Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. OpenVPN
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • S

      OpenVPN with LDAP authentication and SSL/TLS plus User Auth
      • sgw

      4
      0
      Votes
      4
      Posts
      247
      Views

      S

      Found these scripts here: https://github.com/mdcurtis/pfsense-python

      a bit old, but I will test pfsense-updateCRL.py asap

    • T

      Firewall (as itself) defaults to VPN gateway not WAN gateway. Where do I change that?
      • talaverde

      3
      0
      Votes
      3
      Posts
      233
      Views

      T

      @tkronic said in Firewall (as itself) defaults to VPN gateway not WAN gateway. Where do I change that?:

      @talaverde Was this ever resolved? I am facing the same issue.

      In case anyone is wondering, I enabled "Don't pull routes" in the VPN client config and now things work as expected. Not sure why this is necessary as my old config was working for years without that option selected.

    • B

      OVPNS7 not usable, service not starting.
      • Bambos

      1
      0
      Votes
      1
      Posts
      115
      Views

      No one has replied

    • raistlinkell

      Kill OpenVPN from pfSense Dashboard PHP Error
      • raistlinkell

      3
      0
      Votes
      3
      Posts
      207
      Views

      raistlinkell

      @viktor_g thank you for the quick response. Very much appreciated.

    • S

      OpenVPN With Redundant Backend Authentication Servers (Duo MFA)
      • snewby

      1
      0
      Votes
      1
      Posts
      150
      Views

      No one has replied

    • M

      Restrict access from a public IP range for a specific user
      • mroushdy

      18
      0
      Votes
      18
      Posts
      255
      Views

      noplan

      @johnpoz

      OH yeah totally agree on this one
      Had a couple of IT managers only want to allow static ipv4 from their homeOffice users and forced them to pay the upgrade (and that's floppy expensive here where I live) for that static IP and we are Not talking about gov contractors

      Was a hard piece of work to finally talk some sense into

      Multi factor Auth on openVPN was the key for success

      Np

    • D

      Routing one subnet through OpenVPN tunnel
      • dmills87

      3
      0
      Votes
      3
      Posts
      193
      Views

      D

      Thank you very much, will check this out here in a few. Thanks for the help!

    • K

      OpenVPN config for overseas
      • kdmiller61

      4
      0
      Votes
      4
      Posts
      234
      Views

      N

      And even if they work today, noone guarantees they will tomorrow.
      If you have the necessary upload at home, vpn to home@home country is the better option.

    • R

      pfSense OpenVPN server and Synology OpenVPN client
      • robi

      7
      0
      Votes
      7
      Posts
      1369
      Views

      D

      @robi your right it is a PITA I have been messing with this for 2 hours and still cant get it to work

    • J

      Allow OpenVPN client to access different LAN
      • jp4555

      2
      0
      Votes
      2
      Posts
      224
      Views

      V

      @jp4555
      Your setup is not clear to me at all.
      The server which are want to access across the VPN is connected to pfSense and has the IP 192.168.10.10, but the subnet 192.168.10.0/24 is not defined on pfSense?
      How should access to the server work with that?

      Why has the PC two IPs?

    • P

      NordVPN setup on pfsense - questions about basics
      • pftdm007

      22
      0
      Votes
      22
      Posts
      704
      Views

      Bob.Dig

      @pftdm007 said in NordVPN setup on pfsense - questions about basics:

      FW mode is already enabled in Unbound, and Nord's DNS servers are already set in General Setup. This is leaking.

      Who says that it is leaking, a leaking testsite? Would be curious to know about the exact results.

      Also you should create this alias I told you and make more general rules with that instead of doing it on a per port basis.

    • E

      This topic is deleted!
      • enjawd

      1
      0
      Votes
      1
      Posts
      31
      Views

      No one has replied

    • B

      TUN with Teltonika TRB140 Router
      • Bambos

      1
      0
      Votes
      1
      Posts
      122
      Views

      No one has replied

    • B

      OpenVPN MFA with Active Directory
      • Blasta

      2
      0
      Votes
      2
      Posts
      263
      Views

      T

      @blasta
      I was exploring this option as well. I read about using Google Authenticator, which is free, however I was unable to find enough details to make this work.
      I ended up using DUO MFA, which works great.
      So pfSense > DUO auth proxy > MS NPS > AD

    • S

      Users getting Inactivity timeout (--ping-restart), restarting
      • Stewart

      5
      0
      Votes
      5
      Posts
      336
      Views

      S

      @viragomann
      What you are seeing is what I would expect and seems pretty normal. What the user is experiencing is not.

      That's in OpenVPN? The only sections I have are:
      General Information
      Cryptographic Settings
      Tunnel Settings
      Client Settings
      Advanced Client Settings
      Advanced Configuration

    • S

      pfsense as OpenVPN server, why slow speed?
      • Skippern12

      15
      0
      Votes
      15
      Posts
      8560
      Views

      L

      @skippern12 still slow on latest version to date... using openvnp connect on Android 12... and on server UDP with 128 data encryption (minimun).. I can't exchange big files (above 500 KB), I get timeout

    • V

      "One or more OpenVPN tunnel endpoints may have changed its IP...
      • vpnguy

      1
      0
      Votes
      1
      Posts
      149
      Views

      No one has replied

    • M

      firewall rules based on group/username
      • mrjoli021

      1
      0
      Votes
      1
      Posts
      146
      Views

      No one has replied

    • C

      pfSense openvpn Client - local LAN-Clients are not able to reach remote LAN
      • chrisi51

      2
      0
      Votes
      2
      Posts
      227
      Views

      C

      seems like, the only, what was missing, was a OUTGOING NAT rule

      i've added a rule with allow all from LAN to the remote net behind the tunnel. that made it work.

    • J

      Complex OpenVPN Routing Question
      • juchong

      1
      0
      Votes
      1
      Posts
      159
      Views

      No one has replied

    • A

      Disabling OpenVPN client does not prevent a connection from the client
      • aborsic

      4
      0
      Votes
      4
      Posts
      281
      Views

      A

      @noplan Thank you !

    • A

      status bug: tunnel incorrectly reported as down
      • andy58

      1
      0
      Votes
      1
      Posts
      139
      Views

      No one has replied

    • R

      How to make VoIP work while connected to OpenVPN?
      • RaulChiarella

      1
      0
      Votes
      1
      Posts
      149
      Views

      No one has replied

    • M

      Automatic CRL import. External CA - MS PKI
      • milosz.engel

      2
      0
      Votes
      2
      Posts
      443
      Views

      S

      @milosz-engel
      for openvpn look here:
      openvpn-external-crl-automatic-renewing-openvpn-restart

      So... you could download the CRL with Curl, transfrom it in x509 and drop it where it is needed.

    • C

      Programmatically changing OpenVPN client server IP?
      • CapitanBlack

      3
      0
      Votes
      3
      Posts
      246
      Views

      C

      @gertjan
      You should try how the script works. It returns IP address of the LEAST loaded server in a country at this moment . The idea I have is to use cron to stop VPN client every 15 minutes, get the least loaded server IP, change it in pfSense OpenVPN client config and start the client. This way my pfSense will be "always" connected to the fastest server in a specific country.

    • M

      Interesting bug I found
      • michmoor

      4
      0
      Votes
      4
      Posts
      287
      Views

      M

      @gertjan gotcha so my scenario is that I have a user who needs a vpn address from me but does not need my dns, or dns suffix. Just the remote network. So I believed that setting a csc with no dns option would work but instead they get the firewalls upstream dns servers which I didn’t expect.

    • dimskraft

      Pass all trafic via OpenVPN client
      • dimskraft

      7
      0
      Votes
      7
      Posts
      273
      Views

      dimskraft

      @viragomann sorry, still don't understand, how to stop traffic from passing to normal gateways and pass it to openvpn client instead; don't capture general idea

    • S

      OpenVPN external CRL automatic renewing - OpenVPN restart
      crl expiration restart openvpn crl expired • • sokosko

      1
      0
      Votes
      1
      Posts
      157
      Views

      No one has replied

    • P

      OpenVPN client on MacOS
      • pixel24

      1
      0
      Votes
      1
      Posts
      159
      Views

      No one has replied

    • Armstrong

      Email Notification - OpenVPN Client Connect (Common Name)
      • Armstrong

      126
      0
      Votes
      126
      Posts
      6355
      Views

      Gertjan

      @aasimenator said in Email Notification - OpenVPN Client Connect (Common Name):

      is there any way we can format the email better?

      The small script file, see above, used by OpenVPN on a 'connect' event is written using PHP.
      You can also use bash / sh / python / lua / or any high level copiled C or whatever ......

      Use any language you like.

    • dimskraft

      How to copy-paste information from OVPN file
      • dimskraft

      12
      0
      Votes
      12
      Posts
      257
      Views

      Gertjan

      @dimskraft

      Use the same command on pfSense ;)

      55c83b55-c7a9-4f0e-a804-bfeb184198ee-image.png

      Your (old now) pfSEnse 2.5.1 is using (I don't recall any more) OpenVPN 2.5.2 ?

      2.5.x on the client side, and 2.4.x on the server side (probably time to upgrade your docker and pfSEnse) should work.
      But there is a but.
      If you use mixed versions on both sides, you should really read the changelogs : https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25, just to make sure you not using an option that changed somewhat.

      Did the phone app test work ?

      What about an easy bare bone setup with certs, just a user/password + no -or minimal) crypto) stuff.
      That is, if you control the server side and have access to the server log file.

    • G

      Beyond Frustrated and Confused..
      • godyourestupid

      14
      0
      Votes
      14
      Posts
      525
      Views

      G

      @bob-dig Thank you for all your help!

      BTW I updated to 2.6 AND I will make a back up of my config once I have everything back up. PFBlocker is next. :)

    • K

      Disable float request for peer?
      • kcchin

      2
      0
      Votes
      2
      Posts
      261
      Views

      K

      Try all of the below but none is working:

      Disabling 'Dynamic IP' setting Upgraded to latest pfSense version 2.6.0 Enabled the following
      4df3f129-3a62-4349-ba1d-ab25758f97bd-image.png

      Looks like there is bug in pfSense?

    • M

      Cannot reach the website of the Pfsense after Ovpn client connects to ovpn server
      • manfredoberd

      5
      0
      Votes
      5
      Posts
      198
      Views

      M

      @viragomann

      I think after some googling and a few coffees I found my solution: https://forum.netgate.com/topic/127814/pfsense-only-openvpn-server-with-only-single-interface-wan

      I haven't tested it yet, but it must be almost this problem.

      Thank you!

    • W

      DNS Server on OpenVPN Connect Client
      • wellcomefit

      1
      0
      Votes
      1
      Posts
      149
      Views

      No one has replied

    • W

      DNS Server won't get passed to Client on latest OpenVPN client
      • wellcomefit

      1
      0
      Votes
      1
      Posts
      127
      Views

      No one has replied

    • A

      Error after Certificate Renew and Update to Lasted Pfsense Comunitu Version
      • AlexParedes

      4
      0
      Votes
      4
      Posts
      303
      Views

      V

      @alexparedes
      Did you also update the client?
      Which client is it?

      Also check the server logs for hints on what is failing.

    • D

      OpenVPN Cloud DNS question
      • deanfourie

      1
      0
      Votes
      1
      Posts
      131
      Views

      No one has replied

    • T

      Vpn deamon issue
      • tidodo

      2
      0
      Votes
      2
      Posts
      176
      Views

      T

      after review, this is coming from older version with the EXIT NOTIFY... how can i fix old upgraded router without having EXIT NOTIFY ?

      powershell command ? re-make the tunnel ?
      thanks !

    • N

      Upgrading to 22.01 release breaks HA
      • nikmiddleton

      1
      0
      Votes
      1
      Posts
      187
      Views

      No one has replied

    • undefined


      •


      Votes

      Posts

      Views