I've been curious about this as well. I have a site-to-site VPN server configured and an interface assigned to it, but I've never managed to get gateway monitoring working properly for it.

@m0l50n Hello, In pfSense navigate to - VPN / OpenVPN / Servers and click on the "pencil" to Edit your Server. In the Edit screen scroll all the way down (almost to the bottom) and find - Advanced Configuration. Under Advanced Configuration select Custom Options. In Custom Options I have the below line entered push "inactive 3600 1000000" Hope this is Helpful! Really Great to have idle VPN connections automatically disconnect. Best Regards, R.K. Graves

@kevin-chan-aebc Configure the server to listen on localhost and forward the VPN packets on both WANs to it. In the client config file add an additional remote line for the second WAN. In the client export utility you can enter the second remote line into the advanced options box, so that it is added to exported config files: [image: 1608291824733-10a55872-912a-48fa-811e-ab481a57c677-grafik.png] With server-poll-timeout you may define the timeout, the client tries to connect to the first remote address before switching to the second. The default value is 10 seconds.

@pippin After I had changed the Local Port Number in a new Wizard run, the new port number was added to the WAN firewall rules. When I was cleaning that up, by accident I removed the wrong port number. And then you can do whatever you want, but you will never get it working

@bingo600 said in Need to log OVPN user activity to syslog server. How ?: Btw: Who would prefer Bridging to Routing ?? Hmmm, Hi don't declare this like this, just think of branch to branch (VPN) TUN and TAP are not in vain (developers are not stupid) +++edit: yeah and nowadays the log files are the ones that take up the least space in a logged environment... we store a lot more nonsense stuff, like your FaceBoo... ksit stuff, just kidding.... you don't have FB

@marvosa said in HELP routing VLAN devices through OpenVPN client connection: Also, I'd dump that TP-Link asap... it'll only cause issues ;) I forgot to mention that, even though I thought about it when I read that message. I ditched my TP-Link AP a couple of weeks ago, for that reason.

I deleted the post with the link to the screenshots since it the topic/discussion has gone stale.

@warnerthuis So, the issue lies in the tunnel between work and the hosting site. Post the server1.conf from the server and client1.conf from the client.

@viragomann Thanks for help :) " Go into the server settings and check "Redirect gateway IPv4" and also ~IPv6 if needed." that was missing, now its working =)

@jacksonp Post your server1.conf (/var/etc/openvpn).

@mcury Well, after the last several days going at this, I decided to do another reboot of my pfsense. I had a strange crash code once I restarted, so I rebooted again to see if it was just a one time thing. After rebooting I tested the VPN and everything is now working. Looks like my hardware just didn't want to cooperate with me. Thanks for the troubleshooting! I still have no idea why it was giving me problems.

@aewhitlock Did you ever resolve this? I'm having the exact same issue as well where the auto-generated OpenVPN IPv6 gateway uses a different IPv6 IP than the VPN's IPv6 address when the IPv4 address and gateway are the same. [image: 1607825224504-il093hlhts361.png] In my settup the IPv6 gateway is auto-generated as *:103::2, but the actual address on the interface is *:103::1. For IPv4 they are both 192.168.3.1 as expected. I can't figure out why pfsense thinks the gateway should be *:103.:2 and not *:103::1.

@canernecocaner This setting is on the server I don't know if you have to export new files for the clients , in order to activate it there. /Bingo

You should probably somehow mark this thread as "solved".

I found out the issue: checking in system logs openvpn there was this error: Options error: --server directive when used with --dev tun must define a subnet of 255.255.255.248 (/29) or lower corrected in vpn--openvpn--server--edit now I have other errors but at least they are not unknown.

it seems to work, at least now I am getting intelligible errors.

@viktor_g I looked over the release notes. You are correct. (For now) only the beta release of Tunnelblick supports OpenVPN 2.5.0. Today I downloaded Tunnelblick 3.8.5beta01. I unchecked the "Legacy Client" setting (within the PFSense WebGUI). I then clicked the "Save as Default" button. Next, I downloaded the "Viscosity Inline Config" file. When I double-clicked on the .ovpn file I was presented with the same-exact installation alert. For now, I will reenable the legacy client setting. But I'm still curious to know when the client export file will "play nicely" with Tunnelblick. -Michael-