Share your OpenVPN Client settings (screenshots).

-Rico

In Diagnostics -> DNS Lookup you can resolve this express vpn host or not?

-Rico

@abadonna your link is down can you send me your tutorial. I'm trying to setup Secuirtykiss

i had it on authentication only in the open vpn server, now users are showing up for export, you nailed it thank you so much!

@jimp

Ok, Thanks Rico and Jimp !

/ br, pete

SOLVED

Do NOT use the character "¤"

in the password field. This makes pfsense create a config.xml.bad and revert to a previous version of the config.

OpenVPN files under /var/etc/OpenVPN are created and active until reboot of pfsense.
Newly created entry not shown in Services or Status, but still connecting in the background.

My config.xml.bad, Under OpenVPN client section:

Using a password not containing "¤" does work, entry is created and functional.

Anywhere said that password shouldn't contain strange characters? If not, this looks like a bug to me.

Brgs,

@yash said in OpenVpn:TLS Error: TLS handshake failed:

read UDP: Unknown error (code=10054)

You need to validate that port is open from your client to the server.. It could be blocked at your client side, etc.. Or sure you could be blocking it on pfsense, or some nat router between.

Is that IP your public IP that you xxxxx out?

Lets see your firewall rules on your wan to validate 1199 is open.. Also your pfsense is not behind a nat right? And has public IP on its wan? Simple sniff on the wan for UDP traffic 1199 and then try to connect with your client will tell you for sure if the traffic is getting to pfsense or not.

I will take a look on those! Thanks for now!

@derelict I hear ya’. That’s a bummer, but makes sense... I could maybe I replace our existing router with another pfSense one and do a P2P server between both of them instead so the firewalls can talk to each other? xFi isn’t the best with their interface - far too simple. Home-Network friendly I suppose.

Thank you for the help though.

Sorry to necrobump, but this should be pinned in official pfsense OpenVPN tutorials. Two years I've been using ~30-40Mps VPN being sure it's speed is limited by the provider. I just tested snd/rcvbuffer and fast-io and immediately landed on stable 60Mbps. Holy smokes! Thanks for making my life better :)

This was solved as you can't use a subnet that follows under the 10.1.0.0/16 VPC setup in AWS.

10.1.99.0 changed to 192.168.XX.X/24 subnet worked

I just noticed in the OpenVPN client log the following:

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'

Where does these MTU values comes from?

I have no MTU defined in OpenVPN client config.
I have no MTU defined in OpenVPN server config.
I have no MTU defined in WAN interface.
I have no MTU defined in OpenVPN interface.

Thanks Rico. I already had and used the first set of instructions.
I'm watching the first video now.

Well with Remote Networks not matching properly I would expect it not working, so put your main office network 10.11.0.0/16 there.
Can you ping main office network clients from the remote side pfSense directly?

-Rico

Perfect, thank you!!

@johnpoz said in Configure PIA (Private Internet Access) VPN on pfSense 2.4.4 only for specific hosts:

kill switch
Thanks!

So you just do Multiple Remote Statements? This would be the behavior then.
Check out https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html which covers different Multi WAN tactics for OpenVPN (starting at 40:08min).
I recommend you to watch the whole video tho. ☺

-Rico