• OpenVPN update to 2.x in 1.2.3

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C

    You could upgrade to pfsense 2.0. I believe its running OpenVPN 2.2

    I can't speak for the devs, but I dont think they update packages for new features. Only for security updates.

  • OpenVpn Site-Site not working

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    C

    Problem solved in a way.

    When I moved to SSL/TLS VPN with a certificate on both ends the tunnel worked perfectly, without making any other changes.

  • PfSense 2.x Site to site… simple but not workig.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    B

    Problem was faulty router (ZyXEL 660H-T). For this and other oddities… Damned! It mede me crazy... Exchanged with an poor, old, unused d-link and all went fine.

  • OpenVPN on virtual IP

    Locked
    4
    0 Votes
    4 Posts
    9k Views
    D

    I found a detail.
    If I attach OpenVPN to the WAN interface IP address (and not to one of the virtual IPs on the WAN interface) all trafic from clients work.

  • 0 Votes
    5 Posts
    5k Views
    T

    Thank you very much for the input.

    Okay, that makes sense as I have a perfectly fine connection. Maybe I should restart the router to confirm this 100% because the once restarted all routes will be lost.

    So, what are you thoughts about:
    "persist-key;persist-tun;resolv-retry infinite"

    Thanks,

  • Two OpenVPN servers

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    If you use the same CA, then clients from one server will be able to access the other server.

    If you want them separate you need two CAs.

  • Prevent OpenVPN from adding static routes?

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    jimpJ

    If they come in on the OpenVPN interface but don't leave LAN, then one of two things happened:

    1. They were blocked by firewall rules somewhere
    2. It went out a different interface that had a more specific route

  • VPN can only ping one way

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    J

    Hi, thanks for your answer. I edited the client specific config as you can see in the following image.

    In this image you can see my routing tables on the PFSense:

    These are the routing tables of my DD-WRT:

    I really can't see the problem…

  • 2.0 OpenVPN warnings?

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    D

    Weird, on the server it is setup as 10.2.200.0, so it shouldn't overlap.

  • TLS error

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    Do you have this box checked?

    Dynamic IP Allow connected clients to retain their connections if their IP address changes.
  • Client pings time out every 60 seconds.

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    J

    Generated new files and it worked.  Thanks!

  • Added a new Interface now OpenVPN isnt working

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N

    Anyone have any ideas?

  • Vyprvpn and specific port routing..

    Locked
    14
    0 Votes
    14 Posts
    12k Views
    R

    I have started a tutorial topic:

    http://forum.pfsense.org/index.php/topic,35292.0.html

  • 0 Votes
    4 Posts
    3k Views
    T

    @trinybwoy:

    After some more research i found this.

    Every locally connected subnet, whether defined and reachable via a static route or attached to a LAN or OPT interface, will have its outbound traffic leaving any WAN interfaces NATed to that WAN interface's IP. You can change this behavior by enabling Advanced Outbound NAT (AON) but this is usually unnecessary and adds unneeded complexity.
    For OpenVPN if you want the OpenVPN subnet NAT'ed to WAN, you will have to use AON.

    I Did some adjustments. I enabled the advances Outbound Nat and i put in rules for the following

    Interface : WAN Source : 10.10.10.0/24 (which is my local lan)
    the Source port, destination, destination port, Nat address, nat port are *'s

    i also did the same for my VPN address pool 10.10.11.0/24

    i am still unable to get internet on my local machines :-(

    That would be needed if you are going to route all traffic through the VPN, including regular internet traffic. If you do want to do this, I would suggest installing the OpenVPN enhancement package for 1.2.3 and check the "Redirect Gateway" option. If you are running pfSense version 2.0-rc1, the Redirect Gateway option is already present.

    If you do not want to route all traffic through the VPN, rather only the traffic that needs to go through it (like the above mentioned RDP and slingbox management), then you are wanting to setup split VPN. Regular internet traffic (for example youtube or google) doesn't go through the VPN, but when you try managing your slingbox, that will go over the VPN.

    What OS and/or distro are you running on the client? I noticed a similar issue with split VPN that ended up being due to a setting in Ubuntu's Network Manager. Basically, the more info you give, the easier it will be to help you.

  • Requirement for CA private key to use a CRL

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    C

    I too am glad to have found this thread. I have the same problem and will try the latest version of the firmware later today. Thanks Jimp!

  • How to enable Pidgin+Bonjour on OpenVPN using Avahi package

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    If you're using OpenVPN in shared key mode, it's usually as easy as just running Avahi on both ends of the tunnel. I haven't used it lately, but it has worked for me in the past.

  • Openvpn client lport

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    jimpJ

    Odds are some router ahead of you will rewrite that port anyhow.

    Even if windows kept it the same, any router in front of that doing NAT would likely randomize the source port when doing translation.

  • OpenVPN Bridge to VLAN

    Locked
    2
    0 Votes
    2 Posts
    10k Views
    S

    What do your config files look like?

  • 0 Votes
    2 Posts
    1k Views
    W

    Okay so the fix was pretty simple.  For anyone with a similar setup, you need to put

    local 1.2.3.4 (your WAN IP address)

    into the "Custom Options" field in the OpenVPN configuration page to bind the service to the specific interface.

  • NO_TRAFFIC:SINGLE?

    Locked
    4
    0 Votes
    4 Posts
    5k Views
    GruensFroeschliG

    Ah ok, i was under the impression that the server is running on a pfSense.

    Do you control the server?
    Because if it reply has a different source IP than what you connect to, there is not much you can do to get it working.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.