• configure PFsense OpenVPN remotely with static WAN IP that will change

    4
    0 Votes
    4 Posts
    416 Views
    V

    @brianjmc1
    Having the OpenVPN server listening on localhost with port forwardings is a way that clients can use different IPs to connect to a single server. These may also be assigned to different interfaces.

    I don't think, that this is really necessary in your case, however.
    I'd just setup all services to listen on the WAN IP, which is 111.222.333.445 during the setup, and then change it to 111.222.333.444.
    Therefor pfSense provides the WAN alias.

    Why do you think, that this would mess up something?

    I setup all settings, ipsec tunnels as Live non PFsense router

    I expect, that IPSec and any other client attempts to connect if enabled anyway.
    Maybe the remote site accepts only the origin router IP, so it will fail. But I would disable it till the old router is shut down.

  • 0 Votes
    2 Posts
    208 Views
    GertjanG

    @rec

    If Google still works : enter : world's most known VPN providers.

    All these companies can offer you what you need.
    Before testing one, check :
    If you can actually reach their servers.
    If they have clear, up to date instruction about how to set up your router with them.
    If you can find other customers that are happy about that VPN provider.
    And so on.

  • DNS resolver not working for openvpn

    7
    0 Votes
    7 Posts
    468 Views
    E

    And Yes mi OpenVPN is an app running on my Pfsense

  • OPEN VPN: OpenSSL hardware crypto engine functionality is not available

    3
    0 Votes
    3 Posts
    436 Views
    UnoptanioU

    @viragomann said in OPEN VPN: OpenSSL hardware crypto engine functionality is not available:

    @Unoptanio
    In the OpenVPN settings, change the hardware crypto to "No Hardware Crypto Acceleration".

    AES-NI is used anyway if available.

    b58ad999-4447-4bed-90f7-b491dadc7b07-image.png

  • No internet on connected Nordvpn after password change

    3
    0 Votes
    3 Posts
    471 Views
    F

    @Gertjan
    Thanks for the update
    Still driving me crazy!
    Trouble is ping is fine from all the interfaces in the box but there’s no internet on the vlan WiFi nor Ethernet
    As you said working before and not after password/namechange
    Trouble is I can’t see anything thing in any of the. Logs to suggest where exactly it’s getting “blocked “
    There’s obviously udp/tcp connection to the interface insider pfsense to the remote server or ping would fail
    Also support at Nord is not very supportive

  • 0 Votes
    4 Posts
    456 Views
    shepradorS

    @viragomann

    Thank you. It worked following your indication.

    For the benefit of others I add that I did this.

    On the server - which is Site B in the schema - I added the CIDR of the client remote access VPN tunnel (10.10.10.0/24).

    Then in VPN / OpenVPN / edit the VPN Server and
    add 10.10.10.0/24 in IPv4 Remote network(s)

    Then, in VPN / OpenVPN / Client Specific Overrides I had to add the exact same thing in (10.10.10./24 IPv4 Remote Network/s)

    If I had added the tunnel route only in the server configuration or only in Client Specific Overrides I saw that it didn't work.

    thank you very much

  • 0 Votes
    7 Posts
    779 Views
    JKnottJ

    @viragomann said in Is it possible to use the VPN on the same LAN network as the OpenVPN server?:

    Connect to the OpenVPN server from inside the LAN makes no sense at all anyway.

    But it does work, at least here it does. However, that would depend on how you configure the server and what interfaces it listens to. Since I wanted to be able to connect via both IPv4 and IPv6, I had to choose the multihome connection.

  • Why do I need to manually start OVPN clients in a specific order?

    1
    0 Votes
    1 Posts
    86 Views
    No one has replied
  • Error when creating OpenVPN setup via Wizard

    3
    0 Votes
    3 Posts
    438 Views
    rayrayrayraydogR

    @viragomann I finally got it to work. It's something to do with the server certificate I had selected to use which was self-signed. I chose another and the wizard worked.

  • Auth failed ( for new users?)

    1
    0 Votes
    1 Posts
    111 Views
    No one has replied
  • Can access GW but not LAN over OVPN

    2
    0 Votes
    2 Posts
    191 Views
    M

    @McMurphy

    This has since been resolved.

  • Shared Key to TLS -> performance issue

    3
    0 Votes
    3 Posts
    370 Views
    D

    I have disabled the SSL/TLS VPN and re-activated the Shared Key. Traffic was slow (e.g. to open the web interface of the remote pfsense) - CPU usage was under 10%. I had to restore the configuration backed up before the SSL/TLS configuration added from the guide on both the devices and now it works again.
    I will try to reconfigure it later during the day, and see. I suspect there was some conflict with routing, but not sure.

  • CPU usage on Atom C2518 too high even at lower speeds

    2
    0 Votes
    2 Posts
    311 Views
    A

    @AWeidner
    To answer myself:

    openssl speed -elapsed -evp aes-128[256]-gcm (we use AES-256-GCM) ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes AES-128-GCM 72691.83k 150891.86k 222610.26k 254092.97k 263097.25k 265530.03k ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes AES-256-GCM 67697.40k 132661.67k 188492.12k 212024.45k 219474.60k 219228.84k

    vs. AES-256-CBC (which we don't use)

    type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes AES-256-CBC 98913.39k 159960.60k 197932.39k 211052.54k 214461.10k 214832.47k

    And as far as i can tell, the block size used for VPN connections via openssl is 128 Bit (16 Bytes). The CPU is the limiting factor it seems.

  • 1 Votes
    41 Posts
    7k Views
    JonathanLeeJ

    @stephenw10 the commands however in pfSense shell do not show use also in 23.09

  • Accessing clients connected through openVPN

    7
    0 Votes
    7 Posts
    638 Views
    U

    @viragomann Its now works, thank you so much for you help.

  • Routing certain client traffic through VPN

    3
    0 Votes
    3 Posts
    403 Views
    N

    @viragomann I see. Yeah I can't seem to find a more specific set of instructions.

    Basically we just want anyone who is connected to VPN to route traffic over the VPN when going to a specific site, which we have the IPs for added into an alias.

    I did not change anything on the server settings because I am not 100% sure on the steps and this is in production.

  • How to get docker containters to utilize openvpn for media server

    1
    0 Votes
    1 Posts
    232 Views
    No one has replied
  • DCO on PFSense CE

    8
    0 Votes
    8 Posts
    2k Views
    F

    @michmoor Yep. :)

    It's a shame.

    Business customers exist because, somewhere along this path, there were non-business customers who contributed to the project.

    Stripping CE of this kind of functionality will do nothing more than make people consider other alternative projects.

  • OpenVPN Server Version?

    3
    0 Votes
    3 Posts
    254 Views
    S

    Good idea- thx

  • 1 Votes
    2 Posts
    226 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.