This is a pfSense forum. I have no idea about OpenWRT's ipchains rules or whatever they are, sorry.

This is the solution that worked

Get the username under: System > User Manager. It's the common name. VPN > OpenVPN > Client Specific Overrides Click Green plus Under Advanced enter the static IP: ifconfig-push 192.168.2.99 255.255.255.0; Firewall -> Rules -> OpenVPN Add rule with Action "Pass" on Interface "OpenVPN" Enter "Source" as the IP address 192.168.2.99 Enter "Destination" as the IP to grant access, such as 192.168.1.53 Set Port to MS RDP 3389 Save Add another rule with Action "Block" and Interface "OpenVPN" Set source to the VPN static IP: 192.168.2.99 Destination is set to "any" Save Make sure the "Pass" rule you added is above the "Block" rule

Yeah I'm aware, I'm only asking if you guys know about it. :)

I managed to solve this but the mobiles still don't connect through the tunnel, does anyone have a good idea?

You need to go to the Certificate Manager and add your VPN's CA certificate authority cert there first. Make sure you set the Method to Import an existing Certificate Authority. Paste your CA cert under Certificate Data then Save. The cert includes the starting and ending dashes so make sure to include those.

Now you can run the wizard under VPN - OpenVPN - Clients. Most fields are self-explanatory. Go through it and see what happens. Come back if you have questions or problems.

Sure, come back when you've got a config you can reproduce the problem with.

Just some hints to tie things down a little.. You can easily make your tunnel network a /30 or (/29 if more than one remote address is needed) for just one laptop doing a roadwarrior setup such as that.

Then on your OpenVPN firewall rule make "source" the same as your tunnel. 10.0.0.0/30 /29 ect..
Make destination your local LAN if you only have one local subnet to worry about.

It is most likely absolutely safe to leave it as is but if your inclined to worry or just want to tinker more.. this is an option for you. ✌

Good luck!

correct, you put the ip of your preferred dns resolver, aka ip of the pfsense in your case
don't forget to press thumb up if it was useful

It appears that was the issue having only one NIC, a box with 2 NICs on different submets connects and pings fine but now I've ran into the problem that it doesn't have a great throughput tried both OpenVPN and IPSec but packets over 50kb fail on pings.

@jakes said in BUG: OpenVPN client configs being overwritten:

loading with the correct information initially, but then flash quickly gets repopulated/overwritten from values from the 1st

That has to be the browser doing it then. Maybe an add-on/extension which is active in both regular and incognito mode.

Been stable for 24 hrs now. All working as it should with VPN bypass Aliases in place. Should it stop again, I will definitely look at the IP's for the CDN and refresh them to see if that's it. Had not thought of that. Happy to post tables etc for others if it would be of help.

That was exactly it, thanks for the help.

@viragomann

I have no idea if I have messed something up or if its a pfsense thing or a openvpn on centos thing.
It's been a while since I worked on a bare openVPN server without pfsense but there isn't much to set really vs using the web gui in pfsense.

I have recreated the VPN twice and keep getting the same thing.

I have resolved it to some degree by telling pfsense which is the default gateway vs using the automatic option in the systems >routing >gateways page.
this.png
I've never had to do that before on a pfsense setup. But as I say I don't understand why the behaviour difference between this VPN and every other VPN I've ever created.

Maybe I just need to sleep on it tonight. :)

Regards
Dave

UPDATE: Got this fixed. Turned out I had a space after a comma in the remote networks line, so it ignored everything after it. Works as expected now!