• PfSense OPENVPN Client Cannot Ping to LAN Network

    4
    0 Votes
    4 Posts
    14k Views
    DerelictD
    Firewall rules on the OpenVPN interface determine what traffic is permitted to pass from remote OpenVPN clients/networks through pfSense to other interfaces (like LAN/OPT1.) Try a pass any any to LAN subnet on the OpenVPN firewall rules tab to get it working then clamp it down to specific hosts/ports if desired.
  • OpenVPN is not working

    2
    0 Votes
    2 Posts
    1k Views
    DerelictD
    Not even close to enough information provided.
  • Adding static routes for VPN users

    1
    0 Votes
    1 Posts
    793 Views
    No one has replied
  • OpenVPN and radius

    1
    0 Votes
    1 Posts
    975 Views
    No one has replied
  • Error after upgrade to 2.1 in topology

    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    Is your AD auth happening using RADIUS? It looks like your RADIUS server is passing back an invalid IP to the client, from the output. Or at least one that isn't valid given the server configuration.
  • How many session per a user account openvpn in pfsense ?

    4
    0 Votes
    4 Posts
    3k Views
    P
    Thanks jimp,
  • OpenVPN Bridge on pfsense: once LAN pings clients, connectivity breaks

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 0 Votes
    3 Posts
    3k Views
    L
    Yep. I did some testing. I haven't been able to set up an OpenVpn. Seems the two Firewall has a too different approach on the subject :-) Due to my current setup I can't find a common setup. On Endian I'm using Openvpn with PSK and Username/Password credential and seems it's not possible to use them in pfSense. I tried also IPSEC but while pfSens has an extended set of options, Endian as a lesser support of it. If someone could say "Yes, I did it and it works!", I'd do more tests but i'm not optimist. So far I didn't found evidence that it could be done.
  • 404 Error - Client Export and Shared Key Export

    3
    0 Votes
    3 Posts
    1k Views
    R
    Thanks - that solved the problem
  • Using OpenVPN but not on main LAN (Gotcha)

    1
    0 Votes
    1 Posts
    939 Views
    No one has replied
  • VPN Naming Labels

    6
    0 Votes
    6 Posts
    1k Views
    GruensFroeschliG
    Thanks for the clarification. For me the easiest rule to follow is: If you have more than one instance, assign all instances and don't use the openvpn tab.
  • Site2site OpenVPN - Can ping hosts from pfsense but can't from VLAN

    2
    0 Votes
    2 Posts
    2k Views
    G
    For sake of helping others having the same problem, this is not a rules issue. It was a NAT'ng issue. Make sure you select MANUAL NAT when you want to "kinda bridge" openvpn… if not it won't work.
  • Client access for file transfers very slow

    5
    0 Votes
    5 Posts
    4k Views
    H
    hi, From your client config, you are using Blow Fish cipher. openvpn config of client: dev tun persist-tun persist-key cipher BF-CBC tls-client client resolv-retry infinite remote x.x.x.x 1194 udp tls-remote ZGopenVPNsvr pkcs12 pfsense2-udp-1194-vpn.p12 tls-auth pfsense2-udp-1194-vpn-tls.key 1 BlowFish is one of the ciphers which is very light in CPU load, so it is definitely not the CPU load is the problem. One suggestion is that, you can put your client 1 PC directly into your GB LAN at your external server's LAN, preferably with a public IP address and access to your server via OpenVPN, this way, you can actually see what is the max bandwidth or transfer rate you can get. If you can get a good decent transfer rate, it means that there is nothing wrong with your OpenVPN setup (client/server), it must be something from the internet (e.i. your ISP Verizon?) ; I am not sure if there could be a max CAP for UDP port 1194?? If you can't get a decent transfer rate, then you can trouble shoot the Open VPN config. I would normally benchmark our setup this way, to see what the max bandwidth we can get out of our boxes, before we put them at the client end. regards,
  • Site to site OpenVPN issues

    5
    0 Votes
    5 Posts
    4k Views
    N
    Appreciate your folks assistance. I've managed to track down the issue. Weirdly enough it was some leftover IPSec configuration that conflicted with the VPN tunnel. All I had to do was remove it from the client and immediately it worked. Thanks!
  • Port forwarding while using OpenVPN client to VPN service

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 0 Votes
    5 Posts
    3k Views
    A
    More Screenshots ![Firewall Rules Floating 2.JPG](/public/imported_attachments/1/Firewall Rules Floating 2.JPG) ![Firewall Rules Floating 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 2.JPG_thumb)
  • Hub & Spoke Setup using pf2.1 - No Communication Between Spokes

    3
    0 Votes
    3 Posts
    3k Views
    A
    Just as you posted your reply vielfede, I seemed to have fixed my own issue. Under "IPv4 Local Network/s" I removed the opposite spoke's subnet. I then rebooted all of the units and everything seemed to run perfectly fine. Thanks for your tip, though! I'll read through that anyhow so that I can become more familiar with OpenVPN.
  • Warning: Packetloss when being connected with more then one VPN Server

    7
    0 Votes
    7 Posts
    3k Views
    ?
    I can confirm it has todo with heavy traffic. Any help with traffic shaping is much apprechiated.
  • OpenVpn Server doesn't reply to client, but to LAN address

    1
    0 Votes
    1 Posts
    892 Views
    No one has replied
  • Open Ports

    16
    0 Votes
    16 Posts
    4k Views
    chpalmerC
    Congrats! Keep in mind that rules on an interface are incoming to that interface.  By making an "any" to "any" rule on WAN or VPN you let anything through to anything.  ( this took me a few times to get across to myself…) For a box only dealing with clients on the lan side and no servers (no reason to allow someone on the outside acess to the inside) there should never be any rules for other than the LAN interface.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.