@misinthe said in Issues with Subnet behind UDM Pro: It was just the internal networks on the pfSense weren't able to go through the UDMP. Most likely because the UDMP was still natting, and to get behind you would have had to setup port forwarding on the UDMP, etc. If your going to use the pfsense LAN as transit network to downstream router, please do not put any devices on this network - or your going to run into asymmetrical traffic flow. Whenever you connect 2 or more routers together, especially if they can firewall devices on this "transit" network between routers are going to have asymmetrical flow unless you route on each of these hosts to which router to go to get to specific networks.. If the downstream router does not nat you will most likely see the problem with downstream network trying to talk to devices on the transit.. You run into this problem.. [image: 1644769252671-ass.jpg] Pfsense never saw the SYN, so a SYN,ACK going to be block.. If your going to setup routers that talk to each other and route between networks they are attached to.. Setup a transit network.. See this diagram. [image: 1644769356990-pfsense-layer-3-switch.png]

@jmartinelli said in Very low speed on OpenVPN: I thought that wiregard was dropped from pfsense support (i.e; no longer supported) [image: 1644635470428-7a61259d-5d4c-4758-baec-d1c1e2077ea5-image.png] EXPERIMENTAL

@viragomann ok figured it out plex was getting the my site 2 public ip so it was trying to connect directly so I gave the docker its own IP and made this rule [image: 1644596711080-57acdb42-e989-4ae8-9caa-b086ab97f01e-image.png] now I get [image: 1644596876607-29717dc3-d5e4-4881-8b42-f697f29d33c0-image.png] this is my rule [image: 1644597277045-957da0c2-55b8-4602-b8b2-61e0bdec29c9-image.png] I even tried [image: 1644597307180-1d3d78f6-8a74-482f-b315-cbe535e2c743-image.png] to test if I left a port closed but still the same. when I disable the rule that changes the default gateway to site 1 it finds the private and public IP just fine

@troutpocket I had this issue in former versions of the network manager OpenVPN client. To workaround, I checked "don't pull routes" and entered the remote network manually above. As far as I remember, you only need to enter the network and mask and save it.

@thebonden this is easy if you want we can do it for you, we offer technical support at a very low cost!

@Gertjan Thank you, the monitor IP (8.8.8.8) and compression is what I needed to make mine work!

@netblues im trying to optimize for performance with a good security balance. But that works for me too, thanks for the input

@dael-sutton said in OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab): Yee-Haa. Unticking that "flush all states" tickbox seems to have done the trick. Thankyou @Silence for your patience while I grabbed at straws until the correct one appeared. 15:15 came and went and my test openvpv connection didn't drop, and my ssh session stayed running too. Don't forget to like the comment that helped you.

@johnpoz OK thanks ... I have learn alot thanks to this forum ...

@viragomann this makes a lot of sense. Thank you for the information!

Just want to share one more thing if i connect LAN cable directly on my desktop internet is fine and working but when i use internet through the WIFI router there is no internet and i can't access the webgui either.

@to2020 I managed to resolve this issue myself. I came across this article https://redmine.pfsense.org/issues/9511 So even thought my regular login to my pfSense has access to "WebCfg - All pages" which is inherited from admins, it does not include the advanced options. Looking at the permissions for the "admin" user itself, I see nothing different, but that user still has access to these advanced settings.

@mgideon It boils down to how do you authenticate your users to deliver secure information. pfsense doesn't have something automated in any case.

Does anyone have any thoughts around this? Or maybe this is of no concern to most users or IT security admins?

@trever So you fail to access VPN clients? Consider that each client run its own firewall. And firewalls of different operating systems can have different default settings naturally. Maybe you noticed that your issues concerns Android devices only.

Hi @viragomann, You're my hero! I've added the certificate to the certificate manager and selected this certificate in de VPN config and that was the solution. Thank for your help :-)

@scooter17 Thank you for this excellent solution. I can quite easily deploy an OpenVPN Linode. https://www.linode.com/docs/guides/openvpn-marketplace-app/ This seems much easier than loading BSD and PFsense, but I assume you found that you needed more than the OpenVPN capability. I am relatively new to self hosting, and any learnings or reasons for one route or the other would help me.