In this case, there will never be any dynamic clients. All of the clients will be cloud servers/sites that require a static IP. I just wanted to cover all bases in case there is a situation in the future that would require dynamic clients on this particular OpenVPN server instance.

Oh, thank you. Sorry I put my request in here. BR

By poking around in the ISP modem/router's settings, I found one that allowed me to do Mac address passthrough - I copy-pasted my pfSense WAN interface's Mac, and Poof, all was well! I suppose I could have done a port forward for the specific port only, but given that my traffic only goes direct to the pfSense box (which acts as my firewall), I think this is acceptable - thoughts?

When you create your client override you can call out different tunnel network.

@pfnguser114 are you using their DNS servers? if so where are they plugged in at ? are you using the dns resolver? what browser is leaking?

Your subnets should not overlap. -Rico

@netblues this is my mistake in the content of the post, port 40 000 or 9 they are default, I tested both.

Not enough information. A comprehensive diagram of what you are trying to do will probably be worth a thousand words.

Hi, Actually I got it figured out, it was compression problem! Maybe here was too many things wrong and change of things, for one I used now different VPN service as earlier. For second there might have been something wrong in the rules as I when my public ip was in use on the host which should have not been. Dunno, but now it is working as intended. Connection is off when tunnel is down. Correct compression setting in the vpn config started the packet flow. So ***Solved

I seem to have fixed my slow speeds with the following: I am now getting 40mbps download and 30 upload over vpn. System/Advanced/Networking -- Network Interfaces -- Hardware Checksum Offloading: (checked) Open VPN Server config -- Advanced Configuration -- Custom options: fragment 0 mssfix 0

That wasn't very helpful.

Your welcome - any time ;)

@jimp said in Shared object "libdl.so.1" not found, required by "openvpn": Except as I've said a few times now, you can't do that anymore. There is code in place to prevent that from happening. We've done all we can to protect against that in the future. Ok perfect, but I will check this point on next upgrade because I actually had the problem upgrading from 2.4.3-p1...

Thanks netblues, what I did was this. add the remote network(client) in the RW settings: IPv4 Local networks: local-network,remote network Latter, I add in the RWOVPN Rules, 1 rule that allow the RW network access the server lan, a 2nd rule that allow RW network access remote network using as gw the LB-GW from the site2site setup. In the client network, I didn't have to add nothing, this change was only in the server side. Is working, thanks netblues.

Well, I have connectivity between the two buildings. I found a 2 page instruction on the web, that really helped. Also, what made me think I wasn't seeing the buildings was the fact I coudn't ping either PFsense box. BUT, when I tried to ping devices such as my time clock in the remote building, If out that I could. I can also go to the remote site, and ping my servers in my building... I'll shut the remote site down until it's needed in the event my netgear boxes puke on me. Thanks for the guidance and help.

OpenVPN encrypts data transfers between your clients and pfSense LDAPS encrypts the LDAP authentication process itself between pfSense and your LDAP server. The two are not related, and you should always go for the more secure option if it's available. LDAPS is definitely preferable, especially if the LDAP server is remote to the firewall. If the firewall and the LDAP server are on the same network directly connected (e.g. LDAP server is in LAN or DMZ) then it may not matter so much, but I'd still go for LDAPS.

You must not assign an ip address on the openvpn interface. Keep it at none. It will be assigned by openvpn server (or client) automatically. Then you will have the needed gateway,