Well, it appears to be that the pfSense GUI is simply hiding the IPv4 Remote Networks option that I need to set on the main page, since I've selected a "Remote Access" mode. This is somewhat disappointing since that isn't even an OpenVPN "thing", just a pfSense "thing" to determine what GUI options to show and what options to hide. Guess I'm off to file a bug report / feature request to ask that we get a 5th "type" option for OpenVPN servers called "I know what I'm doing, don't hide any options from me." In the meantime for anyone running into this, I think the only way to address it without having to create a separate server on another port so you can get run it as "peer to peer" is to assign an interface to the OpenVPN instance which you can then use to assign a gateway and a static route in the main pfSense routing configuration. Ugh.

@Rico said in OVPN export to iOS fails: Yeah NM, I see Gertjan is also using udp4 in the config like TO. You bet it is ! I'm actually VPN-into-work just to get my iPhone 'multistacked' ^^ All this over an UDP IPV4 link of course.

I ended up resolving the issue. Only used the local Windows DNS server for the OpenVPN configuration. Viscosity setups up this loopback to internally handle the DNS itself.

@sreyas On the server configuration page, you select the protocol and local port. You'll then have to run client export again.

@q54e3w On the server side, I assigned the IPv6 Tunnel Network prefix. I also selected Redirect IPv6 Gateway, though that depends on your needs. In Advanced Configuration > Custom options, I added push "route-ipv6 ::/0". I also added that on the Client Export page, though I don't know if both are necessary.

@JKnott @Pippin Thank you very much! I have been putting this off due to a lot of dhcp reservations, but find and replace, in the xml export, reimport and reboot made it fairly easy to migrate to a subnet less likely to cause me conflict.

Thanks that was the problem.

Great! Many thanks for clarifying that :)

@Mat1987 Just to add. I can connect using a mobile hotspot but when using work connectiong its trying to use 1194 as local port. Mat

@azmodeuz said in OpenVPN SSL Site to Site - I am unable to push DNS to Site B and access a routed network in Site A from Site B: I set pfSense3 as OpenVPN Server so remote users are connected locally to communicate with our Local Net. Would this still be possible if I use pfSense2 as the OpenVPN Server? You will need a static route on pfSense3 for the OpenVPN tunnel network 192.168.121.0/24 pointing to pfSense2. @azmodeuz said in OpenVPN SSL Site to Site - I am unable to push DNS to Site B and access a routed network in Site A from Site B: Re: NAT, how should I do NAT to get responses back to pfSense3? You can add an outbound NAT rule on pfSense3 (S-NAT, also known as masquerading) which translates the source IP in packets from the remote site of the VPN into the DMZ interface address. So responses are sent back to pfSense3. However, that's a dirty solution and is not recommended if there are multiple clients connecting through the VPN.

Boa tarde, O Open-VPN funciona bem no pfsense se você segue as seguintes descrições: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/using-the-openvpn-client-export-package.html Gostaria de mencionar que o suporte oficial ao Windows 7 terminou, portanto lembre-se disso por questões de segurança. isso causa um problema: [image: 1590517786999-bd25ae00-1dec-40ed-9447-24049653c980-image.png] Cumps, C

As addresses of RAS VPNs are handed out via DHCP there's no way I know of, that you could persuade the server to hand out a dial-in client more then one IP.

@Rico Thank you for noticing my post. This is my layout The pfSense2 is my Public Firewall or gateway. INTERNET == pfSense1 (Client) --- LAN B (192.168.140.0/24) --- PC B (192.168.140.10) || pfSense2 (Gateway) --- DMZ net (192.168.88.0/24) --- pfSense3 (Server) --- LAN (192.168.8.0/24) LAN B and LAN A can communicate properly except that I am unable to push DNS to LAN B pfSense3 which is both the DNS and OpenVPN server. PC B can ping pfSense3 LAN 192.168.8.1 and WAN 192.168.88.7 but I cannot ping pfSense2 LAN 192.168.88.5.

[image: 1590420908925-0d3ea926-0ee8-448a-b636-d2f2ae2835a6-image.png] This is a selectable list. So select your EXPRESS as the default gateway ... ) Like : @Gertjan said in ExpressVPN OpenVPN won't work: While here System > Routing > Gateways, select / activate the "VPN CLIENT" gateway as the default "Default gateway IPv4".

@johnpoz I still have some 32 bit apps that i can not do without... and as far as I know Catalina doesn't support 32bit anymore.

@DominikHoffmann said in Help with adjusting the VPN port: @JeGr, how do mark this topic as “[Solved]” in the topic subject line? Can I? not exactly marking it but you can edit your OP and write a [Solved] in your topic line yourself - that works just fine.