• One vpn client through pfSense

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    GruensFroeschliG

    Do you mean that you want to do this?
    OpenVPN can do this.
    There are the stickies explaining how to get this going.

  • MOVED: Blocking Internet Download Manager IDM

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • Question about openvpn security implementation in pfsense.

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 2 Firewalls Carp'd + OpenVPN can access all LAN IP's except 2nd FW

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    B

    Well I figured out the problem, but I can't come up with a way to fix it (for me) yet. Let's say your client network (the client to the CARPed firewalls) is 10.20.30.0/24. The server network is 10.40.50.0/24, firewall A is 10.40.50.1 and firewall B is 10.40.50.2.

    If the client tries to connect to 10.40.50.1 it works fine of course. If the client tries to connect to 10.40.50.2 it goes out on the LAN from 10.40.50.1 correctly, the problem here is actually the reply from 10.40.50.2, because it has no route to 10.20.30.0/24. You can solve this by adding a static route on firewall B (10.40.50.2) on the LAN for 10.20.30.0/24 with the gateway set to 10.40.50.1. This only works if firewall A is the VPN server and firewall B is not (if firewall A is down, there is no VPN connection).

    In my situation, I have the OpenVPN server configuration duplicated on both firewalls, and I have it listening on the CARP WAN IP. The client connects to the CARP IP so that if one firewall goes down, it will reconnect to the other one automatically as soon it picks up the CARP IP. That part of it works fine, but I can never connect to the server I'm not connected to.

    I can't add a static route because both have routes for 10.20.30.0 already even if the tunnel is not up and as far as I can tell there's no way I can change this behavior, or otherwise allow for automatically changing the route.

  • SOLVED - can't make -Redirect traffic to the vpn tunnel tunnel to work

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    K

    @jtpagaran:

    Last question: If a need to create additional client..do i really need to create it on the same machine that i build the keys? Can i just copy the "keys" folder to a ney box and redo the instruction in making client files? will it work ? Anyone?

    Yes you can as long as you copy everything to the new machine and set the key creation environment exactly as it was on the old machine.

  • OpenGui client never connects

    Locked
    2
    0 Votes
    2 Posts
    5k Views
    L

    Hi,

    Did you solve your problem? I have the same exact error.
    Thank you!

  • Openvpn works only with first lan

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    M

    Sigh, you are right, my fault: a wrong subnet mask did not allow new routes.

    Thank you!

  • UDP traffic issues

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    N

    Ok, it's working for us now.  We simply used udp port 1194 for the site-to-site tunnel, and 1193 for the road warrior clients.  Now we're looking into pushing routes into the tunnels.  Anyways, I hope this helps anyone else who's having this problem.

  • OpenVPN questions and issues

    Locked
    15
    0 Votes
    15 Posts
    5k Views
    L

    This is solved. I managed to have the remote clients go thru the office gateway and the Win XP machine had as default gateway the old gateway in the office.

  • [SOLVED] - OpenVPN Server Options Greyed Out

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    W

    @GruensFroeschli:

    Set the correct mode.
    You're in PSK mode, but the fields you are talking about are only used in PKI mode.

    Cheers Champ, that did the trick.

    Can't believe it was so simple.

  • Ping issue

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I

    anyone?
    btw. no matter what i enter/push, tracert command to LAN always ends at 10.0.8.1 at client …

    my pfConfig:

  • OPENVPN not connecting to local subnet

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    I

    mangeshgg: did you solve it? maybe with the help of my poster before?

  • OpenVPN and remote desktop problem

    Locked
    5
    0 Votes
    5 Posts
    7k Views
    F

    If you are using the same subnet on both ends you results would be totally unpredictable.  Make sure that each remote network has their IP network.  That will correct your network connectivity issue.

    Now if you are determined to use the same network on each end you would have to break that original subnet into pieces.  
    Example:  4 subnets(4 networks of 64 addresses)
                 That would be a subnet mask of 255.255.255.240(28 bit mask).

    I have 7 VPN tunnels running from behind my PF-Sense each has there on unique 255.255.255.0(24 bit mask).  I even have IPsec VPN tunnels for remote VPN connectivity and OpenVPN connectivity.  Each one of those has their on unique subnet.

    So in all my small home/business network has 7 active vpn tunnels, 5 internal subnets(business network, storage network(ISCSI), wireless subnet, IPsec VPN tunnels, OpenVPN tunnels)   I am actively using 5 class C (24 bit subnets) and accessing 7 class networks (24 bit networks)

    I work very hard to implement as much technology in my home/business network that keeps my network and infrastructure skill strong.  I have gone totally virtual as well no real servers in my farm.  I am using XenServer Enterprise, with OpenFiler (ISCSI target service enable, SMB service enable, and NFS).  So that in a nut shell is what I am doing with my home network.

    RC
    .

  • OpenVPN block and redirect ports

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    G

    I fixed the problem using the DNS forwarder and make their A record lookup for the mailserver they use to go to our A record.

    Not very fail proof but for now it is working.

  • 0 Votes
    10 Posts
    8k Views
    B

    Bern,

    Thanks so much for that post. After trying some of those steps, like trying to reach the remote subnet from the router, I was able to figure out the problem.

    The remote machine with the DNS server has two NICs on different networks. The primary NIC, with the default gateway, is not the network that resolves back to the router. I was already aware of this from previous VPN setups, so I already had a persistent static route for my local subnet here back to pfSense router. This is what made me think it couldn't have been this kind of problem, because clients on this end could contact that machine without a problem.

    It wasn't until after I tried to use the local router to connect to that machine that I realized that it couldn't, but it could connect to other machines on the remote end (which used the correct gateway by default). What I needed to do was add a persistent static route on that machine that routed the "internal" subnet of the VPN (172.whatever) back to the gateway, and all is well now.

    Most users wouldn't run into this but hopefully this helps someone.

    Thanks again!

  • OpenVPN + OS X Leopard + Shimo Problems

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    N

    You're the man! I had (in Shimo) Compression set to Disabled, and changed it to "Never" and somehow that fixed it…. go figure :-)

    Thanks!

  • SOLVED ! Serious Bridging Problems between 2 PFS Boxes

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M

    Has anyone else successfully created a bridged setup similar to this one?  We will be needing to create a production setup like this very soon and I wanted to be sure that DHCP and windows file shares could successfully traverse a site to site OpenVPN setup so long as the LAN and TUN interfaces were bridged.

    I read a lot of old posts that said there were stability issues - have these been taken care of in recent releases/snapshots?

  • SOLVED! - pfSense OpenVPN route trough WAN interface

    Locked
    6
    0 Votes
    6 Posts
    18k Views
    G

    Also tried with TunnelBrick on Mac OS X.

    When looking in the console i see the def gw being set but i can not trace out further then the first hop (10.0.50.1) in my case…

    ???

    Routing tables Internet: Destination        Gateway            Flags    Refs      Use  Netif Expire 0/1                10.0.50.5          UGSc        5      12  tun0 default            192.168.1.254      UGSc      12      113    en1 10.0.50.1/32      10.0.50.5          UGSc        0        0  tun0 10.0.50.5          10.0.50.6          UH          5        0  tun0 [PFSENSE-WAN-IP]/32    192.168.1.254      UGSc        1        0    en1 127                localhost          UCS        0        0    lo0 localhost          localhost          UH          4    3888    lo0 128.0/1            10.0.50.5          UGSc        1        0  tun0
  • How to make OpenVPN as gateway for a website

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    If you set up a PKI you can push routes for the OpenVPN interface.
    Just find out which IPs the website uses and push these IPs to the clients.

  • HELP WITH OpenVPN and Firewall

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    Cry HavokC

    Are you running the Vista client as administrator?  Does it work from any other OS?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.