What I did was: 1 OpenVPN server with /22 subnet First 512 addresses are dynamically assigned and permitted only to few segments Next 256 addresses are defined via CCD and have special FW rules Next 256 addresses are defined via CCD and have also special FW rules In this way I have full control over all clients on only one VPN server

@nemo6262, I was looking for a client setup I have to tell you precisely what to do but I can't find one. This is probably because all of the clients I manage now are on Windows Domains and this is no longer an issue for me. But, I'll tell you where you need to go to setup the Windows Firewall Rule. Get to your Windows Defender Firewall. It's best to get to this through the Windows Control Panel. On the left click the link for Advanced Settings. From this screen you can create custom rules to allow for Inbound and Outbound Rules. If you right click on Inbound Rules or Outbound Rules you can click on New Rule... and a Wizard will come up to create a Rule. When you go through the wizard there will be a portion at the end where you can allow REMOTE subnets. Unfortunately you'll have to do this for every Windows 10 machine you want access to across the VPN.

Hello, The solution in this video worked very well for my configuration. @rico said in [Solved] use openVPN partially: https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html -Rico was something changed in the routing after the video was published? I want to use this solution in version 21.02.2-RELEASE (amd64). However, I can no longer use - as 2.4.xx was possible different gateways. Currently everything is routed via VPN. If I specify the WAN gateway, I no longer have a connection. I have rebuilt everything 1:1 for testing.

Ok, anyone knows if I were to pay for support netgate would help me on this ? my LAN dhcp server is assigning adresses from 10.1.10.1 to 10.1.10.255 subnet with mask 255.255.0.0 and the gateway 10.1.1.3 (pfsense server) all my lan switches are in the 10.1.1.0 subnet with mask 255.255.0.0 and their gateway is pointing at 10.1.1.3 all my servers are in the 10.1.0.0 subnet and mask 255.255.0.0 and their gateway is pointing at 10.1.1.3 my printers are in the 10.1.4.0 subnet mask 255.255.0.0 and their gateway is pointing at 10.1.1.3 on the openvpn server settings the ipv4 tunnel network is 10.1.5.0/24 I tried going 10.1.5.0/16 and it would fail to give me an ip adress from the openvpn server my ipv4 local network(s) is 10.1.0.0/16 as i stated previously, if I don't add a gateway on my pfsense lan adress (10.1.1.1) which is a layer 3 cisco switch I can't connect to my lan ressources from the vpn I've added more screenshots In the openvpn status I see the target network being the ip assigned for each user connected, on my sonicwall this would've been my 10.1.0.0/16 network, is this good for openvpn ? [image: 1620488699942-729ee8f4-9726-4df7-bbd5-b2a684b656f9-image.png] [image: 1620488767828-76fd2d58-1870-454b-9101-b3a1f39976ad-image.png] [image: 1620488834689-9260d808-50a0-4434-8b7b-5c05f6fddaad-image.png] I really would appreciate help on this,

@gertjan Thanks. Yeah, I was not really expecting a positive answer to be honest. Well, I guess I have no choice, just have to keep the current method. Thanks again.

Perfect! That worked - thank you :)

Not sure if this is supported by the openvpn binary you can check it on https://community.openvpn.net/openvpn/report/

@kom Thanks for the fast reply. Allow rule is OK and logs shows no error. I'll try a clean instalation and configuration.

@viragomann thanks for answers!

@albgen said in OpenVPN - only one user has issues: @cswroe said in OpenVPN - only one user has issues: Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then. Good Luck. well at least you had a solution. Will try giving another user :) hi, just to update that giving the user another/new openvpn configuration, did not recieved any other compain. Pretty wierd stuff

@stephenw10 @johnpoz Hi guys, can any of you help me to fix these openvpn errors? Thank you

@squeezy .... bump please..... I have same issue. Thanks

@bingo600 said in How to send email after openvpn has connected successfully: https://forum.netgate.com/post/950706 Tks for the reply bingo, I'll take a look at the topic and yes, it is already configured to send email from pfsense

I forgot to mention: We are using SG-4860 appliances and did not have the problem with 21.02.1 or older versions. Maximum number of simultaneously connected oVPN clients is around 150 to 170, but problem also occurs with ~30 clients only. We use 500MBit fiber for our ISP connection and are far from reaching its limits: [image: 1620045237848-eafc80f5-c45a-4cd5-8af6-a4c770f3ccd5-image.png] System is also not too busy: [image: 1620045202151-48fbaaf1-d4f7-4c49-9940-d0d507bb331a-image.png]

@dementian I started with 2.4 and upgraded to 2.5 with the same problem. Then did a fresh install of 2.5 (lost wirguard!) and still got the same problem..

After a lot of research, I was able to find the error after a long time. It was because my password was too long. The login on the website worked, but not via openVPN. I am currently still unclear why it did not work. However, I can already confirm that it works without errors with a slightly shorter one.

@ddbnj Nice to have "helped" ... Or NOT Glad i'm still on 2.4.5-p1 , and not chasing "ghosts" /Bingo