• 0 Votes
    5 Posts
    839 Views
    RicoR

    How would you route traffic without adding some kind of router to this LAN? 🙃

    -Rico

  • Need help on openvpn client routing

    4
    0 Votes
    4 Posts
    554 Views
    A

    @konstanti I disabled the first rule still not working

  • OpenVPN cant connect static routes

    3
    0 Votes
    3 Posts
    437 Views
    johnpozJ

    @fergomez1980 said in OpenVPN cant connect static routes:

    Static Routes in LAN
    192.168.0.0/24 + Gateway in LAN 172.26.0.199 (ip alias of router to connect at that network)
    192.168.1.0/24 + Gateway in LAN 172.26.0.199 (ip alias of router to connect at that network)

    Other than your current openvpn problem this sort of setup also screams asymmetrical traffic flow.. If you have a network that you get to via a downstream router, then this downstream router should be connected via a transit network no using a network that has hosts on it.

    So lets say lan device wants to talk to an IP on these networks.. does it have a host route - or send its traffic to pfsense? The return traffic will just go direct to client from the downstream router = asymmetrical.

    But as mentioned by viragomann, you will need routes on your downstream router on how to reach the tunnel network(s) you use for your openvpn clients.. Or no you will never be able to get there without doing source nat.

  • Openvpn Site-to-Site Routing

    6
    0 Votes
    6 Posts
    719 Views
    X

    @rico hello

    I just finished configuring ssl/tls openvpn all working fine, but I couldn't understand in the server there is a section "Local Networks" what exactly this is for. Because without it I don't see any issues????

    Also my cpu support AES-NI - Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM

    0_1548063058698_2019-01-21_3-29-53.jpg
    My pfSense box also have Chelsio T580-SO-CR witch I believe support Crypto offload, but I am not sure how to use that function OpenVPN seems to support only "cryptodev" I have to set to AES-NI and BSD Crypto Device in order to get any crypto offload on the OpenVPN. Even so I get much better performance on the bare metal then VM, but I am sure with my setup that's not it !!!!!

    Also the million dollar question is HOW TO: OpenVPN Site-to-Site with DNS
    In the past I tried to setup Bind with no luck seems I need to study more and I have to go with build in unbound for now
    My sites are subdomains like:

    site1.myco.local
    site2.myco.local
    site3.myco.local

    Is there a way I can resolve without adding the hosts to each site manually

    Thank you

    EDIT:

    Is this section of client specific Overrides can be the key to be resolved by other clients

    0_1548266210000_2019-01-23_11-53-21.jpg

  • OpenVPN TAP server for "local" gaming

    2
    0 Votes
    2 Posts
    604 Views
    Z

    Some further digging and this seems to be a metric issue.

    If I change the metric for the TAP adapter on both clients they can find each other and everything works, but not otherwise.

    Is there a way to have Windows push all of the broadcast traffic down the VPN without having to manually change the adapter metric setting? Perhaps some setting I can push though the OpenVPN server that ensures 255.255.255.255 requests go down the VPN?

  • ExpressVPN interface is up but gateway is down

    13
    0 Votes
    13 Posts
    8k Views
    C

    @lansmurf said in ExpressVPN interface is up but gateway is down:

    The only problem I stil have is that althought the interface and the gateway are up and working. Dpinger cannot ping the VPN server. I have set the Data payload to 1 but I still don't get a ping… If I enter 8.8.8.8 to monitor I get a huge packetloss >40%... 
    Maybe someone can give me advise at this point to get better monitoring results? (I guess this is important for load balancing if you enter multiple gateways to diffenrent VPN servers)

    A bit late, but replying in case it might help someone. I had same problem with Dpinger and packet loss. Solved it by enabling Hardware Crypto in openvpn client. Now I can use external IP to monitor if VPN gateway is online. Of course, your hardware needs to support this.

  • Add other servers' bundled configurations to OpenVPN Windows Installer

    3
    0 Votes
    3 Posts
    681 Views
    C

    @jimp
    Thank you jimp! Works now.

  • Best way to access vpn server localy

    3
    0 Votes
    3 Posts
    395 Views
    L

    Thanks for you time,i don't need a VPN when i am at home,but i don't know how to bypass vpn just when i am at home.If my vpn is active when i am connected to my home wifi it will lose connection and he try to connect to my wan.My wish is too be always on vpn because with my work i go in many places.
    I will try your idea with dns override,sems more clean,right now i have on my client config my wan and my lan ip,so he will try next if one will fail.
    I might create 2 vpn servers one on wan and one on wifi interface.

  • Multiple OpenVPN tunnels between the same sites

    2
    0 Votes
    2 Posts
    304 Views
    RicoR

    Multi-WAN Tactics with OpenVPN are covered here: https://www.netgate.com/resources/videos/advanced-openvpn-concepts-on-pfsense.html (22:50 min).

    -Rico

  • dnsleak issues when using local resolver

    15
    0 Votes
    15 Posts
    2k Views
    N

    @rsaanon

    Did you get it to work?

  • OpenVPN only recognizes the first of two DNS servers

    5
    0 Votes
    5 Posts
    896 Views
    johnpozJ

    @ffarkas said in OpenVPN only recognizes the first of two DNS servers:

    Windows clients would automatically search on the other DNS server when a name cannot be resolved

    One of the most common misconceptions to how dns works at a basic level.

    As stated by Derelict all NS pointed to by a client need to be able to resolve the the same stuff the same way or your going to have a bad day.

    If a NS returns NX for something that is asked for - then the client stops asking.. Because it was told that doesn't exist, so why should it go ask anything else for something that doesn't exist. The only time a client will go ask the other NS is if there is a time out.. And you can never be sure which NS a client will be asking out of the NS listed..

  • Cant access ports though OpenVPN solved

    4
    0 Votes
    4 Posts
    619 Views
    K

    Thanks for the reply but was going nuts had to check Disable hardware checksum offload and solved it

  • How to ensure syslog forwarding happens after VPN is established?

    4
    0 Votes
    4 Posts
    646 Views
    R

    Looks like the 'up' statement is already being used by one of pfSense's internal scripts. So I'm gonna have to use the 'route-up' statement to execute my command. Also, 'script-security' has already been set to 3, so setting it again would be redundant.

  • Cant Access to OpenVPN server affter energy supply cut

    5
    0 Votes
    5 Posts
    624 Views
    RicoR

    Glad you have everything up and running again. ☺

    -Rico

  • OpenVPN Arp issue on reconnect with TAP

    1
    0 Votes
    1 Posts
    371 Views
    No one has replied
  • Forward IP in TUN mode

    3
    0 Votes
    3 Posts
    781 Views
    F

    @Konstanti
    Thx for the help.
    Indeed outbound NAT was enabled. After changing that everything works as exspected.

  • OpenVPN site-to-site traffic only in one dirrection

    7
    0 Votes
    7 Posts
    839 Views
    P

    It's now resolved.
    It was none of the above.

    Changing tunnel network to be /30 resolved it.
    I tested it afterwards:
    switching to /24 works in one direction
    switching to /30 full routing in both directions

    It shouldn't happen. I did try on a fresh installs of pfsense.

    Piotr

  • SITE-TO-SITE as PEER TO PEER (SSL/TLS)

    Locked
    6
    0 Votes
    6 Posts
    6k Views
    DerelictD

    @xlameee Please don't post to ancient, crusty threads. Please start a new one. Locking this.

  • OpenVPN Script for Switching VPN Server via Crontab

    5
    0 Votes
    5 Posts
    1k Views
    R

    @konstanti I get 3 simultaneous connections; One connection is dedicated to the pfSense box. The other two are used on family laptops when travelling.

  • Route some IP's/traffic through pfsense gateway

    6
    0 Votes
    6 Posts
    671 Views
    S

    @viragomann Thanks very much, that works perfectly :)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.