@viragomann said in Ip "free outbound" from NordVPN:

Dude, you have to add the rule to the internal interface!!!

Thank you very much, it had escaped me, now everything works perfectly.
You were too kind!

Thanks again

@acloete
Would be worth to mention.

So configure PAT in your p 2 and use an IP which is routed to your site.

@the-rob
Try to get it work with IP first to avoid resolving issues.

If you cannot access the SMB ensure the host does not block it by its own firewall, which is the default behavior.

To troubleshoot you can use the packet capture utility from the Diagnostic menu on pfSense.
Take a capture on the interface facing to the SMB server and check if requests are going out and if responds are coming back properly.

Never mind...

@vinns For the clients the Apple store, Andriod store, etc ...

https://openvpn.net/vpn-client/

@n8lbv

The issue is probably the '5' thing you mentioned.
Dono what that is.
Look here : https://www.pfsense.org/download/

The next important thing is that OpenVPN itself - see here : https://openvpn.net/community-downloads/ went from the 2.4.x series (th ese are NOT pfSense series numbers !!) to the 2.5.1, 2 or 3 version.
And between2.4.x and 2.5.x (OpenVPN !) things changed, some parameters are faced out, some can even do other things. Mixing 2.4.x settings (opvn file) with 2.5.x (2.5.2 is the OpenVPN version on pfSense 2.5.2) can crate issues. The other way around : same thing.
So, using pfSense 2.5.2, things changed.

I'm using a OpenVPN 2.5.x client on the client side, and pfSense 2.5.2, this works just fine.
And yes, I to go to the OpenVPN 2.5.x release info page ( again : here https://openvpn.net/community-downloads/ ) and read the "Overview of changes since OpenVPN 2.4" part.

@hellnation76

I can't think of anything, short of using a managed switch that supports that function.

@felipefonsecabh the bridge between OpenVPN and Local Network works after i enabled these options:
2021-11-18_23-36-29.png
I try to keep the "Redirect IPv4 Gateway" disabled (the address configured as 192.168.1.0/24), but doesn't work.

It's possible to make it works without pass all traffic throught the tunnel?

Thanks a lot!

@detox how you handle vulnerabilities on the cheap routers ?
how you avoid sniffing traffic without encryption ?
how you get easy updates and renew the system without replacing hardware?
how you manage easily traffic routing and adding rules ?

The answer to all above is pfSense and OpenVPN. at least is what i learned from the good guys here.

@johnpoz the Log Level was set to Default.

I have changed it to 2 and now appear the TLS version.

Thankyou so much.

@whitetiger-it
The virtual IP of a client which is part of the tunnel network is that what the firewall is seeing as source address. So that is the way to do it.
But there is quite no need a assign an /24 tunnel to 2 clients at all. If you use net30 topology you need 4 IPs (/30) for one client, so for two a /29 subnet is sufficient.
If your server uses subnet topology a single IP is sufficient for each client.

John, instead, has a CSO to use 10.201.201.1/24
But then he is always assigned to 10.101.101.2, as before.

So obviously the CSO is not applied. If pfSense finds a matching CSO when establishing the connection a log line is written. If not the client gets an IP out of the servers tunnel pool.
I mentioned above what are the requirements for a CSO to get applied.

I change my openvpn firewall rule on the WAN interface destination to "WAN address" from "this firewall (self)" . It seems that the "this firewall (self}" does not update the state table correctly, that is why I can make small call and get my 302 but not send any real data. So use the "WAN address" for the destination for the openvpn rules.