@dweimer When you change OpenVPN server settings, you have to re export the OpenVPN client file. You've done that, right ?

@dbass A public IP can only be used once. If you use NAT then LAN gets a private IP range, and you need NAT port forwarding rules to connect to the server on LAN. If the server actually needs a public IP then you need to get another IP range from the ISP so they can route the public IP to you. https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html

@viragomann Thanks so much for your help, I've just done this and its now all working as it should.

@gertjan The administrator of the server decided to change something based on my log dumps, and now the connection just works at the first attempt. Thank you everyone for your help. The only thing I had to change was the syntax of the remote line as mentioned by @viragomann, then the import worked just fine.

@rubens-fontes for dns use 172.16.0.2 , x.x.x.2 is amazons DNS. I usually attach a send Network interface (on the private subnet) to the pfsense and then add that as LAN

Regarding the time difference, it's strange because I've compared both times and they are equal

@viragomann said in How to route LAN traffic thru OVPN: @ispasoiumircea In the outbound NAT rule the source has to be your LAN, so 192.168.15.0/24 presumably. Consider that the policy routing rule on LAN directs all matching packets to the OpenVPN server. Hence it doesn't allow access to any internal destinations like DNS from this device. This can be done, but you need to use a DNS server on the concerned machine, which is accessible over the VPN. If there is any, you can simply forward DNS requests with a port forwarding rule on pfSense and need nothing to change on the device itself. Otherwise add an additional rule to pass internal traffic above of the policy routing rule. The rule on the OpenVPN is only needed for inbound traffic. But I guess, you don't want any, so you can remove it. Hello, Thank you. Its worked just adding outbound NAT rule from LAN to VPN. Good day,

@adrianp918 192.168.1.1/24 is not a network. 192.168.1.0/24 is.

@dimskraft said in What is a correct content setup routing from client to a server?: server can't know which client is connected to it, so this information should be set on client side; You can let him know by configure a CSO, however. If you said it is impossible to push routes from client to server, then why does a client config has the following field This sets a route on the client, but doesn't push anything to the server.

@guardian said in Can someone please tell me what these messages are about?: That's really strange as I don't see why there would be that many accesses. Euh lol. On my dashboard : [image: 1677841425357-bf998ff4-31e3-4a74-9ae5-6398acb0ab1f-image.png] People like dashboard with most accurate, thus frequent updated info. Where does the "dashboard page" gets this information from ? It (PHP + web server) questions (very) frequently the "openvpn" process. These requests are the ones that are logged. To stop the logs you are seeing : stop looking at the dashboard, close it

I made a mistake, I can't connect backwards by any means. But I can see ping traffic with packet capture on a client when pining it from server.

@jeffreyn said in No Clients Can Connect To OpenVPN Due to CRL Expiry: @jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself? You do not need to do anything with the patch after upgrading. You can delete the entry from the system patches package.