• OpenVPN 100+ users

    2
    0 Votes
    2 Posts
    506 Views
    jimpJ

    At that scale, per-user certs are impractical. You can do it, but you'd have to manage them manually.

    Better to use a central auth setup like RADIUS or LDAP and go with an auth-only VPN. You still have the static TLS key available for an extra factor if you want. Not as air-tight as Certs+Auth+TLS Key but still good and scales a lot better.

  • Site to site and remote access gateway

    3
    0 Votes
    3 Posts
    476 Views
    V

    Assuming you don't have set "Redirect gateway" in the access server settings to force all client traffic over the vpn, add the Atlanta LAN network 192.168.2.0/24 to the "IPv4 Local network/s".

    On the Atlanta pfSense in the site-to-site settings add the access servers tunnel network 192.168.100.0/24 to "IPv4 Remote Networks".

    Ensure that the firewall rules on both sites allow the access.

  • OpenVPN Routing Site-to-Site tunnel to Remote Access VPN tunnel

    5
    0 Votes
    5 Posts
    1k Views
    M

    @buomque:

    Thanks for the info Marvosa!

    One more question, is there a way to route all available LANs from site-to-site tunnel to Remote Access tunnel? Or pushing each LAN is a more proper way to do?

    buomque, it depends on what kind of solution you want to end up with.  One way to achieve your objective is going full tunnel, but then all traffic is routed down the tunnel.  If you want to stay split tunnel, then every subnet you want access to will need to be pushed out to your clients.

    @drummrman85:

    If I understand your original post correctly, you appear to have a similar circumstance as mine. I have a main office in NY that is connected to an office in Atlanta via S2S VPN. Users also want to be able to remotely access their network from home and have access to files on both servers. Two questions for you:

    Is what you described in your original post capable of doing that (that's what it looks like to me)

    Can you elaborate on how you achieved this? I understand, conceptually, the need to push to the client, but what exactly were the steps you took?

    Thanks, I know this thread is a little old, but I'm trying to figure out to route traffic such that users can connect from home and access files on servers at each office.

    drummrman85, he may or may not answer, but regardless… I would start a new thread and provide specifics so we can offer targeted guidance based on the details of your network

  • 0 Votes
    20 Posts
    6k Views
    A

    @jimp:

    Since you won't post the rest of the certificate it's impossible to say what it means. Read it and see what is there.

    If it isn't the correct CA, I don't see how it could have ended up in that bundle. It goes by what's set on the server, and it doesn't offer anything to download that doesn't match.

    I was not trying to be difficult by not posting the rest of my certificate, I was just being cautious.  I generated new Certs and CA's in the Certificate Manager and all works great now!  Thank you for all your help as you pointed me in the right direction!  Now when I download the Viscosity.visc bundle and look at the version of ca.crt it says: Version 3.  Who knows what happened, maybe something during one of my pfSense upgrades as I have not touched those settings in a few years.  Thanks again!

  • OpenVPN - RADIUS - OTP

    4
    0 Votes
    4 Posts
    620 Views
    jimpJ

    Luckily that's an easy fix then. Update to 2.3.5 or 2.4.3

  • VPN two way communication

    2
    0 Votes
    2 Posts
    470 Views
    JKnottJ

    Ummm…

    This board is about pfSense, which runs on FreeBSD and uses pf, not iptables.  Are you sure you're in the right place?

  • Remote IP ping for OpenVPN?

    1
    0 Votes
    1 Posts
    360 Views
    No one has replied
  • 0 Votes
    2 Posts
    543 Views
    jimpJ

    Hmm, the username from openvpn should be in one of the environment vars it's checking. Open a bug report at https://redmine.pfsense.org/ and we'll take a look at it to see why it isn't getting the username as expected.

  • Problem accessing LAN from OpenVPN

    5
    1 Votes
    5 Posts
    681 Views
    R

    Or it could be Mac issue. I just tried Viscosity and it has the same issue.

  • OpenVPN Remote Access to IPSec VPN destination

    2
    0 Votes
    2 Posts
    415 Views
    V

    @cmenning:

    LAN clients can access AWS assets via private IPs using the IPSec tunnel.

    So you will have set up an IPSec phase 2 between your LAN and the AWS LAN.

    The same thing is necessary for the OpenVPN tunnel network and the AWS LAN to get access to the remote devices from road-warrior clients.
    However, I'm not sure if multiple phase 2 are possible on AWS.

  • Problem: Access OpenVPN Clients from LAN?

    5
    0 Votes
    5 Posts
    727 Views
    D

    Yes, it was the firewall.
    After installing Kaspersky there was "another" firewall manager above the Windows firewall.
    There I had to add the subnet and add the connection to "Local LAN".

    Thanks a lot!
    -demux

  • Common server listening on TCP and UDP

    2
    0 Votes
    2 Posts
    370 Views
    jimpJ

    OpenVPN itself doesn't support that.

    You can make a copy of the server and keep everything the same except for the tunnel network and protocol, adjust your WAN firewall rule, and then you can pick either protocol on the client.

  • [SOLVED] Client shared folders not visible

    9
    0 Votes
    9 Posts
    1k Views
    V

    It wasn't a pfSense problem but a FreeNAS one.

    I was run the OpenVPN client on a jail. Once I use the OpenVPN build in FreeNAS the problem has disappeared.

  • OpenVPN Problem

    2
    0 Votes
    2 Posts
    516 Views
    J

    bump

  • Ensuring against IP leaks - a challenge?

    12
    0 Votes
    12 Posts
    1k Views
    P

    No. I am getting same IP results with whatismyip.host and other  websites such as whatismyip.live

    I am using PureVPN and visited both websites. Here are the results:

    http://whatismyip.live  IP results:

    http://whatismyip.host results:

  • Network Jumps Pf Sense with OpenVpn

    2
    0 Votes
    2 Posts
    348 Views
    DerelictD

    You need to:

    add all of the remote networks each site should be able to access to the Remote Networks at those sites

    be sure the OpenVPN firewall rules pass the necessary traffic into each firewall

  • RoadWarrior shutdown a shared key infrastructure

    3
    0 Votes
    3 Posts
    452 Views
    perikoP

    U have show me that this setup must work and doesn't have any conflict, different instances.
    jimp I will jump into the setups, 1 site is not under our management only.
    I will go deep into the setup and let u know our progress.
    Thanks. :)

  • OpenVPN Peer to peer Setup (Pfsense -> Linux Client)

    1
    0 Votes
    1 Posts
    393 Views
    No one has replied
  • OpenVPN Gateways getting marked down

    3
    0 Votes
    3 Posts
    631 Views
    D

    You can't use AirVPN gateway to monitor with dpinger. You need to use an external gateway. It used to work, but something has changed either from AirVPN side or from Pfsense since 2.3.x

  • Restore pfsense to new device - vpn not working totally

    1
    0 Votes
    1 Posts
    366 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.