@viragomann in the other post you mention at your parents box in the site2site settings, option "Remote Network/s": 10.0.8.0/24 (comma seperated from the other entries My Server 2 is an asus router with merlin firmware using OpenVPN. Would the equivalent of this "Remote Network/s" (since its not pfsense) be a custom config like push "route 10.87.88.0 255.255.255.0" (since that is what the network for remote access client1 is on?) Edit - nevermind. After a little more digging i added "route 10.87.88.0 255.255.0" to my config on server 2 and now when I'm in as a RA client on 10.87.88.x I can get to 10.55.55.0. Thanks!

Might be something in the client that prioritizes RFC1918 addresses to prevent VPN leakage in cases like that. It's unfortunately common for people to accidentally mix DNS like that and unintentionally send private traffic across public networks via IPv6 when it was meant to stay private on IPv4.

@Gertjan said in OpenVPN no authenticated log generated: --> Like exit 0 so the next piece to the puzzle ! send me an e-mail script for openVPN thanks for helpin me out with info

I disagree. I used different CAs at one time and than it got really complex. I have a setup with 6 sites world wide and different VPNs with access for different purposes (e.G. Production access, financial access, ...) Many people would get muliple certificates for different purposes. Updating this cerificates can be really confusing for some of those people. Including different substrings into the certificate oauthorize different VPNs would be really elegant. The cerificates thmselves are fine (I believe). The error is that the script is prohibing it. Is there a difference with the return code and exit code? A return code "1" should be "okay" while it complains about exi code 1. I get the error that the script failed even when I revert to the original scrip or if I insert exit(1) at the beginning of the scrip.

This can be deleted. I forgot to set the Firewall rules correctly. After following this tutorial here it worked: https://www.computing-competence.de/2020/01/03/pfsense-mit-expressvpn-teil1-der-tunnel/ Stay Healthy people!

@Bob-Dig I am glad to hear that it worked out for you well.

@JKnott To clarify, the 2 ends need addresses, but it's not necessary to have 2 /64 networks to connect them. For example, my cable modem has a /64 link local network, but a /128 host address. So, a link local network and a /128 address or just a /64 specified address network could be used.

@noplan This link is very helpful, thank you!

@johnpoz why are you trying to setup OpenVPN client. My suggestion is to make a self hosted vpn on your home internet. It may more secure and protect your all devices but not easy to configure. If you have some technical knowledge, then you will do otherwise you need some help. This guide might be helpful for you to configure self hosted vpn. https://www.purevpn.com/what-is-vpn/how-to-get-a-vpn

@Rico said in VPN connection over a specific gateway (multiwan): It is not possible to have a Client conncted to WAN2 and your traffic replies via WAN1 tx for pointing out that this is not possible at all, the dynamic dns client at pfsense betrayed me :( somehow it updated the ips from the wrong gateway (not sure how this works out, need to check) tx for reply !

Hi @johnpoz I have NAT enabled on both pfSense firewalls, however as a test I disabled NAT to ensure all natting was handled by the Cisco router and I was still unable to reach the 10.0.20.10 client. RFC1918 blocking is disabled on all the pfSense interfaces. I can access all clients on the LAN network of the pfSense LAB with NAT enabled. I also have a static route on the Cisco router for 10.0.15.0/24 via 10.0.50.10 and I can access any host on that network with no issues. After some more playing around today I got it working. Firstly I had to assignin the ovpns1 interface and enable it under the Interfaces > Interface Assignments. Then I was required to add the 10.0.100.0/24 network into the “IPv4 Local network(s)” under the OpenVPN Tunnel Settings, however this setting wouldn't apply until a reboot of the pfSense. Thanks to everyone for the suggestions. Tyler

It's unlikely that the packet is actually malformed. More likely is that Wireshark doesn't know how to interpret the contents of the packet. Wireshark's parsers don't always keep up with every change in packet contents across versions of things like OpenVPN.

Probably these devices don't have the correct default gateway settings.

@cneu88 said in Port Forwarding through VPN: pfSense B firewall Rules for OpenVPN: (those rules were created by the OpenVPN creation wizard) and pfSense A should have to same Wizard created rules on the it's interface. You have none , Then no VPN server is possible. @cneu88 said in Port Forwarding through VPN: Both rules work and I can see the traffic via the packet capture You want to reach this "LAN B" based server from the Internet. If packets reach the "LAN B" then ther is only one possible barrier left : a firewall rule on the web server running on LAN B ? Does the server on LAN B accept connection out of LAN B ? Still don't know what VPN has to do with this. Make your NAT rules work, it's just a classic router after router setup. So you need NAT rue on every router.

@Rico Still nothing..