@kom Ahh good point, hadn't thought of that. Thank you for the response. It's much appreciated!!

I'm guessing that there are limitations or bugs when trying to use a TAP interface in a peer to peer setup. Or maybe you have to add in some custom settings to make it work. Either way, I had to go with layer 3 TUN mode and use a dedicated PC client to relay DHCP and bridge the layer 2 traffic via a 2nd VPN connection using remote access. This method doesn't scale well and is a bit over complicated, but it does what I need for now.

Try using Ivacy's Netherlands VPN. I've never came across any of the problems mentioned. I get fast internet speeds with no throttling, be it for torrenting or streaming or any other purpose.

It had to do with cipher differences between the two versions. https://community.openvpn.net/openvpn/wiki/CipherNegotiation Had to edit some settings in both server and client side.

I’m having the same scenario. 2 Torgaurd VPN clients, and they end up with the same virtual IP addresses, and traffic through the VPN stops. A restart of pfsense would previously resolve the issue by assigning different virtual IP’s, but over the last week or so both connections get the same. Any ideas on how to stop this from happening.

@topogigio Yes, with TLS auth, only clients with a certificate signed by the CA which is selected in the server settings are allowed to connect. You can additionally check „strict user CN matching“ to ensure all clients can connect with their own cert.

Effectively, in It support we always have to use imagination for different solution for the dumbest users! :) I've didn't implement and test the solution, but I'm sur it will works!!! Thanks all and have a good day!

@marvosa Here are the configs. SERVER: dev ovpns5 verb 1 dev-type tun dev-node /dev/tun5 writepid /var/run/openvpn_server5.pid #user nobody #group nobody script-security 3 daemon inactive 300 keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 10.0.1.2 ifconfig 10.1.15.1 10.1.15.2 lport 1200 management /var/etc/openvpn/server5/sock unix route 10.1.11.0 255.255.255.0 secret /var/etc/openvpn/server5/secret data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC allow-compression no explicit-exit-notify 1 CLIENT: dev ovpnc3 verb 1 dev-type tun dev-node /dev/tun3 writepid /var/run/openvpn_client3.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 10.1.20.2 lport 0 management /var/etc/openvpn/client3/sock unix remote remote_host.ddns.net 1200 udp4 ifconfig 10.1.15.2 10.1.15.1 route 192.168.1.0 255.255.255.0 secret /var/etc/openvpn/client3/secret data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC allow-compression no resolv-retry infinite explicit-exit-notify 1

@rico it's just a pain in the proverbial behind...

@umm12 said in Problem with discovered local ip in openvpn: but when i used firefox See here : [image: 1631100332227-0f42851a-7f5a-45ff-8a81-003f9929a760-image.png] These are the webrtc options. what all these options mean, I can't tell. See the manual. Btw : why asking here ? Firefox support could help you ;)

@kom OK, found the issue, it was basically this: https://forum.netgate.com/topic/82412/pia-openvpn-gateway-offline the solution was to go into System / Routing / Gateways, and to set the Monitor IP in the VPN gateway to an IP that accepts pings (or to turn off gateway monitoring). Then the status of the gateway switches to online. Then my PC connects to the internet through the VPN. I just don't understand why the same problem didn't occur on my private switch setup. Perhaps because it is an earlier version of pfsense (2.4.4-p2)

@ctech I fixed it. You need to go to the client-specific[image: 1631044736550-screen-shot-2021-09-07-at-6.50.28-am-resized.png] overrides and add your network as shown:

@peterthompson Hi i have the same problem, I am using Starlink and a router with OpenWRT and installed OpenVPN.. on slow DSL it is working fine, but with the Starlink I can't connect VPN, it fails on TLS Handshake. can you maybe give details, how you get OpenVPN and Starlink working? :)

@umm12 said in how to route openvpn tunnel traffic through squid proxy server?: but i have port 6000 for squid proxy server. I do not use this port on Remote networks on client side of Pf-1??? So you want to use the proxy in transparent mode, but on port 6000? I‘m not really family with proxying, but don’t think it can work this way. Maybe it does when you forward the traffic to port 6000 on pf1.

@johnpoz I using layer 3 tunnel mode. How i can disable arp on openvpn clients in pfSense?

@abracadabras The problem is solved. I have several CA, I had to choose the FreeRADIUS CA certificate in the OpenVPN setup.