Any local firewall running on that 10.1.90.5 machine? You could share your config and firewall rules so we can check... -Rico

These are the logs in the lab side, where the pfSense has been migrated: Mar 24 16:54:30 openvpn 11712 UDPv4 link remote: [AF_UNSPEC] Mar 24 16:54:30 openvpn 11712 UDPv4 link local (bound): [AF_INET]192.168.0.66:1196 Mar 24 16:54:30 openvpn 11712 /usr/local/sbin/ovpn-linkup ovpns3 1500 1560 192.168.170.1 192.168.170.2 init Mar 24 16:54:30 openvpn 11712 /sbin/ifconfig ovpns3 192.168.170.1 192.168.170.2 mtu 1500 netmask 255.255.255.255 up Mar 24 16:54:30 openvpn 11712 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mar 24 16:54:30 openvpn 11712 ioctl(TUNSIFMODE): Device busy (errno=16) Mar 24 16:54:30 openvpn 11712 TUN/TAP device /dev/tun3 opened Mar 24 16:54:30 openvpn 11712 TUN/TAP device ovpns3 exists previously, keep at program end Mar 24 16:54:30 openvpn 11712 GDG: problem writing to routing socket Mar 24 16:54:30 openvpn 11712 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts And these are the logs in the client side, the pfSense that is not touched ("client"): Mar 24 15:57:52 openvpn 11694 UDPv4 link remote: [AF_INET]81.184.114.108:1196 Mar 24 15:57:52 openvpn 11694 UDPv4 link local (bound): [AF_INET]163.172.30.171:1196 Mar 24 15:57:52 openvpn 11694 Preserving previous TUN/TAP instance: ovpnc1 Mar 24 15:57:52 openvpn 11694 Re-using pre-shared static key Mar 24 15:57:52 openvpn 11694 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 24 15:57:50 openvpn 11694 SIGUSR1[soft,ping-restart] received, process restarting Mar 24 15:57:50 openvpn 11694 Inactivity timeout (--ping-restart), restarting This is the network configuration of the interfaces. ABCloud01 is the failing one. [image: 1585062437966-563a4050-e9bb-455b-bd40-c86dd253ed71-image.png] Thanks

For information: https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt

Which VPN service are you using? Almost all mainstream providers offer a split tunneling feature that allows you to choose which data to send through the VPN and which not. I use PureVPN but many others like ExpressVPN offer the same with their apps.

Thank you, I will try and keep you updated. -Yannik

.... and when starting OpenVPN server, you can see it's binding to the incoming port : [image: 1585040639371-ef73a74d-f1b3-419f-8c51-f78a7a21bd73-image.png] which matches : [image: 1585040661884-76d6db6f-1e65-417d-9012-2e10c82c220c-image.png]

@Gertjan I watched the video you linked. this is pretty much exactly what I ultimately want to do. I have 2 of the cards he used in the first attempt on the way. and my GPON module is the same as the one he has (nokia). apparently, there is a pin on the module that needs to be held to ground. They recommend soldering the test pad for "pin 4" (i think) on the back of the card to ground. I suspect if he did this it would have worked for him. any way pretty cool

Uhhh I almost forgot to tell you there is an awesome hangout by Jim covering OpenVPN with Multi-WAN. https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html Multi-WAN Tactics starting at ~40:08... but the whole hangout is worth watching. -Rico

@Gertjan but thats different right? i use syslog and not direct php on the pfsense system

@viragomann thanks for the tip! It worked! I am just a little bit confused, since I am nearly 100% sure, that I tried this exact set-up before. But who knows what I had hanging around wit me trying to solve this via "push route (...)".

@Bob-Dig said in OVPN-Server in - OVPN-Client out?: only learning by doing, not by studying or understanding. Ah the click random shit and hope it does what you want methodology of networking ;)

@jfish Your computer is in your LAN, same as 192.168.1.1. So if your computer sends a packet to 192.168.1.1, the packet goes directly to the destination machine, without passing pfSense. Only packets for IP addresses outside your LAN subnet are sent to the default gateway (pfSense). So pfSense is not able to route these packets to anywhere, cause it doesn't get them at all.

I got rid of this error by adding "remote-cert-tls server" in the additional configuration options field. But I did not understand why this is necessary.

@amateur its an option inside the TP-Link Access Point , after i enabled it, i now can manage the ap trough the VPN. I have 2 other AP with no "RemoteAccess" Checkmark, that i cant manage

@sisterpfsense A domain controller is something like Microsoft's Active Directory. It's what you log into and in turn, displays the available resources. A domain controller is typically used on large networks, such as in a business. Also, there are a few ways to map a drive, but the easiest would be to go into the This PC folder and click on Map Network Drive. Select Map Network Drive and go from there.

@xalex1977 Take a look at... Not the perfect solution but a work around https://forum.netgate.com/topic/151351/email-notification-openvpn-client-connect-common-name/28

@monden2 Windows file sharing uses broadcasts to announce it's presence to other devices. Since broadcasts are not passed by routers, you don't see the shares. You'll have to use the host name or IP address to set up a connection to that share.

so i've done it the old school way kind of doing some clean up in user name and settings and cleaning up style. Certificate Manager --> Certificate Revocation --> Certificate Revocation List added CRL to openVpn Server revoked all vpn-user Certs via CRL revoked openVpnServerCert controlled via System --> Certificate Manager --> Certificates disabed vpn-users System --> User Manager --> Users so far ... added new Certs changed Certs on openVpn Server adden new CRL to openVpn Server created new users testet works like a Charm and it feels good ;) so [solved] Thanks for helpin me out.

Look also at https://forums.openvpn.net/viewtopic.php?t=24703 It boils down to : if you can't trust the humans that operate your devices ....

@Bob-Dig is this correct? [image: 1584724276117-senza-titolo.jpg]