@kakerstrom Interesting, I recently set up a Hurricane Electric IPv6 tunnel which involves adding an interface. I was already connected to the web GUI via a PC on LAN. Routing out from the PC over IPv6 actually worked but I found I couldn't ping or DNS query the new LAN IPv6 until I restarted the router. Firewall rules seemed to be ignored as the default block rule was triggering. Sounds like you restarted after removing the interface? Would have been interesting to know if restarting first would have fixed it for you... For client/remote routers we usually allow GUI and/or SSH access from our IP, either on WAN or if they have a web server one can NAT forward WANIP:50443->LANIP:443 (still limited by source IP). Also re: referrers, in System/Advanced/Admin Access, set "Alternate Hostnames," for instance add the WAN IP or hostnames.

I have the similar issue after upgrading to 21.02.2 version on my Negate SG-5100. Prior to upgrade all OpenVPN connections were working fine. After upgrade only one VPN connection is working, other is connected but no traffic passing. On disabling the VPN on connection 2, data traffic starts but not on VPN. Not sure if it's a bug generated by pfsense update.

@sakthi said in Not able to RDP or SSH via OpenVPN: and i'm able to access the ESXi homepage as well What is the IP of this ESXI VM ? 192.168.65.x/24 ? pfSense is 192.168.65.1 ? During setup, set up firewall rules on the OpenVPN (or OPENVPN interface if you have instantiated the OpenVPN interface - see Youtube => Netgate video's for details) lie this : [image: 1618987082814-d891ffed-7b91-45b7-a625-eae293eb9346-image.png] I'm using myself the OpenVPN server of pfSense so I can call in, use the GUI of pfSEnse, or the SSH access, and also some RDP access to other devices on my LAN's (192.168.1.x/24 and 192.168.2.x/24) My OpenVPN Tunnel network is 192.168.3.x/24 I had to inform my RDP (Microsoft based devices) that these had to accepts connection from the outside of their 'own' LAN, as by default they are restricted to their LAN == local access only. Btw : I have two local physical networks, 192.168.1.x/24 and 192.168.2.x/24 As my devices to be contacted from "remote" are all on 192.168.1.x/24, I used the 192.168.2.x/24 network to see if I could connect to these RDP and SSH devices on 192.168.1.x/24. When I knew how to make it work from 192.168.2.x/24 I knew I could also make it work from 192.168.3.x/24 - the OpenVPN network. That was the moment I started to build my OpenVPN access.

@mgiammarco2 I have deleted carp/nat/gateways/gateways groups on slave XMLRPC recreated them again but again wrong. How can I file a bug?

@johnnyfive Yeah this is the problem - what a shame. It would be really great to have full acceleration using QuickAssist!

@notahacker The policy routing rule directs any matching traffic to the VPN server. So this will also include DNS, however, your computer might been configured to use the PiHole for name resolution. So if you want to use your PiHole on this machine you have to add an additional firewall rule without a stated gateway above of the policy routing to allow the DNS access. However, this will result in DNS leaks, cause with this the DNS goes out the WAN interface. You can only avoid DNS leaks by directing DNS requests from the concerned computer over the VPN.

@airwave said in Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted: I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start. When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once... Hi all, I tested a bit deeper and found out, that the attribute "explicit-exit-notify" in the openvpn client configuration seems to remove my issue with "no communication on reconnect". So then I guess this problem is fixed with 2.5.1 and explicit-exit-notify. Cheers

@stellir said in OpenVPN is setup and connecting but no access to local shares.: @viragomann said in OpenVPN is setup and connecting but no access to local shares.: add a pass rule to the Windows firewall for the VPN tunnel network Any direction to accomplish this would be appreciated. The wizard created a Pass rule for the OpenVPN on port 1194 so what else is needed. You need to do the on your Windows 10. This one: Ok I disabled the firewall on the Windows 10 computer hosting the files That's not the topic of this forum and I'm not sitting on a Windows currently. But there is an option to add firewall rules to it, something like "firewall advanced settings". Add an allow rule for the source of the VPN tunnel network, maybe you want restrict ports or simply allow any.

@viragomann Thanks for your help, sir! I really appreciate it. I am unsure as to how or why, but changing the connection to UDP seems to have fixed it. I don't know why or whether this alone was the issue, but the rules are the same and it now just works. It has also been re-booted a few times. All the best, Richard.

@heliocoeur said in PfSense (2.3.3) Hangs on boot with invalid OpenVPN password: vpn > openvpn > client and put a password to the user. if needed put a password to the same user in system > user manager that is the solution ..many thanks to heliocoeur

@bob-dig said in Port forwarding on OpenVPN interfaces is broken on 2.5.1: Probably this: https://redmine.pfsense.org/issues/11805 Yeah that's probably the same bug :)

@shamsali222 When you use DHCP to provide an address, you can go into Status / DHCP Leases to find the assigned address. You can then convert that MAC address to a static lease with whatever address you choose, provided it is not within the DHCP pool.

@ddbnj Basically it doesn't matter, where you add the rules, however if you have already assigned an interface, I'd prefere the interface tab. It's quite simpler. For instance, if you add a block rule you can use any at source without affecting the other VPN instances. Furthermore if there is an incoming traffic from a public source on an OpenVPN interface (forwarded from the remote site) you have to care, that there is no rule on the OpenVPN tab mathing it. Otherwise responses are not routed back properly.