exactly - out of the box unbound does not allow vpn users to query it.. If you want your vpn users to be able to query unbound, you have to create a ACL to allow that. Per the example posted by @bingo600

Yeah the defaults for cert manager have been adjusted - because quite often these certs are installed on things you would be hitting with a browser. Say a web gui for pfsense ;) Or your web server your setting up, or some other gui for other software, or appliances like switches, etc. But when it comes to your openvpn - this is pretty isolated. The only thing using these certs are limited to the openvpn server/client. So the limitations for life of these certs would be controlled by the software and not the OS running the software.

I can't vouch that it wouldn't break anything but you could just edit the system_camanager.php page and comment out the validation check https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/system_camanager.php#L171 Then import it. I don't recall if it's checked before use in OpenVPN frontend or backend so there may be some other similar checks to edit. But the real fix is to use a proper cert. Just because OpenVPN/OpenSSL allows it today doesn't mean it always will.

Did you add Outbound NAT for your RAS tunnel net? -Rico

BAM! That was spot on. Thank you. [image: 1604856067383-e668a5b5-131f-457b-9a93-9a60aceda60f-image.png]

ok, I don't know why, but I am now able to get the IP address within Plex [image: 1604830926525-a32579eb-3c7a-4f75-ab21-be4c59d9d1ac-image.png] so I have check my Plex app on my Phone - All Good my when I check the WebApp on my LG TV = it is not finding the Plex.

@andrewglass3 Fixed - turned out to be a couple of issues, the openvpn package was borked. Tested with a static site to site instead, wouldnt connect. Full clean install and repeat the site2site with shared key and we are up and running! Link speed with i3 6100 pfsense box = 11MB/sec from ovh to home which is saturating the link. Previously on the edgerouter 4 which has no aes-ni or offload ability for openvpn I was lucky to maintain 1.5MB/sec. This is sooooooo much faster :) I really need to learn pfsense fully now :)

@FrankZappa UDP will work, as that's what OpenVPN normally uses. The issue, as you mention, may be the firewalls on the networks you try to connect from.

Hello, I found what was the problem. When we migrated to pfsense from checkpoint firewall, we imported an alias named "OpenVPN" which pointed to openvpn port number... This caused the "syntax error" on the rule because $OpenVPN was a port number and not the interface name of openvpn. But I guess wizard could tel us that OpenVPN variable is already used when validating installation but anyway :) Bye

not sure why but I disabled all the openvpn client interfaces / suricata interfaces / toggled the network adapter offloads / edited the firewall lan rules and then rebooted. added everything back in and rebooted. now everything seems to be coming up in the expected state.

@adrianolaurent said in VPN app on iOS: I want to know how to set vpn configuration please if you can hellp me am trying to solve this problem but its not possible Do you have a pfSense firewall or just an IOS device ?

@ramses-sevilla said in Upstream very low compared with downstream traffic with OpenVPN Client.: Can you tell me where is the text OpenVPN Server config file in pfSense? The info you entered on the GUI config is used to create this OpenVPN server config file(s). So, you know what's in it ;) Bcause you entered that info - or accepted default values. Look here : /var/etc/openvpn/ You'll find serverx.* files where x is the OpenVPN server number, typically 1.

tried this? push "dhcp-option PROXY_AUTO_CONFIG_URL http://www.openvpn.net/proxy.pac" info on how to setup the wpad/pac stuff https://docs.netgate.com/pfsense/en/latest/recipes/http-client-proxy-wpad.html?highlight=wpad

Thank you very much! Your solution fixed my problem! I missed to add the tunnel network to the remote networks on site B.

Dear @dotdash That's typically what I did when faced the problem.