I discovered openVPN didn't upgrade with the OS. From a command prompt, I ran pfSense-upgrade -d and applied the missing updates. After installing the updates and rebooting the machine, openVPN started working correctly.

@aviatorpaal said in Peer to Peer routing unidirectionally: Netgate docs, in their configuration example unfortunately uses a /24 as the tunnel network, which led to the confusion: You should read the whole document: [image: 1665054524357-130ee8d3-92f9-40b3-a6b8-4b1da618fa12-grafik.png]

@norvik-it Good news : your question isn't related to pfSense. It's just that pfSense has also a OpenVPN server build in. You could also use the OpenVPN server on your NAS, for example. First things first : when you set up a OpenVPN server, you'll find a new interface on your pfSense, typically called "ovpns1". You have to assign it to an interface like : [image: 1665046486220-8ffb780f-faa4-4002-835c-ef9c54e33ff3-image.png] Now, activate the 'go easy on yourself' mode, and add two rules : [image: 1665046568189-e5f7a486-093d-4bfc-9b5d-dfe08e6b65ee-image.png] You can even combine these rules. Or use just IPv4 if you don't use IPv6 yet. Now, when your OpenVPN client connects to your your OpenVPN server, traffic will 'enter' this OPENVPN interface. Another thing : OpenVPN is giving IPv4 to your OpenVPN clients. The DHCP server for your LAN and other LAN type intefaces has nothing to do with OpenVPN clients. OpenVPN server is also doing what DHCP does : it also gives IPs to it's clients. So, when I have this on the OpenVPN server settings page : [image: 1665046802568-551ef7e7-ead9-4c25-af1f-3ea4999cca17-image.png] I know that my tunnel IP network is 192.168.3.0/24. OpenVPN server will use the dot 1 My first openvpn client will have .2 etc - and again, it's not a DHCP server that gave this IP. You don't even set up a DHCP server that works for the 192.168.0/24 network ! Btw : Your first line (see above) that you should consider not using some LAN based device DHCP server (the 192.168.0.7). Let pfSense handle DHCP for all your LAN networks, using the DHCP server. Make life easier on yourself. Btw : with the firewall rules shown above, you can access pfSense itself, LAN(s) devices, and whatever you can find on the Internet. edit : Use this 7,5 minutes video to set up a server : Configuring OpenVPN Remote Access in pfSense Software Only deviate from that setup up when one of these two conditions are met : You have a solid understanding of an OpenVPN server (and client) (sorry, will take time, openvpn is utterly complex). You want to try out things, and know how to get back to working setup when done messing around (because, why not, we all love to test/play/etc)

@johnpoz That is exactly what I was thinking... How to keep track of all the tls keys... Now to figure out how to utilize some of the addins like nort... I can't thank you enough for all your help!!

@rini My giess is: You would have to put a copy of the pfsense Root CA "public part" on the DSM too. It has to know the full chain.

@viragomann said in openvpn doesn't connect if there was a power loss: Switch of the power of pfSense only or even of a device like a router in front of it? pfsense is installed in a computer so power of computer @viragomann said in openvpn doesn't connect if there was a power loss: And none of them is reconnecting? none get auto reconnect, need to do manually for make reconnect

@viragomann They definitely are....up until it disconnects because it's working just fine other than the disconnect.

@amirat said in Ip forward with openvpn: so how can i do routing? and i also need to use vpn for my phone , how you say that it is irrelevant? Many people seem to think a VPN is somehow different from any other IP connection. All the VPN does is set up a secure connection between two points. Years ago, that might have been done with frame relay. As for routing, you have to let the various devises know how to reach some other device. With a VPN, you at least have a route to the VPN server and from there out to the Internet. If you want to go anywhere else, then you have to ensure there's a route configured to that point. It also doesn't matter what the client is. Whether a computer or a phone, it still works the same way. What you have to do is determine what you want to reach and where it is, relative to your OpenVPN server. Then you have to decide whether you have to add routes. For example, pfSense knows about directly connected networks, so you don't need to specify a route to them. Beyond that, you have to.

Hi @viragomann thanks for your support on this. I could get it working, I just removed Custom options push "dhcp-option DNS 192.168.3.1"; push "dhcp-option DOMAIN local.lan"; I saved changes and restarted the whole pfsense, it just started working after that restart, I mean the machines which are using OpenVPN can reach the machines which are in the LAN network by dns instead of IP addresses, my suspicion pfsense needed to be restarted and there was not any need by adding the Custom options, after that I wanted to double check this in other to have repeatable steps and what I could find out is that those enabled options in Dns Resolver such as DHCP Registration, Static DHCP, OpenVPN Clients as DNS Default Domain and Dns Server 1 in OpenVPN server settings are mandatory options in order to get it working, I know there could be a lot of ways to do this, I am just sharing with you how I could do it in this way

@hugoeyng [image: 1664334071284-7bbf42ad-b7b0-4f60-b77f-3abf915c57fb-image.png] [image: 1664334180453-4f7e418d-9e4e-4751-ba32-d1d20d8e1c26-image.png] [image: 1664334208255-23cc8ca3-714a-4c0d-91cb-980863fa2964-image.png] [image: 1664334235890-dc0ce8e6-9968-46db-9bb5-ec008302295f-image.png] [image: 1664334255431-83f9959c-8162-4eca-bb86-6e4338670481-image.png] [image: 1664334316343-de9ed4ff-d695-4451-95db-20688914109f-image.png] [image: 1664334349260-a14f4c94-0de3-4f53-8ac4-0d7344242003-image.png] [image: 1664334373555-35d6ebff-a693-42df-9466-096e4f55d11b-image.png] [image: 1664334412102-27c6c956-766d-4ebb-a113-ad0245145f32-image.png] Now OpenVPN setup is complete. Make some changes in the settings, for this click on the edit button and go to the "Tunnel Settings" Section And click on the checkbox as shown in the image. [image: 1664334504969-fc374501-daf3-4e65-9bf7-681b077cb714-image.png] Now Create a user to log in to OpenVPN System > User Manager > +Add. [image: 1664334937802-ef03d35a-7e57-4c27-a9aa-4144ad163a31-image.png] [image: 1664334955389-e8852f40-41b0-40a1-b7e3-105203b0cf30-image.png] Now go to the OpenVPN client Export and export the user file. Then install the setup file in the system login with username and password. [image: 1664335107570-89873547-2daf-4bef-b82b-7784f80e01d9-image.png] Have A Great Day!!

I am on 22.05. It seems the upgrade didn't complete correctly. I found this post and tried the solution of running pfSense-upgrade -d. That showed 1 package to be installed and 40 to be upgraded. After completing the upgrades and rebooting, the OpenVPN service started and I am able to connect again.

@dragonfixed00 Packet capture on LAN using TCP and port 2222 Do the SSH packets arrive on LAN ?

This is my client config dev tun persist-tun persist-key data-ciphers AES-128-GCM:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA256 tls-client client resolv-retry infinite remote X.X.X.X 1194 udp4 nobind verify-x509-name "X.X.X.X" name auth-user-pass pkcs12 pfsense-UDP4-1194-khodorb.p12 tls-auth pfsense-UDP4-1194-khodorb-tls.key 1 remote-cert-tls server explicit-exit-notify verb 4

@madfuzker said in CE-2.6.0 - Unable to disable OpenVPN Server if Interface is assigned: @bob-dig I can confirm that in 22.05 this is NOT fixed. Definitely not fixed. But not a problem for me anymore, I only use WireGuard.