@johnpoz said in Getting two different network configs using same openVPN client file: And what is your LOCAL network at work? if its the same as your remote network or tunnel network then yeah going to be issues. DUDE! You are a $@#%*& genius. As soon as I read your post, I knew you nailed it. I needed to wait until I got back in the office today to confirm, but that was it. Thank you! Of course, it made total sense once I read your post. Sometimes in the problem, cant see the forest through the trees. Thanks again John!

YUM blows up all the time ;) and while repository mangers like yum and apt don't prevent the users from shooting themselves in the foot and running into dependency hell. They have attempted to stop most of this by making it harder to install your own packages and stuff - but users still do it. Pfsense uses apt and use special pfsense repository... Sure they are or will be looking into locking it down to specific version repositories.. Where if package and or any of its dependencies require upstream version of anything the package will not be presented to the current installed version of package manager, etc.

You can reconfigure the switch so that "OPT2" is a dedicated port on the switch just for that one connection. https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html

The following input errors were detected: If no Client Certificate is selected, a username and/or password must be entered. pfSense doesn't allow me to.

Why do you use OpenVPN in TCP Mode? Switch over to UDP and try again. -Rico

Thanks for the help. Finally figured out (after doing tcpdump on my lan port) that the connection request was being forwarded to one of my internal systems. I forgot I had port forwarded a range of ports to a system and 1194 was one of them. Specified the ports exactly instead of port range and was able to connect right away. So for anyone facing similar issue, check your port forwarding and make sure you don't have the openvpn port you're using in a port forward to a different system.

I never noticed the change to being able to specify multiple networks in 2.4.x. That's great!

Jimp my hi5 to u, that was the trick. Now I will create a Load-Balance, FailOver1, FailOver2 for my connections. Thanks Jimp.

@jimp said in Possible Bug Setting up OpenVPN Client: In the past, having any setting other than None for IPv4/IPv6 was a configuration error. It wouldn't have actually worked, and the fact that it let you configure what it did is probably a bug. Setting it in the way you describe would cause one openvpn client to bind and run inside the other. Why would you want to run OpenVPN inside OpenVPN? Thanks for this information, I didn't realize the effect of what I was doing due to lack of knowledge and because it just worked. The reason I set it up like that is because I followed the setup guide on ExpressVPN's website and that is how the guide showed to set it up. I actually questioned them a while back concerning a different part of the guide and there response was that they couldn't help because it was a user submitted guide. EDIT: I looked at the guide again and I did misunderstand part of it. They do set the client interface to WAN but at the same time they also set the actual VPN interface to DHCP. So it looks like there guide is wrong AND I misunderstood part of it. Now if I could just figure out how to get a working monitor IP on these VPN Gateways. I'll ask that question later though.

@derelict said in iPhone/iPad no longer works after update: Have a look at Services > DNS Resolver, Access Lists and see if adding the tunnel network to an Allow list there doesn't start allowing queries. That fixed it. Thanks,

@alexxtasi said in Using Radius for accounting only, Ldap for authentication (using Radiusplugin ?): it a radiusplugin problem of openvpn in general ? thank you @alexxtasi, you forgot to reply to yourself and tell us that you have fixed this crash:)

IIRC on Windows you had to run the OpenVPN client as Administrator or it wouldn't create the routes propeprly. It would look like it was working but you had no error messages and no access.

Doubt fix, I just use the tunnel created, thanks.

Welcome.

Ok, thanks, I will plan for one user/cert per TC then. EDIT: That means creating one user/cert per Thin Client on pfsense, and creating one specific profile (in terms of IGEL UMS) per TC (deploying the individual cert, configuring the VPN-connection to use that cert). Bit more work but manageable for 4 TCs as in my current case. btw: I plan to name the users/certs after the MAC of the TC to keep it traceable and not get something like user-names in there. OK?