It looks similar there but between the formatting and other info it's hard to say. Compare the actual OpenVPN config file in the profile from the Access Server with the client configuration made by pfSense under /var/etc/openvpn/

@bingo600 I just added an additional interface for openvpn client. If you want to ask feel free to ask, not starting like that. And the reason I couldn't post anymore because this is a new account, the forum limits my time to post, I was fixing this earlier and I want to post a lot of times.

Thanks for the feedback. The MS RADIUS server has no static address specified by default but it does offer the above 172.16.0.0/16 subnet though it's not "user configurable" (I discovered it looking at the logs - there are no such setting in the NAP/RADIUS mmc) unless you probably manually edit the registry (there was no RRAS service previsouly enabled to set them). By removing the 2 above attributes it works as desired using subnet topology without further modifications which is fine for me. Cheers

Hi, with pfSense 2.4.4, it's possible to "force" the ip server to connect : In the "Client Export Utility", "Client Connection behavior" heading, select "Other" for "Host Name Resolution". A second field appears "Hostname" and indicate in the hostname (dyndns, etc.) or public ip of the box... The next exe client generated will had the good public ip or hostname !

Hi Rico, Just to update: Since I have two ISP connected to my firewall (1) PPPoE Connection (which is having issue) (2) Static IP Address. I have tried using my secondary ISP by only changing the Interface and created the necessary firewall rules on the interface and the OpenVPN client connects w/out any issue, so it looks like my other ISP is blocking the traffic i still waiting for their feedback. BTW, I have another issue please see the diagram below. [image: 1584354612680-unnamed0.jpg] I also tried this options but no luck. [image: 1584354679947-ipv4.jpg] Appreciate your advice. Thanks, A

This might be helpful. https://forum.netgate.com/topic/150225/user-xxx-could-not-authenticate-every-1-hour

@mig said in Restarting OpenVPN interrupts non-VPN traffic: I tried to add ping-restart 0 to OpenVPN-Clients-"Advanced configuration"-"Custom options" but it doesn't suppress ping-restarts

@Derelict Ah ok, thanks for investigating, I was just reading through that link you sent me. There are a lot of useful command line options in there

@Derelict Thank you, you made my day! I need to learn more about basic networking.

Default port is 1194 and UDP.. While I agree he is using tcp, when you call out forwarding to 1194 - best to make sure you mention that in this scenario it will need to be TCP and not the default UDP port is all I was wanting to point out ;)

You need to isolate whether its a DNS issue or other issue. Can you ping IP addresses from the VPN? ie... ping 8.8.8.8, 1.1.1.1 etc.... if that works its probably a DNS issues, if not then it's some other issue. Can you give more information on the OpenVPN... is it a server or client? When you say connecting to the VPN... what exactly do you mean... from external into your pfSense box? or from the LAN to a VPN provider? RHLinux

@jimp Thanks... that's what I needed to know.... I'll leave things alone.

Yeah that's a really old guide. You couldn't set a gateway group as the default gateway before 2.4 which didn't exist in 2016. You should not have to source NAT traffic out of the LAN. The reply-to tag should take care of sending replies back out of the OpenVPN gateway. The only reason you might have to is if the target server is not configured to allow access from outside it's own subnet. Steve

@gmbarlev There is no difference between routing through a VPN or nor. It's all about your routing configuration. A VPN is simply another interface. So, once you've verified the VPN is working, ensure your routing is correct.