Does not matter. All that means is he has to forward from upstream too. The traffic will still arrive to WAN address:1004. That is what needs to be forwarded. If the upstream router knows about the 192.168.10.55 address he's doing it wrong.

Hi, I saw the option to choose subnets but not a gateway address. Although I'm able to get a connection to the servers using a tun connection, I need to be able to use tap so homeworkers are able to use there VOIP phones. Do you have any other ideas on what I could try? Thank you for your response. Regards, Robert.

@Derelict: Upi would have to write php to do that then call the proper command in the format already referenced. thanks for reply, ja it can be written with php or a simple script but my question is, how can i reference my Clients to the names which i want. because as i know Clients are referenced automatic by numbers, such as Client 1 ,Client 2 and so on…, now i want to know how can i reference Client 1 as for example "a" , Client 2 as "b" and ...

Hi, Got this very same issue. Moved a from working with v6 (ovpn) config from 2.2 (yeah, old !) to 2.4.2, and reconfigured openvpn. Before with the same settings in 2.2 I got everything (including openvpn v6) working now, I got in the (same as you) situation where I see packets over v6 coming to the openvpn link, but no reply from the (outside) net, while I set rules on the ovpn interface to allow both v4 and v6. I have the tunnel interface net defined as a /64 from my providers /58. V6 routing on non-openvpn interfaces works great ! Do I need a static route to the ovpn interface maybe ?! (not needed before) It might be due to the fact that the prefixes in the /58 that I use in the client subnet have not explicitly been requested by dhcpv6 or so ? where before this just worked.. (note, I only changed the version of pfsense, nothing else) Related question, how do I tell the dhcpv6 client to request that specific prefix as well as the others that are distributed through the wired interface (ipv6-follow) Rudi

Excellent guide, especially the part to get Plex working correctly, much appreciated! I just wanted to add a caveat I found regarding Plex. I had followed the guide and couldnt get Plex to connect remotely at first but I soon found out it was pfBlocker that was the culprit. Specifically, the geoIP blocks. Plextv uses AWS servers that are located in Ireland, so you must allow inbound connections from there in order to get Plex to connect remotely. Just FYI for anyone who may have a similar problem.

Hello, I have a other path to resolve the project. Is possible to create up to 100 openvpn server instanze on a different port on the pfsense or this is most cpu intensive? Thx for all ansfers and other tips to resolve my projekt…

Hi, Just wondering if you were able to resolve your issue?, it seems that I have a very similar problem which I detailed in post: https://forum.pfsense.org/index.php?topic=141511.0 I didn't get any replies either and I'm stuck where to go from here as well. Regards, Robert.

Please use specific IP addresses and a specific mode of testing so people can know exactly what you're talking about. Thanks.

Turns out that I got the wrong gateway ip from the ISP. Figured it out, changed the gateway info in pfsense and all was well.

Where do you see those two? The /1 means a subnet mask with only the most significant bit being used to identify a network. –redirect-gateway flags...     Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN. This is a client-side option. This option performs three steps: (1) Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that (3) will not create a routing loop. (2) Delete the default gateway route. (3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified). When the tunnel is torn down, all of the above steps are reversed so that the original default route is restored. Option flags: local -- Add the local flag if both OpenVPN servers are directly connected via a common subnet, such as with wireless. The local flag will cause step 1 above to be omitted. autolocal -- Try to automatically determine whether to enable local flag above. **  def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway.** bypass-dhcp – Add a direct route to the DHCP server (if it is non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients). bypass-dns -- Add a direct route to the DNS server(s) (if they are non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows clients). block-local -- Block access to local LAN when the tunnel is active, except for the LAN gateway itself. This is accomplished by routing the local LAN (except for the LAN gateway address) into the tunnel. **    ipv6 – Redirect IPv6 routing into the tunnel. This works similar to the def1 flag, that is, more specific IPv6 routes are added (2000::/4, 3000::/4), covering the whole IPv6 unicast space.** !ipv4 – Do not redirect IPv4 traffic - typically used in the flag pair ipv6 !ipv4 to redirect IPv6-only. https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Two routes that OpenVPN can insert and delete at will that override 0.0.0.0/0, due to the longer mask, without OpenVPN having to track, save state of, and reset the user's current default gateway configuration, while continuing to match all IPv4 destinations that don't have a more-specific route. They do the same thing for IPv6, as highlighted.

Ok, so I was doing some more tracing and I was checking the config files when I found that someone changed the gateway on the camera system to 192.168.1.1 as soon as I changed it back to 192.168.1.150 everything started working again. Sorry for the problems but all is solved and working. Thanks very much for the help! It is much appreciated.

I want statistics when someone connect and when disconnect. For example: User: karanik Connected : 14/12/2017, 09:00 Disconnected: 14/12/2017,12:00 Total time of day: 3 hours Total time of month: 22 hours and 45 minutes No i have only this status [image: EohlH] [image: R3hNEvs] https://imgur.com/R3hNEvs

Thanks viragomann & johnpoz, i solved this trouble, only need install the agent openvpn on my desktop LAN and i can access to the laptop. Thanks for all.

@s_moffa@securex.ch: Hi, I don't know if you already find it, but it was my same request. To do that I just modify the connect and disconnect script on openvpn on pfsense 2.2.4 /usr/local/sbin/openvpn.attributes.sh and add the line on connect and disconnect: /bin/echo "Connexion de ${common_name} date" | /usr/local/bin/php /usr/local/bin/mail.php -s"Connexion de ${common_name} date" Best regards, Hello again. Now my version is 2.4.2-RELEASE (amd64) FreeBSD 11.1-RELEASE-p4 and my /usr/local/sbin/openvpn.attributes.sh has #!/bin/sh # # openvpn.attributes.sh # # part of pfSense (https://www.pfsense.org) # Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) # All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. if [ "$script_type" = "client-connect" ]; then         if [ -f /tmp/$common_name ]; then                 /bin/cat /tmp/$common_name > $1                 /bin/rm /tmp/$common_name         fi elif [ "$script_type" = "client-disconnect" ]; then         command="/sbin/pfctl -a 'openvpn/$common_name' -F rules"         eval $command         /sbin/pfctl -k $ifconfig_pool_remote_ip         /sbin/pfctl -K $ifconfig_pool_remote_ip /usr/local/sbin/openvpn.attributes.sh fi exit 0 how it should be done?

thanks for reply, but that's what we need to do, we want to activate or deactivate our VPN Client anytime just by pressing a Switch. but ist not my Problem, it works if i execute script manually, as i said it works strange when i put the script in /usr/local/etc/rc.d to execute on Startup.

That's a very fair statement, I'll try a packet capture when I get a chance. Thanks

@raiderj: Have you checked NTP? I see a note I have about that, but not sure if it's related. Maybe a time drift causing issues. Yea… This is the error I get (after trying to reconnecting) Warning: route gateway is not reachable on any active network adapters: 172.16.0.1 When connection first time it works fine tho...