and no traffic moved site-to-site. My current setup uses an IPSec tunnel for site-to-site while my users use OpenVPN clients to connect to the internal network. As a workaround, I have OpenVPN servers in both locations and a user picks which site they wish to connect. I posted my problem here quite a while ago and never got an answer so I gave up and decided to wait for version 2. I will try adding the OpenVPN subnet to my IPSec config as you have suggested.

  • [SOLVED?]need help for openvpn with NAT ( Port Forward, 1:1 and AON)

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    T

    Hi,

    I found a solution to correct my problem but it is a bit strange !

    To connect to OpenVpn using the address 80.xx.xx.3, I have added a port forward NAT:
    80.xx.xx.3:1194 -> 127.0.0.1:1194

    What do you think about this solution ?
    Could security problems happen ?

    Thx

  • OpenVPN Client to Server requiring user/passw not working.

    Locked
    7
    0 Votes
    7 Posts
    30k Views
    M

    Check out this post. Haven't had the time to test it out but it looks promising.
    It seems to have the thing that was missing on 1.2.3.

    http://forum.pfsense.org/index.php/topic,24435.0.html

    //Dan Lundqvist

  • Routing Isssue with Openvpn and DDWRT

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A

    iptables -I INPUT -s 10.x.x.x/16 -j ACCEPT
    iptables -I FORWARD -s 10.x.x.x/16 -j ACCEPT

    add this en firewall dd-wrt

  • OpenVPN config stops working after restore config on new box

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    T

    @jimp:

    Everything you need should be in the config.xml that you restore to the other system. Was the WAN IP address the same on the old and new unit? If it gets an IP by DHCP from upstream somewhere, it may have given a different system a different IP address.

    If you need more detail in the OpenVPN log, just add "verb x;" in the custom options box, where x is a number. I think the default is either 2 or 3, you can go all the way up to 9, but you don't really want that much in most cases.

    Yeah, same IP address (static from our ISP).  I will try the verb option.  Thanks.

  • Openvpn, Avahi, Ichat, Bonjour – help getting this to work together

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    jimpJ

    The error about services failing is normal and doesn't mean there are problems.

    I haven't heard of anyone getting this to work with a remote access client, but I have got it to work fine when using a pfSense box running Avahi on each end of an OpenVPN tunnel. I can see Bonjour users on both ends of the tunnel in Pidgin.

  • MOVED: Can't start jail after reboot

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Is this type of vpn configuration possible?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    Yes.
    With OpenVPN this just a tick in a checkbox.

  • OpenVPN will not pass HTTPS traffic

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Open VPN from inside LAN not using WAN at all??

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    R

    Thanks a lot, you have been a great help!! I will test it and setup my Alix board as you said. I'll let you know about the outcome…

    regards

    rpf

  • Configuration Help

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    D

    thanks for all the info.
    Just trying to make sure I understand how everything works and squeeze the most out of it.

  • OpenVPN - Internet won't work

    Locked
    17
    0 Votes
    17 Posts
    9k Views
    E

    @kpa:

    DNS-servrar . . . . . . . . . . . : fec0:0:0:ffff::1%1

    Looks like your client is using an IPv6 address for DNS, that's not going to get trough the VPN tunnel since pfSense by default drops IPv6 traffic.

    I tried to turn it off without any difference. I did it by go to Start > Network > Interface (TAP-VPN) and properties then disable ipv6

    Edit: I think that all ports works fine except 80. I can play games like Trackmania over internet. But i can't play it without vpn. Somthing wrong with port 80.

  • Split tunneling

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    ?

    Your question is not very clear.  OpenVPN is not supported on Cisco gear.  Please try to restate your question.

  • Clients get the same IPs

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    What did you put for your address pool/tunnel network? (It should be a /24, not /30)

  • Connecting to local subnet issue

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    K

    It's just basic routing. A router that is connected to two or more different networks has to be able to tell the networks apart somehow, it can not guess where to send the packets if two networks have ip address that overlap.

  • Need Paid Support ASAP

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    Our paid support offering isn't $2k - that is for the reseller subscription.

    A 5-hour pack of commercial support is $600. For more details, see here: https://portal.pfsense.org/index.php/support-subscription

    If you want to see if anyone is willing to help for money on the forum, please post in the bounty board instead.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.