@m0l50n Glad that you found the culprit at last. Yes, you can define the firewall rules on any interface on the route. It's okay to restrict the traffic on the OpenVPN interface and allow only specific destinations at A and at the main office. However, from the security point of the main office, it may be desirable to restrict the access on its incoming VPN interface additionally for sure. But if you have full control over both sites and you can say that site A is save as well, that's not really necessary.

It appears I just had to add the DNS Default Domain under Advanced Client Settings in the VPN settings. That just tacks my default LAN domain to the end of DNS lookups on the VPN client, et voila, NetBIOS or base PC names (without the domain appended) are converted to FQDN behind-the-scenes the same as happens locally and all is well.

Found these scripts here: https://github.com/mdcurtis/pfsense-python a bit old, but I will test pfsense-updateCRL.py asap

@tkronic said in Firewall (as itself) defaults to VPN gateway not WAN gateway. Where do I change that?: @talaverde Was this ever resolved? I am facing the same issue. In case anyone is wondering, I enabled "Don't pull routes" in the VPN client config and now things work as expected. Not sure why this is necessary as my old config was working for years without that option selected.

@viktor_g thank you for the quick response. Very much appreciated.

@johnpoz OH yeah totally agree on this one Had a couple of IT managers only want to allow static ipv4 from their homeOffice users and forced them to pay the upgrade (and that's floppy expensive here where I live) for that static IP and we are Not talking about gov contractors Was a hard piece of work to finally talk some sense into Multi factor Auth on openVPN was the key for success Np

Thank you very much, will check this out here in a few. Thanks for the help!

And even if they work today, noone guarantees they will tomorrow. If you have the necessary upload at home, vpn to home@home country is the better option.

@jp4555 Your setup is not clear to me at all. The server which are want to access across the VPN is connected to pfSense and has the IP 192.168.10.10, but the subnet 192.168.10.0/24 is not defined on pfSense? How should access to the server work with that? Why has the PC two IPs?

@pftdm007 said in NordVPN setup on pfsense - questions about basics: FW mode is already enabled in Unbound, and Nord's DNS servers are already set in General Setup. This is leaking. Who says that it is leaking, a leaking testsite? Would be curious to know about the exact results. Also you should create this alias I told you and make more general rules with that instead of doing it on a per port basis.

@blasta I was exploring this option as well. I read about using Google Authenticator, which is free, however I was unable to find enough details to make this work. I ended up using DUO MFA, which works great. So pfSense > DUO auth proxy > MS NPS > AD

@viragomann What you are seeing is what I would expect and seems pretty normal. What the user is experiencing is not. That's in OpenVPN? The only sections I have are: General Information Cryptographic Settings Tunnel Settings Client Settings Advanced Client Settings Advanced Configuration

@skippern12 still slow on latest version to date... using openvnp connect on Android 12... and on server UDP with 128 data encryption (minimun).. I can't exchange big files (above 500 KB), I get timeout