RADIUS is not encrypted. The protocol doesn't have any mechanism for it. You can use things like MSCHAPv2 to protect the actual passwords and credentials in transit though. But you have to handle the encryption between RADIUS server and client yourself (e.g. VPN)

Hi Jimp, I did use command "redirect-gateway def1" as attached capture, but no route for 0.0.0.0/1 and 128.0.0.0/1 were added as you can see in capture #2. Could you pls advise correct way to apply that command? Thank you very much. [image: WithRedirectGW1.PNG] [image: WithRedirectGW1.PNG_thumb] [image: WithRedirectGW2.PNG] [image: WithRedirectGW2.PNG_thumb]

Works for me, although RDP is a little sketchy at times. It works perfectly on one PC but sometimes has problems connecting to another. Try playing around with the network file sharing and control panel settings. They can be annoying. TeamViewer works fine; I have it set to access over local lan exclusively. Occasionally I use TV over the internet but use a complex very long custom password. Usually it's access over local lan only. Once you're on the local lan, use RDP and connect using the IP address: for example 192.168.1.xxx, not using the pc name such as PC123. In fact, I use it extensively on occasion. My 12 inch android tablet has a RDP client program. Since most hotel internet is slow, I can use the home server as the main processor and only need to use the hotel internet to talk to the home laptop. That's all.

Works for me. I had my issues figuring out OpenVPN but eventually got it working. The problem was me coming in from DD-WRT where things are more complicated. pfSense OpenVPN is so easy to get working as a server that I needed to unlearn a lot and I was fairly stubborn about it. It should work. If you can access your network remotely using OpenVPN you should be able to access a Plex server. Just for fun, try using OpenPHT as your PC plex client. The full standard Plex program has issues I didn't care to research that OpenPHT does not have. Android Plex works fine enough for me to consider actually buying a license.

@claes_hellgren: @petros: Hi Guys Here is how I got it working. 1. Disable Automatic NAT as you suggested. I created a NO NAT rule for the OpenVPN interface. 2. Created a static mapping in the local WINS database for the remote Domain Controller. 3. Go to Sites and Services on the remote DC and make sure there is a connector set for the local DC in the NTDS settings. 4. Go to Sites and Services on the local DC and make sure there is a connector set for the remote DC in the NTDS settings. Thanks for the help. How dose your NO NAT rule look? The topic is old but it does help me for the same situation. I just disable Automatic NAT as suggested and change to Manual Outbound NAT rule generation  (AON - Advanced Outbound NAT). A NO NAT rule may not needed but if you want just select the option "Do not NAT Enabling this option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules". I just try with or without NO NAT rule, both DC replicated without issue.

well i could not find anything either thanks for reading any that did. i worked around the issue by turning off transparent proxy and blocking http at firewall for all other networks except my own trusted and on that one i have two web browsers now one configured for squid the other not. so browser one is going through proxy second browser goes via VPN without leaking. i am going to try and configure wpad so i don't have to manually configure browsers, its not perfect but anyone finding themselves in same situation at least you can have a semi work around. thanks all

Haha yes sir it is. Still, there is zero question that ISP is selling everything they can about you. They all do it so there is effectively a monopoly, their business is not affected when people know they are doing this. VPN providers very well may do this, some have been caught doing so, but it is bad for their business if they are found doing this. VPS providers I'm guessing probably do not engage in this activity much as they often serve large companies that would and could fight their data being sold. Both options at least have the potential for improvement over ISP.

Unfortunately my partner rebooted the system whilst I was away so I'll have to wait another couple of weeks to pull logs.

Under LAN of Site A. I tried setting rule: SRC * DST * DSTPort 25 GW OPTVPN That looks reasonable. and also SRC Port 25 DST * DSTPort * GW OPTVPN Setting a source port is almost never right, and is certainly not right in this case. I have no problem routing inbound internet traffic -> 99.99.99.99:STMP to 10.10.0.15 So if that is the case, you want to check: The rules on the OpenVPN tab/interface at Site B to be sure the traffic is allowed from site A (10.10.0.15) to any You have outbound NAT in place on WAN at site B for the 10.10.0.15 source address. That is also where you would specify 99.99.99.99 as the source address if there is more than one choice.

Done! thanks

Not sure why your trying to hide your 192.168 address?? But your problem is 192.168.x.1/24 is not a network, that is a host address.  A /24 network would be 192.168.x.0/24

FOUND IT!! When you create a new vpn server or editting the actual, you can see almost at the end of the configuration: Advanced Configuration In Custom options you can add whatever you want, for example:  reneg-sec 36000 THank you!

What does it show when you go into the OpenVPN status page? I would start by checking your OpenVPN log to see if there is a problem. You may want to post some screen shots of the settings you used to configure your openvpn client and the  ovpn file itself.

HI Both,  Excellent thanks that worked. Much appreciated.

Is this happening on your phone when you are connected to your VPN from the outside? If so you could have the option to force traffic through the tunnel and are missing the allow rule on your OpenVPN interface. Can you post a screenshot of your interfaces tab and of your OpenVPN config?