@TriStarGod what did u adjust

@Druplex said in OpenVPN unable to contact daemon pfsense 2.4.4_3: What would be the issue? The OpenVPN setup, the file with parameters that makes de service == daemon run correctly, contains errors. In this case, it's the place where you setup the OpenVPN settings. So the daemon (== service) starts, and fails to work correctly, so it stops. The GUI, let's say 'pfSense', can't contact the daemon, so it tells you what happens. Btw : to have the OpenVPN server logs telling you what's right and what's wrong, think about putting the "Verbosity level" to 3 or 4. Then go here : [image: 1577723705466-9f1f9c6e-1512-44d7-a1d8-b844f75561a4-image.png]

Fixed my problem Thanks! I made some security update's today to my vpn, as it has been ruining the same way for 3 or 4 years. After the OpenVpn app stooped working after I update it! I uninstall the app, the vpn certs, setting, vpn & package. I spent all day tiring different setting, Watching YouTube video's to steal other's setting! It was this simple Use a different app. My brain hurts after today. All the googling I did with that stupid error, Stupid android app. The Error I had was, Failed to parse profile: crypto_alg AES-256-CFB1: not found. It did not matter what Crypto I used I tried many. @jimp THANKS DUDE!.!

@JKnott It is unusual, but it's the standard Comcast setup when you have a business account with static public IPs. For residential, or lower-tier business accounts, you get a dynamic public IP. I'm talking about v4, but they are now providing a static v6 block with the v4, and a residential user gets a dynamic /60.

@sianand said in Need OpenVPN on a pfSense behind NAT Router: pfSense isn't doing NAT That's probably a dont care. The destination isn't NATted by pfSense, because the end destination is pfSense itself. A [image: 1577369297741-870c2b81-2e35-48c9-80d1-0d07f9b12c35-image.png] on your WAN interface will do (if you use UDP on port 1193 - this rule will be created by the OpenVPN wizard if you used that wizard). The upstream router - if any - has to have a 'real' NAT rule of course.

I solved the VPN-disconnects by putting some commands to the advanced config in Open-VPN: on the server site: keepalive 10 120 reneg-sec 43200 on the client site: keepalive 10 120 reneg-sec 0 The time differences still exist, but that doesn't bother me at the moment.

@Pippin said in suddendly I get a "bad source address from client" on OpenVPN, yet everything is working: From info given you don't really need the iroute. exactly, and it's plain wrong as well, in fact it wasn't set up with the unnecessary iroute and I had no such message in the logs, afaik nothing major changed on my side of things. I am connecting from a home connection which is actually a 4G router, no adsl reaches where I live, and the carrier did change something because their NAT address definitely changed before this happened, but I can't fathom how that would cause that message on my logs. luckily this is just a VPN connection I use to admin the firewall from my laptop from remote locations and from home if needed, so nothing critical, the critical VPNs this box handles are untouched by this issue and the logs are clean. I should have avoided common subnets from the beginning, guess it's time to do that now and see if that has any impact, it's good practice anyways.

@Derelict I think i got it to work. After i set the default gateway manually to the VPN and not automatic and saw that it worked, i transfered the Flowing Rule i made for the outbound traffic to the Lan interface. With the new knowledge of your help and the help of viragomann i changed some tiny things in the firewall rule. After that i changed the default gateway back to automatic and know the outbound traffic takes the vpn and everything works. I even rebootet the firewall to get lost of the states but everything still functions as it seems. Thank you so very much for your dedication and your help.

@marvosa Perfect, I did get it with Policy Route VPN. I was trying to do this before, but I was missing the gateway, I had already created it for my VLAN, but didn't realize I also needed one for this VPN. Once added that and configured everything it all worked!!!

@viragomann Thank you SO mutch. It wass the : Don't add or remove routes automatically Do not execute operating system commands to install routes. Instead, pass routes to --route-up script using environmental variables. that did all the messing up. All working flawlessley :-)

@marvosa said in OpenVPN site to site for IP Phone: Unless you have (or want) super restrictive outgoing firewall rules on the LAN interface, there should be a LAN net/any rule for the LAN interface on both ends by default. A LAN net/any rule means all outgoing traffic is allowed. More specifically, it's a rule that allows traffic sourced from the LAN subnet and destined to any IP, any interface, any port using any protocol. Thank you very much for trying help me. I did what you asked but still no go. Probably, I am still doing something wrong. So, I would like to present my situation in a more detailed way. This is schematic of my Office and Home network: https://imgur.com/DMVPBxL These are from office pfSense: https://imgur.com/pXR7l7o https://imgur.com/dIHoC0v These are from home pfSense: https://imgur.com/Wl0X39a https://imgur.com/pGPpAc5 OpenVPN interfaces are from configuring through OpenVPN wizard. Still, FreePBX on 10.10.1.20 is not registering the IP phone (192.168.2.51) at home. Do you see anything wrong with this setup?

Thanks. Still hoping for any guidance on the original question.

Get back here : https://forum.netgate.com/topic/148959/connection-with-remote-server-not-established-because-of-a-server-verification-method-error/33 and do that test. It resolves, or not ? Also, describe your DNS settings.

I exported the "inline configurations" configuration and now it's ok ! Thanks.