@talaverde Was this ever resolved? I am facing the same issue.
In case anyone is wondering, I enabled "Don't pull routes" in the VPN client config and now things work as expected. Not sure why this is necessary as my old config was working for years without that option selected.
OH yeah totally agree on this one
Had a couple of IT managers only want to allow static ipv4 from their homeOffice users and forced them to pay the upgrade (and that's floppy expensive here where I live) for that static IP and we are Not talking about gov contractors
Was a hard piece of work to finally talk some sense into
Multi factor Auth on openVPN was the key for success
Your setup is not clear to me at all.
The server which are want to access across the VPN is connected to pfSense and has the IP 192.168.10.10, but the subnet 192.168.10.0/24 is not defined on pfSense?
How should access to the server work with that?
I was exploring this option as well. I read about using Google Authenticator, which is free, however I was unable to find enough details to make this work.
I ended up using DUO MFA, which works great.
So pfSense > DUO auth proxy > MS NPS > AD
@skippern12 still slow on latest version to date... using openvnp connect on Android 12... and on server UDP with 128 data encryption (minimun).. I can't exchange big files (above 500 KB), I get timeout
You should try how the script works. It returns IP address of the LEAST loaded server in a country at this moment . The idea I have is to use cron to stop VPN client every 15 minutes, get the least loaded server IP, change it in pfSense OpenVPN client config and start the client. This way my pfSense will be "always" connected to the fastest server in a specific country.
@gertjan gotcha so my scenario is that I have a user who needs a vpn address from me but does not need my dns, or dns suffix. Just the remote network. So I believed that setting a csc with no dns option would work but instead they get the firewalls upstream dns servers which I didn’t expect.
Your (old now) pfSEnse 2.5.1 is using (I don't recall any more) OpenVPN 2.5.2 ?
2.5.x on the client side, and 2.4.x on the server side (probably time to upgrade your docker and pfSEnse) should work.
But there is a but.
If you use mixed versions on both sides, you should really read the changelogs : https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25, just to make sure you not using an option that changed somewhat.
Did the phone app test work ?
What about an easy bare bone setup with certs, just a user/password + no -or minimal) crypto) stuff.
That is, if you control the server side and have access to the server log file.