@andrewglass3 Fixed - turned out to be a couple of issues, the openvpn package was borked. Tested with a static site to site instead, wouldnt connect. Full clean install and repeat the site2site with shared key and we are up and running! Link speed with i3 6100 pfsense box = 11MB/sec from ovh to home which is saturating the link. Previously on the edgerouter 4 which has no aes-ni or offload ability for openvpn I was lucky to maintain 1.5MB/sec. This is sooooooo much faster :) I really need to learn pfsense fully now :)

@FrankZappa UDP will work, as that's what OpenVPN normally uses. The issue, as you mention, may be the firewalls on the networks you try to connect from.

Hello, I found what was the problem. When we migrated to pfsense from checkpoint firewall, we imported an alias named "OpenVPN" which pointed to openvpn port number... This caused the "syntax error" on the rule because $OpenVPN was a port number and not the interface name of openvpn. But I guess wizard could tel us that OpenVPN variable is already used when validating installation but anyway :) Bye

not sure why but I disabled all the openvpn client interfaces / suricata interfaces / toggled the network adapter offloads / edited the firewall lan rules and then rebooted. added everything back in and rebooted. now everything seems to be coming up in the expected state.

@adrianolaurent said in VPN app on iOS: I want to know how to set vpn configuration please if you can hellp me am trying to solve this problem but its not possible Do you have a pfSense firewall or just an IOS device ?

@ramses-sevilla said in Upstream very low compared with downstream traffic with OpenVPN Client.: Can you tell me where is the text OpenVPN Server config file in pfSense? The info you entered on the GUI config is used to create this OpenVPN server config file(s). So, you know what's in it ;) Bcause you entered that info - or accepted default values. Look here : /var/etc/openvpn/ You'll find serverx.* files where x is the OpenVPN server number, typically 1.

tried this? push "dhcp-option PROXY_AUTO_CONFIG_URL http://www.openvpn.net/proxy.pac" info on how to setup the wpad/pac stuff https://docs.netgate.com/pfsense/en/latest/recipes/http-client-proxy-wpad.html?highlight=wpad

Thank you very much! Your solution fixed my problem! I missed to add the tunnel network to the remote networks on site B.

Dear @dotdash That's typically what I did when faced the problem.

@Orwi said in PFsense as OpenVPN Client - Networks can't be reached: A Site-To-Site OpenVPN connection IPv4 Tunnel Network: 192.168.250.0/24 Concurrent connections: 1 If it is a site to site vpn and only 1 connection is allowed, why using a /24 tunnel. Set it to /30. Advanced configuration tun-mtu 1500 mssfix 1500 Be careful with these settings. @Orwi said in PFsense as OpenVPN Client - Networks can't be reached: except my forwarded packages enters as expected and reach the destination BUT leaves via WAN instead of VPN**. ** which is also a gateway for policy based routing for other clients. Could this be a/the problem? No. So you have already assigned interfaces to the OpenVPN instances? Ensure to add a firewall rule allowing the desired access to that interface on the incoming site and that this rule is applied. There must not be a rule on the OpenVPN or on floating tab which matches to that traffic! If you're unsure which rule is applied enable logging and check the logs after testing. @Orwi said in PFsense as OpenVPN Client - Networks can't be reached: Also the documentation is flawed: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html It may be a minor mistake, still IPv4 Remote Network is addressed twice. ??

The service names here are just for info based on the standard ports. If you need to allow a non-standard port, just select "other" and enter the desired port next to the drop-town.

@kiokoman said in Problem connecting pfsense 2.5 to OpenVPN AS Server: more log output is needed I can post log from pfsense - which loglevel is needed? udp or tcp udp key-direction pfsense is client = key direction 1 and openvpn as is server = direction 0 wrong cipher not that I know - used cipher AES-256-CBC wrong ca/cert no, tripple checked and the .ovpn file where ca, cert and key was taken from working fine with my vpn client regards Robert

OMG I've found it. For testing purpose, the "WAN" interface on which the OpenVPN client connects to was in a LAN subnet. And this very specific LAN subnet was also included on the subnets I was trying to tunnel... That issue was driving me crazy and the solution was right in front of me Thanks anyway for your quick replies !

@Rico I think I got it thanks for all the help!