In the settings for the PIA client check "Don*t pull routes" to avoid that you get pushed the default route from the server.

Then set up a policy routing rule like that:
Add an alias "NoPIA" first and add the networks 10.10.1.x, 10.10.2.x and your pfSense LAN address to it.
Add a firewall pass rule to your LAN (92.168.1.x):
source: LAN net (the 192.168.1.x network)
destination: check "invert match" and enter the alias "NoPIA"
Open the advanced options, go to gateway and select the PIA gateway.

You have to assign an interface to the PIA-VPN first.

Just a warning. If you use OpenVPN via NetworkManager then you will be leaking DNS. If you run openvpn manually via:

then it will use only the VPN DNS.

Now I have second user with separate certificate and it works as it should.

Many thanks again for the great support

Actually I'm not sure that would work if you're using resolver. It would only work if you were using an external DNS like Google or Cloudflare. Policy routing simply means specifying a gateway based on the traffic type. You're already doing it when you send traffic from a specific group out the tunnel in your LAN rules.

After removing my HyperV virtual adaptor everything started working as expected! - Very odd!

@tmdnv1t

I would expect FreeBSD is just operating as a router, as it should. No matter what interface they're configured on, they should still be reachable. Linux works the same way.

well i feel like an idiot , looked at the routing tables found out i was using that ip for the openvpn server for the users...

@synad
https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/

https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/index.html

I had confirm my brain.

CIDR /16 is not a network I use, this is a client network but need to fix this.

They don't have 65000 users there.

U are right, 192.168.1.0 is already part of the network.

I will fix this and let u know, thanks both of u guys, wonderful help, always keep learning.

👍

Both networks 192.168.0.0/24 andd 192.168.8.0/24 are connected to the same router. So you go across the router.

Man when you’re outside that network you have to use the public IP to access the network.

@viragomann

@randomPerson said in Cannot access any Web-Services (but can ping them) from OpenVPN Client:

Now I get the following error message:
Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)

The problem is resolved, the extra space before the dhcp-option was causing trouble.

Thanks for the help!

@paolone919191 Start a new thread, so we can get some specifics and offer some help.

I was finally able to solve this issue.
There were multiple users experiencing the same issue.

It got resolved by UNchecking "OpenVPN > Client Export > Certificate Export Options > Use Microsoft Certificate Storage instead of local files.

Then "Save as default", export new installer en reinstall on client.

Don't know yet what the root cause is, but this solved the issue on alle of the clients.

Anybody here that knows what really is going on?

Thanks,
Thomas.

Johnpoz, you're totally right.. I connected an embedded Linux device (printer) to the network, and pinging works.
So stupid of me, I was unaware Windows firewall blocks ping requests from other networks.

Thanks a bunch!

VPN > OpenVPN, Servers. You can edit the resulting server any way you like.

So I don't have to turn openvpn on and off. I'm lazy😀.

@warheat1990 What is it? How Can I fix. Fix post is deleted.