@mradell said in NordVPN using OpenVPN not connecting:

That's what happens when you just don't pay as close enough attention to detail as you think you did.

Happens to all of us. 😉

@viragomann Thank you very much, I was able to solve this problem I was dealing with since some time!

@stephenw10 said in 22.05 - DCO and OpenVPN issue:

It's probably not something that can be fixed with a run-time patch unfortunately. It looks to be in OpenVPN so something in the binary.

Steve

Thanks for clarifying - thus we know to currently not roll it out enabled per default :)

Unfortunately I realized that some evidence too much has generated (automatically) some "uncontrolled" rule ... I leave somewhere and try to do the rounds more correctly.

@jims
Something seen in the log?

Decided to throw caution to the wind. Backed up my configuration. Warned all VPN users we might be down for an hour.

Unchecked the "Bridge DHCP" option.
Added 172.16.200.0/24 range to the "IPv4 Tunnel Network"
Restarted OpenVPN.

And clients show up in widget and status again! This even fixed an issue where mobile clients lost access when they came onsite without auto disconnecting the VPN connection.

So it looks like the bug isn't quite fixed but this work around is actually better for my setup and I will be sticking with it. Hope this helps others on this very minor but annoying issue.

@johnpoz Thanks for the reply!

I think I understand what you're saying with the nat reflection, but why is this the case if both pfsense, and the ISP modem have different public IPs?

Also just to clarify:

if you want to connect to pfsense while on pfsense wan network

Sorry if this might be trivial, but just to clarify, do you mean if I'm trying to connect to pfsense from the devices connected directly to the ISP modem (devices on ports 2-5, and wifi)?

just use its IP whatever rfc1918 address that is

Aren't RFC1918 addresses just private addresses (10.x.x.x, 172.x.x.x, ...)? If the WAN interface has a public IP, how would you find the rfc1918 address? (Again sorry if this is trivial)

@rico

Sorry I don't understand that why this is not possible or doesn't make any sense.

1c390efb-8d29-4bee-97e6-e2d4a6a15bf9-image.png

Peer to Peer = Side to Side
Remote Access = Client to Server (client = Laptop or device from external network)

Me: I want to have: Peer to Peer (SSL/TLS + User Auth) <- Does not exist!

Is this correct?

@viragomann
That was it! Its now working. Thank you for your help and patience

I'd try the TLS Encryption and Authentication option in OpenVPN first.

-Rico

@alextsic Hattest du Erfolg?
Ich habe genau das selbe Problem, das hinzufügen von Routen unter VPN funktioniert nicht.

Vielleicht kann ich mich hier mit meinem Fall äussern:
LAN: 10.108.36.128/25
Tunnel VPN: 10.0.8.0/24
Static route: 10.252.12.0 /22 via Gateway 10.108.36.130 /25

Ich versuche eine Webseite im Netzwerk 10.252.12.0 /22 zu erreichen.
Der DNS im LAN Netzwerk löst die Webseite auf mit der IP im Static Route Netzwerk.
OpenVPN hat diesen DNS als Server als Nameserver hinterlegt und nslookup funktioniert auch einwandfrei.

Static Routes haben nicht geholfen und auch nicht Force jeglichen Traffic durch den Tunnel.

Der Gateway 10.108.36.130 /25 ist noch mit anderen Netzwerken verbunden, werden jedoch nicht von mir verwaltet, daher keinen Einblick was dort passiert.
Mein Verdacht: 10.0.8.0/24 ist eventuelle ein Netzwerk das er schon kennt und der Traffic wird nicht an nicht zu mir zurückschickt bzw. er ist so konfiguriert das er nur Traffic von 10.108.36.128/25 akzeptiert, ist das eine Möglichkeit?
Gibt es eine Möglichkeit den Traffic von OpenVPN in ein NAT umzustellen das es von 10.108.36.128/25 kommt?

I finally figured this out. I had to manually re-create an Outbound NAT rule for the NordVPN interface. Once I did that, everything started routing as expected. Very strange that an update caused the previous config to bomb. Either way, It is working now and I hope this helps somebody else out! Below is what I added:

4e19b52f-ab7a-4a84-9906-83bb7a1e52c3-image.png

@dimskraft said in Back route of second OpenVNP connection not added:

I don't think gateway groups help here, since "client" has only one WAN

The gateway group should include the OpenVPN gateways, and there should be two of them as well in the client.

@viragomann: I fixed it, but that was not the issue. What was the problem was that I had configured the OPT port, even though it is not in use, to use the same IP subnet as the VPN. With that having been changed, everything is working now.

Thanks for your help!