@kwessel Ensure that the local subnets off all sites do not overlap. Check to routing table on server and concerned clients and ensure that the routes are added properly

@Unoptanio It means that someone is trying connect to your VPN server or otherwise trying to communicate with the port that OpenVPN is running at (default 1194). Because you have enabled TLS Auth in your OpenVPN Server settings the OpenVPN Server expects that the incoming packet contains HMAC which it does not and thus nothing more happens. So it's really nothing to worry about, it's just the security layers working as they should. You can potentially reduce the amount of noise (random connection attempts) by running the OpenVPN Server on another port than default but there's not much reason to do so.

@Gertjan but also in your firewall there are all these strangers ringing the bell? [image: 1695307289097-3b6b29dd-9b05-40d4-9dc6-4f2a1aadc099-image.png]

@rajukarthik What are your rules on the OpenVPN interface? If your rules allow the access it should work normally.

@Gertjan nope the live PFSense box :)

@0t73r It behaves equal with Wireguard. After configuring an instance, pfSense creates the Wireguard group on the rules page. But you have to assign a unique interface to your instance for your rules and remove all from the group tab.

Continuing my monolouge here It seems like openSSL might have done some changes, that affects openVPN clients versioned 2.6.xx+ I think also something that affects certificate encryption. And i noticed a new settings field in the 2.7 openVPN Client export. [image: 1695188692911-f799358e-e425-4e15-8293-191dcf8cddec-image.png] My steps to reproduce: Have a Win PC with an openVPN Client export installer (latest from pfS 2.6) - Current Windows Installers (2.5.8-Ix04): If you try to connect to the pfS 2.6 openVPN server , all is good. Then you get/receive a pfSense 2.7 Client export install file , and install it (to install the new conf+certs for that connection) - Current Windows Installers (2.6.5-Ix001): Now if i try to connect to the "Old pfS 2.6" OVPN Server, I get asked for uid/pwd as usual. But after entering that correct, i get another "gui prompt" , asking for the cert passwd. [image: 1695189784507-7ef967d0-5eb3-4afd-8f0c-8a95c1f77d81-image.png] Since i never used/generated a cert passwd, i can't login anymore. Connecting to the 2.7 OVPN server, with the new client, does not ask for a cert passwd. It might be an "Odd test" , but I think someone could have both 2.7 & 2.6 openVPN servers in prod. Could Netgate confirm the above issue/situation ? /Bingo

I was able to get my ISP to give me a publicly accessible IP address for my WAN. This has solved my problem. Thanks for all the suggestions.

Yes, the CSO sets the routes within OpenVPN, so that the traffic is routed to the proper client. The "Remote Networks" field in the server settings sets the routes for the entered networks to the OpenVPN server in pfSense. Thanks again for your help, viragomann - I now have a setup that seems to work well :-) I am not quite sure yet what the difference is between "remote networks" in the server settings and "remote networks" in the CSO... Cheers, Jarle

@viragomann Here is the OpenVPN tab: [image: 1695075529041-d73061bc-c188-4aca-951e-d2acca9f8847-image.png]

[image: 1695058346462-7a56e8a4-1c89-45ec-9987-edb7bd193813-image.png] another interface WAN, it is working... so, this BUG on OpenVPN?

@petrt3522 Didn't know you were using a OpenVPN client. I used the wrong reply button - should have replied to @pwood999 @pwood999 522 was talking about a OpenVPN server process. /var/etc/openvpn/server1/sock These lines : Jul 18 13:12:55 pfSense-MX80 openvpn[5843]: MANAGEMENT: CMD 'state 1' Jul 18 13:12:55 pfSense-MX80 openvpn[5843]: MANAGEMENT: CMD 'status 2' is the widget questioning for the list with connected users. The 'socket' (file based) is only available locally. I'm not using the pfSense OpenVPN as a client myself, so, in that case, I can't tell, but I presume the widget can also connect to the openvpn client service socket and collect data about the Openvpn link. Again : presuming here. Btw : no intended. @petrt3522 the subject is wrong : Repeating connect & disconnect in logs. These log lines do not show any "OpenVPN" reconnections.

Anyone else struggeling with OTP after 2.7.0 update?

@Stef93 It gets stranger. When I use the client export utility to get the IOS config and then import it into the OpenVPN app on my iPad, it DOES connect, although I still cannot see anything on the permitted subnet. The iPad was just a test, I don't plan on using this via a mobile device.

@Hudson-1 So I expect, that pings to public IPs are working. However, 8.8.8.4 is not a good advice. The server doesn't respond to ping requests obviously. Try 8.8.8.8 instead.