@michmoor Ok i think i figured it out. I think.. When the phone or any device goes idle, and authentication happens again it fails obviously because the authcode changed as well. Is there an option that will pick up where you left off ' resume the connection again. On more corporate environments I have worked in, that is a feature with a hard time out of 24hrs so there is a user convenience factor to all of this.

@aldomoro pfSense shows you what you've entered as user credentials. I'm using TLS only, and not User/passwords, the connection shows the CN entry in the certificate, not the name of the iPhone, neither the created user for this VPN connection. So, you decide what shows up when a user connects.

@summer I would agree that something is hitting that ip/port (could be a simple portscan or worse) But if you have a secure setup , there is prob. no reason to worry. /Bingo

@ryanwhite36 Which pfSense version are you on?

@wgstarks said in [SOLVED] Connecting from OpenVPN server subnet to VLAN’s: @johnpoz Can I use an alias in place of the list of networks? Nevermind. I see it in the fine print.

@jimp Thanks!

@mrjoli021 To push the routes to the remote users, add the local network they should be able to access to the "IPvX Local network/s". AND also configure the firewall rules on the OpenVPN tab to allow them only to access what you want. If you have an allow any to any rule edit it and set the source to the access servers tunnel network and the destination as desired. Assuming you have an assigned an interface to the site-2-site, where you have a proper rule for that communication.

Here is the OpenVPN list of environment variables.

I guess this is a unique issue. I'm not shocked. :)

@leao-adilson said in Information about OpenVPN and pfSense: The thing is that I can't connect to the VPN from within said LAN See it like this : From every railway station in the US you can take a train to New York (the city), Central station. A train could take you directly, or you need to take several trains one after another, but you will get their. I guess we say there is a correspondence. Now, imagine this situation : you are at central Station, New York (the city). You approach the help disk, and ask this question : How do I get to New York central station ? Please film this, as the scene will be epic. When you connect yourself into your LAN, using Wifi or cable, your device becomes member of that network, and can contact all the other devices on the same LAN. And it even gets better : without the need of pfSense. You could remove the cable from your pfSense **. Example : when I'm @work, I can use an app in my phone to watch the 16 video cameras. The device, a DVR, has 192.168.1.10, which is the IPv4 of our DVR. My pHone will have another 192.168.1.x IP. When I'm @home, or where ever else on planet earth, I have to activate my VPN-to-Work app first. This will build a connection to our @work pfSense. Then I launch my Camera App, and it connects just fine to our DVR "like as I was @work". The VPN secures the connection. No need to switch IP addresses, or activate NAT rules on pfSense. Keep in mind : When I'm @work, I can connect to the company's LAN using APs that give me access to that LAN - our 192.168.1.0/24 When I VPN into work, I connect via 192.168.3.0/24, the VPN tunnel network. But a firewall rule on the OpenVPN interface permits me to connects to other 'LAN' 192.168.1.0/24 so I can access the DVR. ** that is, you probably still need pfSense to deal with the DHCP part of the connection.

@gertjan honestly i still used 1194

@gertjan @jimp thank you, applied the patch, should work now

@viragomann Oh that Thanks again for your help. When setting up a new OpenVPN server, its also says "The interface where OpenVPN will listen for incoming connections (typically WAN.)" and we have had that on WAN and its always worked that way. We don't have a VIP for the router/pfsense and can't assign one to it now anymore. Also, i edited the client ip to match what OpenVPN logs says its bound to and its still this TL error.. it's driving me nuts at this point.

Hi @pippin I will give that a try and see if it helps. Thanks Gary

@m0l50n Glad that you found the culprit at last. Yes, you can define the firewall rules on any interface on the route. It's okay to restrict the traffic on the OpenVPN interface and allow only specific destinations at A and at the main office. However, from the security point of the main office, it may be desirable to restrict the access on its incoming VPN interface additionally for sure. But if you have full control over both sites and you can say that site A is save as well, that's not really necessary.