@gijey Ensure that the LAN address of pfSense is set as default gateway on the LAN devices. Also check if access from outside of the local subnet is allowed on the devices firewalls.

Sorry, solved... 🥺 By mistake I've entered the same subnet of the tunnel to a new interface (vlan) while copying/pasting from my config sheet...

currently the company has an ASA which does radius to their Network policy server which has the Azure AD add on. So was hoping that OpenVPN or other vpn on PFSense. Hoping to reuse that

@knebb You can stay on Debian 12 and even upgrade later. Just use OpenVPN client from Debian 11. The default: dpkg -l | grep openvpn ii openvpn 2.6.3-1 amd64 virtual private network daemon dpkg -l | grep openssl ii openssl 3.0.9-1 amd64 Secure Sockets Layer toolkit - cryptographic utility Steps: sudo apt purge openvpn sudo apt autoremove sudo sed -i 's/bookworm/bullseye/g' /etc/apt/sources.list sudo apt update sudo apt install openvpn dpkg -l | grep openvpn ii openvpn 2.5.1-3 Lock openvpn package so it doesn't upgrade automatically in the future: sudo apt-mark hold openvpn openvpn set on hold. Remember to revert to the default distro repositories: sudo sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list sudo apt update

@Pippin said in VPN override remote host ip if local network has the same ip: @yeahmagnets said in VPN override remote host ip if local network has the same ip: My remote network is 192.168.1.0/24 and the home network is 192.168.1.24/0 Change at least the home network: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts Yeah that is an option but just think that you went to holiday and hotel's network is also 192.168.1.0/24 and some other guest's computer assigned 192.168.1.50 so you can't say leave that ip it conflicts with my file server can you? There must be solution.

@viragomann you rock man! I thank you to pointing me to the solution! it's working as expected now! ciao!

@viragomann These public ip addresses are my vps where openvpn is installed. Yes. Yes. [image: 1687872474107-752fda1f-875d-4f38-8e28-bf917811b24e-obraz.png]

@wolfsden3 Download the Most Clients config 1 single file with that it should work [image: 1687852444213-4a9f6bf1-87fb-41ad-bc29-5108d59fb25b-image.png]

@Gertjan said in Solved: ExpressVPN connection error Data channel cipher negotiation failed (no shared cipher): Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 That's the control channel ;) . Data channel is this one: 2023-06-26 11:08:24 us=684115 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-06-26 11:08:24 us=684160 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

@ipguy For further investigation you have to provide the clients and server logs. You can try to disable "Data Encryption Negotiation" on the server. If the client has an old config he might not support this feature.

@viragomann Thank you very much. While trying various things, I found that by setting the alias and placing it above the VPN configuration in Firewall -> Rule -> LAN, I can bypass specific sites and not route them through the VPN. Thank you for your guidance and help.

@pst thanks, I looked. But I get the same logs Jun 20 20:01:24 openvpn 23836 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [ key#2 state=S_UNDEF id=0 sid=00000000 00000000] Jun 20 20:01:24 openvpn 23836 TUN READ [29] Jun 20 20:01:24 openvpn 23836 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [ key#2 state=S_UNDEF id=0 sid=00000000 00000000] Jun 20 20:01:24 openvpn 23836 TUN READ [56] Jun 20 20:01:24 openvpn 23836 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [ key#2 state=S_UNDEF id=0 sid=00000000 00000000] Jun 20 20:01:24 openvpn 23836 TUN READ [48] Jun 20 20:01:24 openvpn 23836 MSS: 1460 -> 1287 Jun 20 20:01:24 openvpn 23836 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [ key#2 state=S_UNDEF id=0 sid=00000000 00000000]

@michmoor In any case, thank you for your help. Many thanks

@zapador said in [Solved] Can't resolve hostnames from OpenVPN Client: All of these resources (VPN clients) are vessels/ships with monitoring systems onboard that collect data Ah, nice, I get it. Collecting data from ships ... Nice !

@viragomann Yes, the failed and successful users are related to the same ISP. This is giving me no way out as OpenVPN clients are generated with the same settings for connecting to the server. Some connect and some don't, giving this TLS error.

@bingo600The IPV4 tunnel option is blank. Could that be the problem there? [image: 1686851986905-tunnel_.png]