That is only 10/100? ugghh.. Yeah time for an uplift ;)
Smart switches can be had for very reasonable prices these days.. But if budget is a constraint, and you need more ports for different networks/vlans than you can provide with your 3100. A simple 5 or 8 or even low cost 16 could be purchased and then run your downstream dumb switches off that.. Until such time that budget allows for upgrade of all the switches to provide for full flexibility of what vlan is where, etc.
I show a
D-Link Ethernet Switch, 8 Port Smart Managed Gigabit Desktop EEE Network Internet (DGS-1100-08V2)
for $35 on amazon right now..
Some days i get long solid connections, some days its reconnecting every 10 seconds for hours on end.
I havent figured out a solution yet, tried some of the fixes from the more recents threads created here like mssfix and settings default gateway but none of this should be required as it worked flawlessly on 2.5.0.
@gertjan No, it is automatically assigning addresses from the 192.168.x.0/24 pool I specified in the OpenVPN Server instance.
It's working w/o a DHCP instance.
IPv4 Tunnel Network
This is the IPv4 virtual network used for private communications between this server and client hosts expressed using CIDR notation (e.g. 10.0.8.0/24). The first usable address in the network will be assigned to the server virtual interface. The remaining usable addresses will be assigned to connecting clients.
Apparently there is a bug with FreeRADIUS and Assigned IPv4 Address for your OpenVPN if you use the email script by adding it to:
OpenVPN Server -> Advanced Configuration > Custom Options
If you invoke script from Custom Options under OpenVPN Server -> Advanced Configuration, then FreeRADIUS will no longer assign your static IPv4 for OpenVPN. I don't know how to get around this but just FYI if suddenly your OpenVPN IP is no longer your defined static address.
I was looking for a client setup I have to tell you precisely what to do but I can't find one. This is probably because all of the clients I manage now are on Windows Domains and this is no longer an issue for me. But, I'll tell you where you need to go to setup the Windows Firewall Rule.
Get to your Windows Defender Firewall. It's best to get to this through the Windows Control Panel.
On the left click the link for Advanced Settings. From this screen you can create custom rules to allow for Inbound and Outbound Rules.
If you right click on Inbound Rules or Outbound Rules you can click on New Rule... and a Wizard will come up to create a Rule. When you go through the wizard there will be a portion at the end where you can allow REMOTE subnets.
Unfortunately you'll have to do this for every Windows 10 machine you want access to across the VPN.
P.S.: pinging from the pfSense's diagnostic tools, I can ping 10.20.0.1 and 10.21.0.1 from OpenVPN interface, as well as from WAN and LAN interfaces.
Can't ping LAN's client 10.20.0.101 from any of these interfaces
I forgot to mention: We are using SG-4860 appliances and did not have the problem with 21.02.1 or older versions.
Maximum number of simultaneously connected oVPN clients is around 150 to 170, but problem also occurs with ~30 clients only.
We use 500MBit fiber for our ISP connection and are far from reaching its limits:
The difference is, when you copy it, you have two rules, the original one and one on the new tab. When you move it, there is only the rule on the new tab, but the original one no longer exists.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.