@dotdash According to your answer, using HAProxy would not be the best option for my scenario, as stated, I would have to use TCP on HAProxy and submit myself to reduce the performance of my clients, and that is not what I want to apply.
The easy way is check your Routers WAN IP and compare with a site like whatismyipaddress.com
If the IP is different you are using CGN.
With the Router WAN IP RFC1918 you don't need to check any further of course, then it is 1000% CGN.
-Rico
@johnpoz I went ahead and copied over the outbound nat rules I had setup for my earlier PIA interface (where I had setup IP address based VPN routing for my other subnet). I made the necessary changes related to the Interface (VLAN interface instead of PIA interface) and subnet change to 192.168.2.0 instead of 192.168.1.0.
I am still not able to connect to the internet.
Btw, I understand that an unmanaged switch is not the correct approach, but for now this is all I have handy. I will go down the path of using managed switches in the near future.
I'll give it a shot. I was actually playing around with using a TUN network this morning and figured out how I can assign the same NAT'ed subnet to the TUN OpenVPN network, so I MIGHT have gotten it to work without messing with TAP at all. Fingers crossed.
@Rico Well, thanks but no, it's not only the Google search box but also the search results that kept appearing.
...and btw, I just noticed that my Microsoft Teams client was still not working when vpn is on
So, more research to do !
@xman111 I believe what you are referring to Split Tunneling. This is a feature that not most VPNs offer but i believe PureVPN does. Theres a 7 day free tial on it for $0.99 if you wanna try
I think I might have figured it out. I tried setting "reneg-sec 0" in the custom settings. I'll know in an hour or so if it worked. There's aa note in the OpenVPN doc that if this isn't disabled by setting it to 0 it can cause 2 factor clients to constantly have to reauthorize.
Fingers crossed...
@viragomann in the other post you mention
at your parents box in the site2site settings, option "Remote Network/s": 10.0.8.0/24 (comma seperated from the other entries
My Server 2 is an asus router with merlin firmware using OpenVPN. Would the equivalent of this "Remote Network/s" (since its not pfsense) be a custom config like
push "route 10.87.88.0 255.255.255.0" (since that is what the network for remote access client1 is on?)
Edit - nevermind. After a little more digging i added "route 10.87.88.0 255.255.0" to my config on server 2 and now when I'm in as a RA client on 10.87.88.x I can get to 10.55.55.0. Thanks!
Might be something in the client that prioritizes RFC1918 addresses to prevent VPN leakage in cases like that. It's unfortunately common for people to accidentally mix DNS like that and unintentionally send private traffic across public networks via IPv6 when it was meant to stay private on IPv4.
@Gertjan said in OpenVPN no authenticated log generated:
--> Like exit 0
so the next piece to the puzzle ! send me an e-mail script for openVPN
thanks for helpin me out with info
Please don't cross-post. This is already being worked here:
https://forum.netgate.com/topic/151626/how-to-distribute-connections-between-two-wan-ip-interfaces
Steve
I disagree. I used different CAs at one time and than it got really complex. I have a setup with 6 sites world wide and different VPNs with access for different purposes (e.G. Production access, financial access, ...) Many people would get muliple certificates for different purposes. Updating this cerificates can be really confusing for some of those people.
Including different substrings into the certificate oauthorize different VPNs would be really elegant.
The cerificates thmselves are fine (I believe). The error is that the script is prohibing it. Is there a difference with the return code and exit code? A return code "1" should be "okay" while it complains about exi code 1.
I get the error that the script failed even when I revert to the original scrip or if I insert exit(1) at the beginning of the scrip.
This can be deleted. I forgot to set the Firewall rules correctly. After following this tutorial here it worked: https://www.computing-competence.de/2020/01/03/pfsense-mit-expressvpn-teil1-der-tunnel/
Stay Healthy people!