@vasliy

Hello Vasily,

Unfortunately not, in the end I created a vm for that subnet and rolled my own setup on Linux.

@rico thank you very much for your answer. But I am looking for the Commands or the script to do it.

@soheil-amiri
This looks somewhat different than my NM on OpenSUSE Leap 15.3. But glad that you got it working.

@rico you didnt give enough information before you provided a web link.

@mradell said in NordVPN using OpenVPN not connecting:

That's what happens when you just don't pay as close enough attention to detail as you think you did.

Happens to all of us. 😉

@viragomann Thank you very much, I was able to solve this problem I was dealing with since some time!

@stephenw10 said in 22.05 - DCO and OpenVPN issue:

It's probably not something that can be fixed with a run-time patch unfortunately. It looks to be in OpenVPN so something in the binary.

Steve

Thanks for clarifying - thus we know to currently not roll it out enabled per default :)

Unfortunately I realized that some evidence too much has generated (automatically) some "uncontrolled" rule ... I leave somewhere and try to do the rounds more correctly.

@jims
Something seen in the log?

Decided to throw caution to the wind. Backed up my configuration. Warned all VPN users we might be down for an hour.

Unchecked the "Bridge DHCP" option.
Added 172.16.200.0/24 range to the "IPv4 Tunnel Network"
Restarted OpenVPN.

And clients show up in widget and status again! This even fixed an issue where mobile clients lost access when they came onsite without auto disconnecting the VPN connection.

So it looks like the bug isn't quite fixed but this work around is actually better for my setup and I will be sticking with it. Hope this helps others on this very minor but annoying issue.

@johnpoz Thanks for the reply!

I think I understand what you're saying with the nat reflection, but why is this the case if both pfsense, and the ISP modem have different public IPs?

Also just to clarify:

if you want to connect to pfsense while on pfsense wan network

Sorry if this might be trivial, but just to clarify, do you mean if I'm trying to connect to pfsense from the devices connected directly to the ISP modem (devices on ports 2-5, and wifi)?

just use its IP whatever rfc1918 address that is

Aren't RFC1918 addresses just private addresses (10.x.x.x, 172.x.x.x, ...)? If the WAN interface has a public IP, how would you find the rfc1918 address? (Again sorry if this is trivial)

@rico

Sorry I don't understand that why this is not possible or doesn't make any sense.

1c390efb-8d29-4bee-97e6-e2d4a6a15bf9-image.png

Peer to Peer = Side to Side
Remote Access = Client to Server (client = Laptop or device from external network)

Me: I want to have: Peer to Peer (SSL/TLS + User Auth) <- Does not exist!

Is this correct?

@viragomann
That was it! Its now working. Thank you for your help and patience

I'd try the TLS Encryption and Authentication option in OpenVPN first.

-Rico

@alextsic Hattest du Erfolg?
Ich habe genau das selbe Problem, das hinzufügen von Routen unter VPN funktioniert nicht.

Vielleicht kann ich mich hier mit meinem Fall äussern:
LAN: 10.108.36.128/25
Tunnel VPN: 10.0.8.0/24
Static route: 10.252.12.0 /22 via Gateway 10.108.36.130 /25

Ich versuche eine Webseite im Netzwerk 10.252.12.0 /22 zu erreichen.
Der DNS im LAN Netzwerk löst die Webseite auf mit der IP im Static Route Netzwerk.
OpenVPN hat diesen DNS als Server als Nameserver hinterlegt und nslookup funktioniert auch einwandfrei.

Static Routes haben nicht geholfen und auch nicht Force jeglichen Traffic durch den Tunnel.

Der Gateway 10.108.36.130 /25 ist noch mit anderen Netzwerken verbunden, werden jedoch nicht von mir verwaltet, daher keinen Einblick was dort passiert.
Mein Verdacht: 10.0.8.0/24 ist eventuelle ein Netzwerk das er schon kennt und der Traffic wird nicht an nicht zu mir zurückschickt bzw. er ist so konfiguriert das er nur Traffic von 10.108.36.128/25 akzeptiert, ist das eine Möglichkeit?
Gibt es eine Möglichkeit den Traffic von OpenVPN in ein NAT umzustellen das es von 10.108.36.128/25 kommt?