@pljungstrom The error message looks like if the client cannot reach the server. Sure that you only renewed the CA cert before you got this? Check the client settings for the correct server name or IP and port.

@vasliy Hello Vasily, Unfortunately not, in the end I created a vm for that subnet and rolled my own setup on Linux.

@rico thank you very much for your answer. But I am looking for the Commands or the script to do it.

@soheil-amiri This looks somewhat different than my NM on OpenSUSE Leap 15.3. But glad that you got it working.

@rico you didnt give enough information before you provided a web link.

@mradell said in NordVPN using OpenVPN not connecting: That's what happens when you just don't pay as close enough attention to detail as you think you did. Happens to all of us.

@viragomann Thank you very much, I was able to solve this problem I was dealing with since some time!

@stephenw10 said in 22.05 - DCO and OpenVPN issue: It's probably not something that can be fixed with a run-time patch unfortunately. It looks to be in OpenVPN so something in the binary. Steve Thanks for clarifying - thus we know to currently not roll it out enabled per default :)

Unfortunately I realized that some evidence too much has generated (automatically) some "uncontrolled" rule ... I leave somewhere and try to do the rounds more correctly.

@jims Something seen in the log?

Decided to throw caution to the wind. Backed up my configuration. Warned all VPN users we might be down for an hour. Unchecked the "Bridge DHCP" option. Added 172.16.200.0/24 range to the "IPv4 Tunnel Network" Restarted OpenVPN. And clients show up in widget and status again! This even fixed an issue where mobile clients lost access when they came onsite without auto disconnecting the VPN connection. So it looks like the bug isn't quite fixed but this work around is actually better for my setup and I will be sticking with it. Hope this helps others on this very minor but annoying issue.

@johnpoz Thanks for the reply! I think I understand what you're saying with the nat reflection, but why is this the case if both pfsense, and the ISP modem have different public IPs? Also just to clarify: if you want to connect to pfsense while on pfsense wan network Sorry if this might be trivial, but just to clarify, do you mean if I'm trying to connect to pfsense from the devices connected directly to the ISP modem (devices on ports 2-5, and wifi)? just use its IP whatever rfc1918 address that is Aren't RFC1918 addresses just private addresses (10.x.x.x, 172.x.x.x, ...)? If the WAN interface has a public IP, how would you find the rfc1918 address? (Again sorry if this is trivial)

@rico Sorry I don't understand that why this is not possible or doesn't make any sense. [image: 1658484001319-1c390efb-8d29-4bee-97e6-e2d4a6a15bf9-image.png] Peer to Peer = Side to Side Remote Access = Client to Server (client = Laptop or device from external network) Me: I want to have: Peer to Peer (SSL/TLS + User Auth) <- Does not exist! Is this correct?

@viragomann That was it! Its now working. Thank you for your help and patience

I'd try the TLS Encryption and Authentication option in OpenVPN first. -Rico