OpenVPN

• 

  [solved] Unbound restarts every time an OpenVPN user connects
  • m0urs

  9
  0
  Votes
  9
  Posts
  130
  Views

  

  @johnpoz I needed to reboot the pfSense box today for another reason, and it seems that Unbound now no longer restarts if an OpenVPN connections is established. So I guess that was only a temporary issue. Thanks for your help!
• A

  All protocols works except HTTP, HTTPS
  • ArthurG94

  5
  0
  Votes
  5
  Posts
  110
  Views

  K

  @arthurg94 De rien ))
• T

  connection on pfsense with ssh
  • trazom

  4
  0
  Votes
  4
  Posts
  151
  Views

  K

  @trazom Il n'y a pas de quoi
• H

  client ping does not work to clients in other network
  authentication certificat • • hannes.hutmacher

  7
  0
  Votes
  7
  Posts
  139
  Views

  

  Glad you have it working now. -Rico
• B

  Route OpenVPN client over IPSEC to a remote LAN?
  • bobkoure

  2
  0
  Votes
  2
  Posts
  55
  Views

  V

  You have to add an additional phase 2 to the IPSec configs for the access server tunnel network. Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks". For instance: site A: LAN: 10.0.10.0/24 access server tunnel: 192.168.21.0/24 site B: LAN: 10.0.20.0/24 access server tunnel: 192.168.22.0/24 site C: LAN: 10.0.30.0/24 access server tunnel: 192.168.23.0/24 So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network. at site B local: 192.168.22.0/24 at site C local: 192.168.23.0/24 Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course. Access server "Local Network/s": A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24
• S

  Authenticate via LDAP and local database.
  • srd

  1
  0
  Votes
  1
  Posts
  48
  Views

  No one has replied

• P

  CRON restart OpenVPN using kill pid
  • pfBasic

  7
  0
  Votes
  7
  Posts
  1749
  Views

  W

  I don’t know how to use the results from Google... :(
• B

  OpenVPN: Insufficient key material or header text not found
  • bobkoure

  3
  0
  Votes
  3
  Posts
  173
  Views

  B

  Yes, 3 boxes, but no, not connecting them together with OpenVPN (using IPSEC VTI for that). It's just that each site has different users, and if there's a snow day the'd need to work from home. With 2 of the boxes (one netgate, one white box) OpenVPN has been problem free. Just one has issues. I'm thinking it might be a bad install, and that I need to re-do the installation. This particular office had a netgate box fail when I upgraded to 2.4.4 (no anything on the serial terminal no matter what I did with the reset button) so I swapped in a spare 3-NIC PC, installed pfSense on that - and OpenVPN was working fine there, too. But I needed more NICs, so I bought another white box, installed pfSense - and everything is working except OpenVPN. I guess I know what I'm doing this weekend. Sigh...
• T

  Openvpn connects on ios, but no traffic
  • totalimpact

  3
  0
  Votes
  3
  Posts
  174
  Views

  C

  I am having troubles with iOS as well. In my case, disabling compression on the server was the only fix. With LZ4 or LZO, I could connect and ping, but RDP would not work.
• N

  Ideas/Views on pfSense as a cloud Openvpn "collector"
  • nighthawk

  1
  0
  Votes
  1
  Posts
  48
  Views

  No one has replied

• D

  OpenVPN traffic not routing through Squid
  • datzhim

  3
  0
  Votes
  3
  Posts
  79
  Views

  D

  thanks i see i needed to add(enable) the interface even though it was auto created.
• J

  Is is possible to set up a static IP through Pfsense when user is connecting through OpenVpn?
  • john the ripper

  4
  0
  Votes
  4
  Posts
  84
  Views

  V

  Add a CSO: VPN > OpenVPN > Client Specific Overrides Enter the common name that matches to the users certificate. Enter an "IPv4 Tunnel Network" by considering the stated hints.
• D

  Error: TLS Authentication Failed on OpenVpn, happens randomly
  • dgeorgilakis

  11
  0
  Votes
  11
  Posts
  320
  Views

  D

  Guys any update???? Your help will be appreciated
• G

  OpenVPN Oauth2 restrict vpn access
  • Getbys

  1
  0
  Votes
  1
  Posts
  36
  Views

  No one has replied

• J

  OpenVPN does not seem to be connecting to server
  • jlroberts

  2
  0
  Votes
  2
  Posts
  68
  Views

  

  How do you know the Server side is working properly? When your Client side pfSense Internet access is working and you don't see anything else in the Logs, you have used a wrong IP/Port or the Problem is the Server side. Can you for example make Update checks for your pfSense to make sure the connectivity is working in general? -Rico
• C

  Openvpn server on Virtual IP address not working
  • CheeMG

  14
  0
  Votes
  14
  Posts
  324
  Views

  C

  I think this is more of a OpenVPN problem rather than PFSense problem. Apparently, it isn't possible for OpenVPN server to listen on both IPv4 and IPv6 addresses. It can listen to ALL (meaning all IPv4 and IPv6 interfaces on server) OR a single IP address (IPv4 or IPv6). https://sourceforge.net/p/openvpn/mailman/message/34193818/ "AFAIK this is currently not possible - openvpn can either bind to ALL addresses (IPv4 and IPv6) or it can bind to a single address - either IPv4 or IPv6. " https://community.openvpn.net/openvpn/ticket/937?cversion=0&cnum_hist=5
• S

  Multiple VPN Connections based on IP address
  • sunnyg

  2
  0
  Votes
  2
  Posts
  83
  Views

  B

  create static addresses for the devices you want outside the tunnel. then create a Rule so those device travel over WAN instead of the PIA tunnel... this is how i operate my "smart" TV so i can stream
• R

  OpenVPN and Static routes mess
  • raphr

  1
  0
  Votes
  1
  Posts
  68
  Views

  No one has replied

• W

  Help with OpenVPN and Gateway
  • wes93

  1
  0
  Votes
  1
  Posts
  70
  Views

  No one has replied

• G

  Problem with vpn on OpenVPN
  • garona

  12
  0
  Votes
  12
  Posts
  230
  Views

  K

  @konstanti Ok For example cisco side access-list 100 permit ip 172.70.70.0 0.0.0.255 100.100.100.0 0.0.0.255 pfsense side Forgotten The network behind openvpn can be different if you use NAT . About this we must remember I gave an example , assuming that NAT is not being used
• M

  No livestreams when using DNS through OpenVPN with NordVPN
  • meridium

  6
  0
  Votes
  6
  Posts
  230
  Views

  B

  Nordvpn is the worst provider i have tried. and i have tried about 5-6 of the vpn services i suggest run away quickly i feel i can say this with confidence as i use the SAME exact settings with another provider and i get full speeds and no buffering 99% of the time
• J

  Site to site Pfsense using Openvpn
  • Joseph Watever J

  21
  0
  Votes
  21
  Posts
  266
  Views

  

  Please make sure to disable Block private networks and loopback addresses and Block bogon networks under Interfaces > WAN because you do double NAT. -Rico
• S

  Openvpn drops while establish rdc
  • sreyas

  9
  0
  Votes
  9
  Posts
  171
  Views

  S

  You are absolutely right , this is only happening with some specific providers rest all are working fine without any issues. I know this is stupid, but is there any workaround / fix in order to overcome bandwidth throttling from ISP. I will change the default port & try - will let you know the status Traffic shaping is not activated on PfSense.
• S

  OpenVPN TAP TCP traffic not passing, ICMP works
  • shimpa

  12
  0
  Votes
  12
  Posts
  2257
  Views

  H

  @johnpoz said in OpenVPN TAP TCP traffic not passing, ICMP works: All of which makes zero sense for a remote user or site to site. As a generalized statement without having any application-specific insight, this is just plain incorrect. I have a combination of tun and tap VPNs across multiple sites: there's rarely a time where using tun doesn't annoy me and interrupt my workflow, and never have I been able to notice a performance hit or any practically measurable or operational added latency from using tap. mDNS, and all sorts of layer 2 applications, both high and low bandwidth can be incredibly useful remotely. I'm not advocating that tap should by any means be thought of as the preferred option across the board, I'm simply saying there's no reason to wonder why someone may specifically want to use it - it has plenty of uses. For me I would not be able to work from home without it.
• S

  Port Forwarding OVPN
  • sweden_cool

  15
  0
  Votes
  15
  Posts
  240
  Views

  K

  @sweden_cool said in Port Forwarding OVPN: Do you need everyone or can you remove two of them? You can remove the ISAKMP one. I'm not sure about the "pia group" one, but I guess that's from some tutorial ? Remove it or disable it. Keep it clean.
• C

  Route all OpenVPN tunnel network traffic to LAN network for Apple HomeKit?
  • CCNewb

  2
  0
  Votes
  2
  Posts
  75
  Views

  C

  This is easily resolved with the "Avahi" package. Installed and enabled with default settings-- it will repeat the broadcast requests across all subnets, so devices on LAN network become discoverable to you while connected through OpenVPN network (different subnet). Just logging the answer I found for others. Thanks
• S

  Openvpn Client and Gateway Group
  • shetu

  5
  0
  Votes
  5
  Posts
  125
  Views

  S

  I have two wan gateway. I create pfsense openvpn client instance using wan1 gateway. When wan1 down I lose connection of pfsnse openvpn client. I want to up this openvpn connection via wan2 gateway (wan failover).
• B

  VPN throughput dips
  • blwag

  13
  0
  Votes
  13
  Posts
  217
  Views

  

  TCP in TCP is far from ideal, as you are finding out. I would at least test using UDP for the tunnel and see if your issues go away there.
• S

  OpenVPN Client connects but can't access anything except ICMP
  • sreyas

  6
  0
  Votes
  6
  Posts
  151
  Views

  S

  @marvosa I WILL SEND YOU THE NETWORK MAP SOON, ONE QUICK UPDATE THIS IS HAPPENING ONLY FOR SOME SPECIFIC ISP MY FIREWALL RULE FOR VPN IS ALLOW ALL I HAD CREATED SOME EASY RULE WHICH I HAD SEEN IN FIREWALL LOG FOR THOSE CONNECTIONS GOT BLOCKED.
• S

  DyDNS and Port FWD with OpenVPN client
  • slim2016

  10
  0
  Votes
  10
  Posts
  203
  Views

  S

  I'm using Namecheap, which is listed in pfsense dydns drop down list, i've also tried the custom url from Namecheap, which also failed to update. I already have 127.0.0.0/8 in the NAT Outbound settings for AirVPN WAN interface. The credentials are correct since it updates when using the WAN interface.
• M

  Failover OpenVPN mirrored/load balanced Servers with one WAN Address shared
  • MeltedTiger

  2
  0
  Votes
  2
  Posts
  92
  Views

  

  High Availability would solve that. You would port forward OpenVPN traffic to the CARP VIP. If the primary goes down, the traffic will hit the secondary instead. XMLRPC sync would sync the OpenVPN server configurations between the two. It is an active/passive configuration though. The would be no "load balancing."
• D

  Inconsistent DL speeds
  • doylet8456

  2
  0
  Votes
  2
  Posts
  62
  Views

  D

  I should add, I have tried increasing and decreasing buffer size, I've tried switching UDP ports and removed cipher encryption all together. Nothing changes to download speed from my Nvidia Shield ethernet connected.
• S

  This topic is deleted!
  • slim2016

  1
  0
  Votes
  1
  Posts
  3
  Views

  No one has replied

• P

  OpenVPN clients can´t acess internet.
  • pfsensenoob42

  6
  0
  Votes
  6
  Posts
  94
  Views

  

  For Android no idea, with iPhone OpenVPN works like a charm for me. -Rico
• G

  How to restart OpenVPN in a script?
  • guardian

  10
  0
  Votes
  10
  Posts
  753
  Views

  G

  @nivz said in How to restart OpenVPN in a script?: I know this is an old post, but it helped me a lot as I was looking to do the same with auto restarting openvpn due to private internet access going down randomly. What I ended up doing was putting the following in a script and running it via cron. #!/bin/sh WAN_IP=`/sbin/ifconfig vmx0 | /usr/bin/grep inet | /usr/bin/grep -v inet6 | /usr/bin/awk '{print $2}'` PUBLIC_IP=$(/usr/local/bin/curl -s https://api.ipify.org) if [ "$WAN_IP" = "$PUBLIC_IP" ] then /usr/local/sbin/pfSsh.php playback svc restart openvpn client 1 fi (Change vmx0 to your actual WAN interface name) Hopefully someone else might find this helpful. Thanks for the reply... there is some useful code there (how to restart openvpn client). I'm assuming that this setup pipes all traffic over the VPN, and if the VPN goes down all traffic goes directly out? I wouldn't be very happy if my VPN traffic went out unencrypted - I'd want everything blocked. In my case I let a lot of traffic go out normally, and then have another VLAN for my VPN traffic. VPN goes down, traffic on that VPN doesn't go out. Any idea how to direct PUBLIC_IP=$(/usr/local/bin/curl -s https://api.ipify.org) out a specific interface? BTW, you can ditch the second grep by doing this: /usr/bin/grep 'inet '
• E

  AWS pfSense Instance Masks OpenVPN Source IP of Remote Client
  • Erez Buchnik

  5
  0
  Votes
  5
  Posts
  103
  Views

  

  And you will also have to specifically route the tunnel network to the pfSense interface in the VPC routing table. And pass it in security groups, disable source/dest check, and all that.
• A

  multiple remote sites not reaching each other
  • ariban99

  4
  0
  Votes
  4
  Posts
  86
  Views

  A

  @ariban99 NEVER MIND. I had to restart the VPN and it works perfectly as you said. so NO server changes, just the client changes and its working now!! thank you
• J

  OpenVPN - ios phone cannot access LAN networks
  • Jawhead

  4
  0
  Votes
  4
  Posts
  104
  Views

  J

  Hi Gertjan, We're on the process of upgrading the pfSense version soon, We're just waiting for the returned firewall. By the way I already fixed the issue, I just need to change one of the default settings in openVPN connect apps.
• Y

  Anyone Know What This Strange OpenVPN Instance Is?
  • yannie

  4
  0
  Votes
  4
  Posts
  84
  Views

  

  @yannie Thats the tunnel network. Nothing to worry about. And it is the address of your side of the tunnel network. Using your username and password will bring up your box.
• T

  no connexion from client on internet to lan connected at pfsense
  • trazom

  2
  0
  Votes
  2
  Posts
  95
  Views

  

  @trazom said in no connexion from client on internet to lan connected at pfsense: debug: [openvpn] Sat Dec 22 09:17:34 2018 Attempting to establish TCP connection with [AF_INET]192.168.1.254:1195 [nonblock] debug: [openvpn] debug: [openvpn] Sat Dec 22 09:19:34 2018 TCP: connect to [AF_INET]192.168.1.254:1195 failed: Connection timed out That's the key part of this log. Where are you connecting from? It's trying to connect to 192.168.1.254 so would have to be on that same private subnet to connect to that. I suspect your pfSense box is behind another router and you have used the client export wizard to create that config with the 'Host Name Resolution' set to Interface IP address. You will need to have that set to a real external IP or a hostname that resolves to it. Steve