@viragomann Thank you for your response.

While I was waiting for a response, I did try one more approach and I did manage to get it to work.

Thanks for your time.

https://redmine.pfsense.org/issues/15585

Shouldn’t this export creation file include an option to customize the MTU and MSS ?

I opened a feature request for this, as I was wondering this today and referenced this thread. Please let me know if this is something you would like to see.

@Leva We're seeing the exact problem here. Running pfsense+ 24.03.

Did some research on the net in the meantime - there's a related post on Reddit (https://www.reddit.com/r/PFSENSE/comments/dc5mv8/pfsense_active_directory_authentication_using/).

I've also opened a support ticket with Netgate (#2887255105) and hope we'll get this up and running finally.

@viragomann
Man, you ever look at something so long you miss the obvious? Thanks for pointing it out, I hate when I overlook something so simple!

I understand I need to calculate MTU and MSS values then set them in pfSense.

From the test above I have identified the packets fragment above 1472. To this would make the WAN MTU value 1500 (1472 + 28)

If the correct MTU value is 1500 for the WAN link, is this the same MTU I should be using for OpenVPN?

@jucelio_rosa said in Failover (two internet links) and point-to-point VPN:

On the client's screen (graphic screen) I put in the custom options field: remote
192.168.1.15 (server ip) 1197 udp;!

A private IP?
I'd assume, that the client has to access a public IP to reach the server.

@Shuldyk-Andrii
Ah ya, also your client doesn't have proper routes.

Did you enter the local networks of C - G into the "Local Networks" box of the access server settings?
You can combine all your subnets by entering 10.35.32.0/20. So the server will push the route for 10.35.32.0 - 10.35.47.255, which include local network of A as well.

@johnpoz thanks for your help with understanding why it wants netbios

@senseivita

Normally, there is no need to specify a value.
Definition here.

I currently try to set that up with a GXP2160

@BlazeStar did you succeed?

I plan to set up a rather minimal ovpn-server just for the phones.
The WebGUI of the phone is quite bad and gives no good status or feedback etc

Not even logs ...

@viragomann
thank you for confirmation, but it does not work unless neither IPv4 Remote Network/s are set(cannot test with two client as for now, might be the issue) nor routes are added with custom options on OpneVPN server level

@McMurphy

I have a PC on my pfSense LAN, it has 192.168.1.6.

I can pick from here whatever I want, and nothing works = no reply, except when I chose 'LAN' as the Source address (LAN = 192.168.1.0/24, with pfSense LAN interface using 192.168.1.1) :

71bd14bf-2807-4add-b30d-3f415c62a232-image.png

Should I care ?

Hi,

we're now on 24.03 and the problem still exists. It's not possible to create a common name with German special characters.

Again, any chance to fix this in a future release?

It's just the common name field :-)

@Unoptanio We output the pfsense system logs to our Syslog server (Graylog) and output or daily reports from there.

@ojosaghae
The error message says, that the utility cannot find a CA for the SSL certificate, which is used in the server setting.
It wants to search for user certificates then to provide to export.

So which server certificate are your server using?

@Pentangle
If it's a TLS OpenVPN with a wider tunnel subnet than a /30 you might have a CSO created for the client. So you also need add the additional subnet there.