• openvpn.conf is not readable

    openvpn.conf daemon service openvpn
    1
    0 Votes
    1 Posts
    113 Views
    No one has replied
  • openVPN

    1
    0 Votes
    1 Posts
    123 Views
    No one has replied
  • OpenVPN (SSL/TLS + User Auth) not working together but separate

    1
    0 Votes
    1 Posts
    122 Views
    No one has replied
  • Unable to connect to internal LAN when OpenVPN tunnnel is established.

    2
    1 Votes
    2 Posts
    220 Views
    V
    @donpablo You will need some upvotes to be able to attach files. But you could have described you settings with a bit more details. So did you state the local networks in the server settings? Or did you check "redirect gateway". Did you have a firewall rule in place on the OpenVPN tab to allow access? The wizard should have added it automatically though. Are you able to ping the LAN IP of pfSense?
  • Can OpenVPN send "Calling-Station-ID" attribute to RADIUS as client IP?

    2
    0 Votes
    2 Posts
    160 Views
    B
    I see the remote user connection IP is recorded somewhere, I see it when I click on "Status" -> "OpenVPN", where it shows the table of connected users, and it shows their remote IP there. I see this in "/usr/local/www/status_openvpn.php": <td><?=$conn['remote_host'];?></td> Looks like that line builds the table data for the remote user's IP address (and port) and displays it in the OpenVPN status table. Is there a way to get that same data (remote user's IP) into "/etc/inc/openvpn.auth-user.php"? My familiarity with the code isn't so great so I'm having a hard time tracing back how this data is discovered, but it seems like there can be a way....?
  • FreeRadius Connection Fails From Phillipines to USA

    1
    0 Votes
    1 Posts
    95 Views
    No one has replied
  • Allow VPN user to access specific VLAN instead of all

    5
    0 Votes
    5 Posts
    360 Views
    S
    @viragomann Thank you so much, i didn't understand that i needed a IP "reservation" in the tunnel, so i can create a new rule allowing access to the MGMT network. now everything is fine.
  • openvpn sha1 client not working after update

    3
    0 Votes
    3 Posts
    378 Views
    A
    @ermilan2309 If you need and don't want to throw the hardware in the trash (the manufacturer forgot to update their product, for example Yealink). Use Custom options on server: tls-cert-profile insecure
  • AEAD Decrypt error: cipher final failed - after 2.6.0 to 2.7.2 Update

    2
    0 Votes
    2 Posts
    1k Views
    A
    @fholzer I have re-generated all certificates to 2.7.0 version.there are still fixes https://github.com/pfsense/pfsense/commit/48cf54f850c5bf4fe26a8e33deb449807e71c204.patch [PATCH] OpenVPN Enforce key usage option fix. Issue #13056 , Fix OpenVPN forming invalid route statements for empty local networks (After applying, edit/save affected entries or reboot, Redmine #14919). Use IP/system_patches.php
  • OpenVPN slow download

    8
    0 Votes
    8 Posts
    680 Views
    B
    @bp81 @Gertjan , This was client to site tunnel. Eventually there was no true problem, my way of testing with single tcp stream of iperf3 was bad idea. OpenVPN single stream can be awfully slow, max those 40mbps. If there is single packet lost, tcp windows goes back to lowers value. If I do iperf3 with parallel connections then I come to point that my download/upload are more or less the same. Cant explain why iperf3 upload test with single stream gets max, while download gets ~40-50mbps Nevertheless, my conclusion is that OpenVPN is particularly bad for those older protocols which use single tcp stream (ssh,scp, ftp, rdp etc) While those that use multiple streams, such as web browsing will get maximum speed. If I do test on speedtest.net i get almost maximum. This is without any special tweaks, AES-NI turned on, AES-GCM with ECDH without dco and any special mtu/mss buffer changes. Thank you for you willingness to help guys.
  • The openVPN in 24.11 have problem with the interface

    1
    0 Votes
    1 Posts
    125 Views
    No one has replied
  • OpenVPN connects, but does not allow clients to access each other.

    4
    0 Votes
    4 Posts
    227 Views
    S
    @fholzer The OpenVPN IF is wide open; allows from any to any, any protocol.
  • No communication from NAT client trough OpenVPN to second site

    2
    0 Votes
    2 Posts
    127 Views
    M
    there was a lack of client override settings now all is working fine
  • Plex With Vpn

    6
    0 Votes
    6 Posts
    272 Views
    W
    @dust1 Check this https://forum.netgate.com/post/675979
  • Openvpn 2.6.x dns resolve only full fqdn

    4
    0 Votes
    4 Posts
    226 Views
    johnpozJ
    @bolvar maybe your old client - which is common added the search suffix. You should be able to push the search suffix or domain in the options for that client on the server. You mean 2.6.13? That is the current openvpn client. I think right around 2.6.something is when they changed to dco interface - that might have something to do with the search suffix of the domain you hand out? But a NS should really never answer a non fqdn qeuery.. If you don't want to use the fqdn then you client should auto add search suffixes to the query.
  • LDAP authentication backend over OpenVPN tunnel

    1
    0 Votes
    1 Posts
    118 Views
    No one has replied
  • OpenVPN Layer 2 with VLANs - How to Set Up?

    7
    0 Votes
    7 Posts
    720 Views
    D
    @crazily9892 said in OpenVPN Layer 2 with VLANs - How to Set Up?: My pfSense lets me put a VLAN tag on my L2 VPN Thank you. I tried to set the VLANs on the OpenVPN tap interface: [image: 1741165278223-screenshot-2025-03-05-at-09.59.44-resized.png] And then I added a bridge from the newly created VLAN to the existing interface which is tagged on the switch: [image: 1741165307049-screenshot-2025-03-05-at-09.59.48-resized.png] [image: 1741165309798-screenshot-2025-03-05-at-10.00.33-resized.png] The CLOUD_LAN interface has a CARP Virtual IP Address: [image: 1741165533277-screenshot-2025-03-05-at-10.05.14-resized.png] On the other end, I have a vmbr interface: 24: tap0.150@tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr150 state UP group default qlen 1000 link/ether e6:43:98:64:45:36 brd ff:ff:ff:ff:ff:ff 25: vmbr150: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether e6:43:98:64:45:36 brd ff:ff:ff:ff:ff:ff inet 192.168.150.1/24 scope global vmbr150 valid_lft forever preferred_lft forever inet6 fe80::e443:98ff:fe64:4536/64 scope link valid_lft forever preferred_lft forever Which is bridged to the tap0 OpenVPN interface: root@node1:~# brctl show bridge name bridge id STP enabled interfaces vmbr0 8000.107c614c4e64 no enp5s0 vmbr150 8000.e64398644536 no tap0.150 Anyway, if I try to ping the pfSense CLOUD_LAN IP address from the OpenVPN client, it does not work: root@node1:~# ping 192.168.150.254 PING 192.168.150.254 (192.168.150.254) 56(84) bytes of data. From 192.168.150.1 icmp_seq=1 Destination Host Unreachable From 192.168.150.1 icmp_seq=2 Destination Host Unreachable From 192.168.150.1 icmp_seq=3 Destination Host Unreachable And tcpdump only see the ARP request: root@node1:~# tcpdump -i tap0.150 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on tap0.150, link-type EN10MB (Ethernet), snapshot length 262144 bytes 10:03:23.636095 ARP, Request who-has 192.168.150.254 tell 192.168.150.1, length 28 10:03:24.659991 ARP, Request who-has 192.168.150.254 tell 192.168.150.1, length 28 10:03:25.683845 ARP, Request who-has 192.168.150.254 tell 192.168.150.1, length 28 10:03:26.708073 ARP, Request who-has 192.168.150.254 tell 192.168.150.1, length 28 This let me think that the problem is on the client, because packages are not exiting from it. Do you have any idea? Thank you!
  • Strange route issue with L2 (tap) VPN

    1
    0 Votes
    1 Posts
    85 Views
    No one has replied
  • OpenVPN User Authentication

    1
    0 Votes
    1 Posts
    174 Views
    No one has replied
  • OpenVPN Users Authentication

    1
    0 Votes
    1 Posts
    104 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.