Need more details.
In general the trick to port forwarding into pfsense and across OpenVPN to a server on the remote side is:
1. Assign an interface on the destination side. The side with the target server on it.
2. Make sure the rules on the OpenVPN tab do NOT match the incoming, port-forwarded traffic on the destination side. Make sure the traffic is matched by the rules on the assigned interface. That gets reply-to working so reply traffic isn't routed out the default gateway on the destination side.
That's essentially what I did with some Linux laptops I had to issue at my last job. Ran a job that would check for something that should be there, if not then load openvpn. Sound logic.
There are two options.
A. Create a secondary OpenVPN server and keep the two separated.
B. Assign his user a static IP in the pool and create firewall rules to prevent access to your server. Under client specific overides you can add something like ifconfig-push 192.168.1.200 255.255.255.0 to assign his client that IP.
Hi
Screenshot attached.
When the second rule is enabled there is no internet access from the IP specified in Alias Blockpc.
When the rule is disabled internet access is available.
[image: Firewall_Rule.png]
[image: Firewall_Rule.png_thumb]
Yep, that'll do it too :)
Plus, I was mistaken, there is a route to your tunnel network (10.25.2.0/29). However, I was surprised to see it at only a /29… you're only going to get 5 users out of that, but... maybe that's all you need.
Dude your NOT going to change the SOURCE ports of traffic to the same thing.. It DOESN"T WORK THAT WAY!!!
You are completely misunderstanding what they are doing with their 10 port, or your explaining it WRONG!!
If you have some application that randomly listens on some port between 1000 and 2000? And the firewall in front of you will only forward 10 ports then your screwed.. Never going to work..
Hi!
I have default gateway switching enabled but seems it doesn't work. In failover mode I don't see default route in the routing table.
Squid also doesn't work with dual WAN (it use the default gateway). I had it working until recently, but for some time this configuration does not work too.
Maybe these two problems have the same reason. I'm not sure.
Best!
I recently setup openvpn and found similar issues, I decided to check whats my ip and some of the sites are showing my real ip where as others are showing my vpn ip which should not happen in my eyes.
Hi
My script is correctly editing config.xml and client1.conf
OpenVPN is restarted and it appears to connect to the new server, but the GUI still shows the old host address and after a minute or so the VPN appears to be connected back to the old host.
Can this be done?
Thanks
Just use a pfSense instance somewhere on your network to manage your certs ;-)
Though it's not perfectly suited to being a general purpose CA, it sure beats having to mess with EasyRSA.
And on 2.4 you can sign CSRs as well as create certificates.
Current is 2.3.4_p1
I would assume it would be using the the same version as 2.4 betas
[2.4.0-BETA][root@pfsense.local.lan]/root: openvpn –version
OpenVPN 2.4.3 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 21 2017
library versions: OpenSSL 1.0.2k-freebsd 26 Jan 2017, LZO 2.10
