Your welcome - any time ;)

@jimp said in Shared object "libdl.so.1" not found, required by "openvpn":

Except as I've said a few times now, you can't do that anymore. There is code in place to prevent that from happening. We've done all we can to protect against that in the future.

Ok perfect, but I will check this point on next upgrade because I actually had the problem upgrading from 2.4.3-p1...

Thanks netblues, what I did was this.

add the remote network(client) in the RW settings:

IPv4 Local networks: local-network,remote network

Latter, I add in the RWOVPN Rules, 1 rule that allow the RW network access the server lan, a 2nd rule that allow RW network access remote network using as gw the LB-GW from the site2site setup.

In the client network, I didn't have to add nothing, this change was only in the server side.

Is working, thanks netblues.

Well, I have connectivity between the two buildings. I found a 2 page instruction on the web, that really helped. Also, what made me think I wasn't seeing the buildings was the fact I coudn't ping either PFsense box. BUT, when I tried to ping devices such as my time clock in the remote building, If out that I could. I can also go to the remote site, and ping my servers in my building...

I'll shut the remote site down until it's needed in the event my netgear boxes puke on me.

Thanks for the guidance and help.

OpenVPN encrypts data transfers between your clients and pfSense

LDAPS encrypts the LDAP authentication process itself between pfSense and your LDAP server.

The two are not related, and you should always go for the more secure option if it's available. LDAPS is definitely preferable, especially if the LDAP server is remote to the firewall. If the firewall and the LDAP server are on the same network directly connected (e.g. LDAP server is in LAN or DMZ) then it may not matter so much, but I'd still go for LDAPS.

You must not assign an ip address on the openvpn interface. Keep it at none.
It will be assigned by openvpn server (or client) automatically.
Then you will have the needed gateway,

@johnpoz said in Getting two different network configs using same openVPN client file:

And what is your LOCAL network at work? if its the same as your remote network or tunnel network then yeah going to be issues.

DUDE! You are a $@#%*& genius. As soon as I read your post, I knew you nailed it. I needed to wait until I got back in the office today to confirm, but that was it. Thank you!

Of course, it made total sense once I read your post. Sometimes in the problem, cant see the forest through the trees. Thanks again John!

YUM blows up all the time ;) and while repository mangers like yum and apt don't prevent the users from shooting themselves in the foot and running into dependency hell.

They have attempted to stop most of this by making it harder to install your own packages and stuff - but users still do it.

Pfsense uses apt and use special pfsense repository... Sure they are or will be looking into locking it down to specific version repositories.. Where if package and or any of its dependencies require upstream version of anything the package will not be presented to the current installed version of package manager, etc.

You can reconfigure the switch so that "OPT2" is a dedicated port on the switch just for that one connection.

https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html

The following input errors were detected:

If no Client Certificate is selected, a username and/or password must be entered.

pfSense doesn't allow me to.

Why do you use OpenVPN in TCP Mode? Switch over to UDP and try again.

-Rico

Thanks for the help. Finally figured out (after doing tcpdump on my lan port) that the connection request was being forwarded to one of my internal systems. I forgot I had port forwarded a range of ports to a system and 1194 was one of them. Specified the ports exactly instead of port range and was able to connect right away. So for anyone facing similar issue, check your port forwarding and make sure you don't have the openvpn port you're using in a port forward to a different system.

I never noticed the change to being able to specify multiple networks in 2.4.x. That's great!

Jimp my hi5 to u, that was the trick.
Now I will create a Load-Balance, FailOver1, FailOver2 for my connections.
Thanks Jimp.

@jimp said in Possible Bug Setting up OpenVPN Client:

In the past, having any setting other than None for IPv4/IPv6 was a configuration error.

It wouldn't have actually worked, and the fact that it let you configure what it did is probably a bug.

Setting it in the way you describe would cause one openvpn client to bind and run inside the other. Why would you want to run OpenVPN inside OpenVPN?

Thanks for this information, I didn't realize the effect of what I was doing due to lack of knowledge and because it just worked. The reason I set it up like that is because I followed the setup guide on ExpressVPN's website and that is how the guide showed to set it up.

I actually questioned them a while back concerning a different part of the guide and there response was that they couldn't help because it was a user submitted guide.

EDIT: I looked at the guide again and I did misunderstand part of it. They do set the client interface to WAN but at the same time they also set the actual VPN interface to DHCP. So it looks like there guide is wrong AND I misunderstood part of it.

Now if I could just figure out how to get a working monitor IP on these VPN Gateways. I'll ask that question later though.

@derelict said in iPhone/iPad no longer works after update:

Have a look at Services > DNS Resolver, Access Lists and see if adding the tunnel network to an Allow list there doesn't start allowing queries.

That fixed it. Thanks,

@alexxtasi said in Using Radius for accounting only, Ldap for authentication (using Radiusplugin ?):

it a radiusplugin problem of openvpn in general ?

thank you

@alexxtasi,

you forgot to reply to yourself and tell us that you have fixed this crash:)

IIRC on Windows you had to run the OpenVPN client as Administrator or it wouldn't create the routes propeprly. It would look like it was working but you had no error messages and no access.