@pfsense7515 if it's a server /usr/local/sbin/pfSsh.php playback svc restart openvpn server 1 if it's a client /usr/local/sbin/pfSsh.php playback svc restart openvpn client 1 server/client can be 1 or 2 or 3 etc etc check with ps uxaww | grep openvpn

So I've managed to resolve this - basically I recreated the vpn server via the wizard having completely deleted the old server. ( I also deleted and recreated all certificates but I'm not sure if this was actually required). Once I did that then the client export was showing the server in the drop-down list. I tried many many different things to get my openvpn server working after the upgrade and I ran into this as a secondary issue when rebuilding it. I have a feeling that this was actually because the recreated server was in peer-peer mode when I created it via the Add button and not the wizard - I didnt notice, and so the server would have been the wrong type for clients / exports.

@johnpoz 'You sure your in the correct mode? They will not be there if your not in remote access mode - ie peer to peer no those settings will not be there.' Thank you, that was exactly what the issue was.

@jagradang Hi! I have my 2.5.0 config backed up but I went back to 2.4.5 p1 because of the many problems with unbound and with 2.5.1 off course the multiwan port forwarding being broken. But openvpn was not one of the issues. Now when I am running 2.4.5 p1 I swear not to touch 2.5 line of release. The ease of mind with 2.4.5 p1 is simply amazing. For example when I was running 2.5.0 every couple of days I needed to reboot it to keep everything running. With 2.4.5 p1 I now have 3+ Weeks uptime and counting. I haven’t seen those uptimes ever when I was on 2.5.x. Keep your 2.4.5 p1 and steer clear of 2.5.x like it’s COVID-19.

@jagradang yes 2.6 typo.

@gianeshwar0201 Every solution I've seen has been to roll back. I don't think this issue is even on Netgate's radar until someone can successfully convince them that this is a problem and it's submitted on pfsense Bugtracker. I tried but it was dismissed. I believe these forums rely on user helping user so I'm not sure if they even monitor what's going on here.

@lohphat said in Core dumping on boot if OpenVPN and pfBlockerNG-devel active: Of course this happens one day before my vacation. Hi, I wish you a good holiday and a good vacation, IT does not usually wait for the summer holidays. So I guess it's not that important. I hope you're having a good holiday here in the midst of all the austerity COVID. Can you elaborate on your problem?

@viragomann I didn't try that. Since adding the OPT4 /ovpns1 assigned interface fixed it for me I stopped trying. I'll go back to the config and try when it's idle.

I don't have 2.5 install any more but I found an option which supposedly helps. Adding this to the additional openvpn options on the server: setenv deferred_auth_pam 1

That is only 10/100? ugghh.. Yeah time for an uplift ;) Smart switches can be had for very reasonable prices these days.. But if budget is a constraint, and you need more ports for different networks/vlans than you can provide with your 3100. A simple 5 or 8 or even low cost 16 could be purchased and then run your downstream dumb switches off that.. Until such time that budget allows for upgrade of all the switches to provide for full flexibility of what vlan is where, etc. I show a D-Link Ethernet Switch, 8 Port Smart Managed Gigabit Desktop EEE Network Internet (DGS-1100-08V2) for $35 on amazon right now.. 16 port model $109, and 24 port $129..

@gertjan said in Getting error on "data-ciphers" line on OVPN client: Yes, they have issues - like any other huge (OpenVPN is huge ....) (software) product. Sure, but I didn't mean it like that, I was referring to the interaction with the "client export" generated settings. Anyway, the latest release of openvpn has the same problem.

I'm also having this issue, client is disconnected due to timeout. May 12 17:59:48 openvpn 28114 user/10.0.0.240:1194 [user] Inactivity timeout (--ping-restart), restarting Happens when phone is on 4g and via wireless. Some days i get long solid connections, some days its reconnecting every 10 seconds for hours on end. I havent figured out a solution yet, tried some of the fixes from the more recents threads created here like mssfix and settings default gateway but none of this should be required as it worked flawlessly on 2.5.0.

@gertjan No, it is automatically assigning addresses from the 192.168.x.0/24 pool I specified in the OpenVPN Server instance. It's working w/o a DHCP instance. IPv4 Tunnel Network This is the IPv4 virtual network used for private communications between this server and client hosts expressed using CIDR notation (e.g. 10.0.8.0/24). The first usable address in the network will be assigned to the server virtual interface. The remaining usable addresses will be assigned to connecting clients.

What I did was: 1 OpenVPN server with /22 subnet First 512 addresses are dynamically assigned and permitted only to few segments Next 256 addresses are defined via CCD and have special FW rules Next 256 addresses are defined via CCD and have also special FW rules In this way I have full control over all clients on only one VPN server

@nemo6262, I was looking for a client setup I have to tell you precisely what to do but I can't find one. This is probably because all of the clients I manage now are on Windows Domains and this is no longer an issue for me. But, I'll tell you where you need to go to setup the Windows Firewall Rule. Get to your Windows Defender Firewall. It's best to get to this through the Windows Control Panel. On the left click the link for Advanced Settings. From this screen you can create custom rules to allow for Inbound and Outbound Rules. If you right click on Inbound Rules or Outbound Rules you can click on New Rule... and a Wizard will come up to create a Rule. When you go through the wizard there will be a portion at the end where you can allow REMOTE subnets. Unfortunately you'll have to do this for every Windows 10 machine you want access to across the VPN.

Hello, The solution in this video worked very well for my configuration. @rico said in [Solved] use openVPN partially: https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html -Rico was something changed in the routing after the video was published? I want to use this solution in version 21.02.2-RELEASE (amd64). However, I can no longer use - as 2.4.xx was possible different gateways. Currently everything is routed via VPN. If I specify the WAN gateway, I no longer have a connection. I have rebuilt everything 1:1 for testing.

Ok, anyone knows if I were to pay for support netgate would help me on this ? my LAN dhcp server is assigning adresses from 10.1.10.1 to 10.1.10.255 subnet with mask 255.255.0.0 and the gateway 10.1.1.3 (pfsense server) all my lan switches are in the 10.1.1.0 subnet with mask 255.255.0.0 and their gateway is pointing at 10.1.1.3 all my servers are in the 10.1.0.0 subnet and mask 255.255.0.0 and their gateway is pointing at 10.1.1.3 my printers are in the 10.1.4.0 subnet mask 255.255.0.0 and their gateway is pointing at 10.1.1.3 on the openvpn server settings the ipv4 tunnel network is 10.1.5.0/24 I tried going 10.1.5.0/16 and it would fail to give me an ip adress from the openvpn server my ipv4 local network(s) is 10.1.0.0/16 as i stated previously, if I don't add a gateway on my pfsense lan adress (10.1.1.1) which is a layer 3 cisco switch I can't connect to my lan ressources from the vpn I've added more screenshots In the openvpn status I see the target network being the ip assigned for each user connected, on my sonicwall this would've been my 10.1.0.0/16 network, is this good for openvpn ? [image: 1620488699942-729ee8f4-9726-4df7-bbd5-b2a684b656f9-image.png] [image: 1620488767828-76fd2d58-1870-454b-9101-b3a1f39976ad-image.png] [image: 1620488834689-9260d808-50a0-4434-8b7b-5c05f6fddaad-image.png] I really would appreciate help on this,