OpenVPN

• A

  Connect VPN Clients to Local network behind other client...
  • andre1979

  3
  0
  Votes
  3
  Posts
  115
  Views

  A

  Hi Rico, thank you for your answer. I had a look to your link. I think this would work, but if the subnet on LAN on the pfsense boxes is changed I need to reconfigure everything. Is there no option like: On the VPN Server: Route ALL traffic from User-01 to VPN network of pfsense box1 On the Pfsense Box side: Route ALL traffic on VPN network to OPT1 network Sorry for my question, but I´m a beginner with OpenVPN and pfsense... Thank you so much for your support.
• A

  Unable to get Openvpn 2.4.6 to work on pfsense 2.4.4
  • adwsail

  7
  0
  Votes
  7
  Posts
  186
  Views

  

  @jknott said in Unable to get Openvpn 2.4.6 to work on pfsense 2.4.4: You don't set up DNS on the VPN. You do it on the client or DHCP server config. My mistake, there is a setting on the server config, under Advanced Client Settings.
• B

  Server listening on different interfaces
  • bozo.bogd

  7
  0
  Votes
  7
  Posts
  124
  Views

  

  So your running HA pair setup... Kind of should of mentioned this out of the gate ;) Why would you be running public IP vip on a rfc1918 network and then forwarding to it? If you have traffic hitting interface X, and you wan it to be able to get to the IP and port your vpn instance is listing on - then just put a rule on that specific interface X to allow allow it.
• B

  OpenVPN and native OTP support with google authentication
  • bbrendon

  2
  0
  Votes
  2
  Posts
  77
  Views

  

  Install the FreeRADIUS3 package and setup OTP/GA in there, and setup OpenVPN to hit that for auth, and use it today. No need to use an extra OpenVPN plugin or to reinvent the wheel.
• N

  SSL/TLS + user auth / Openvpn two-factor authentication question
  • nikkopegmail.com

  3
  0
  Votes
  3
  Posts
  82
  Views

  

  Why bother to setup multiple factors of authentication only to nullify them? If you want one installer for everyone, do not use per-user certificates. You can use authentication only, plus the default random TLS key, and that is OK. It's best to have per-user certificates, however. There is always going to be a security vs convenience trade-off. If you want the best possible security, it takes the extra work to make it that way.
• C

  openvpn export
  • cyberbot

  2
  0
  Votes
  2
  Posts
  61
  Views

  

  Client export is not for Site-to-Site. It is for exporting configurations for Remote Access clients. Configure both sides to match and you should be all set.
• S

  OpenVPN on iOS connects, but no traffic
  • shutch

  3
  0
  Votes
  3
  Posts
  227
  Views

  J

  @bigsy wow! thanks. After trying stuff for 3 hrs this tip was the answer.
• G

  Limit DHCP IP range for OpenVPN clients (GUI Only)
  • gwright_sov

  10
  0
  Votes
  10
  Posts
  186
  Views

  

  Hm, forget the above, did not check the logs, you were right. But, adding server 192.168.20.0 255.255.255.0 'nopool';ifconfig-pool 192.168.20.16 192.168.20.253 to the Custom options does it. Although now there are two server directives in the config, the last one is being used, confirmed by the log @verb4. Just for info: server address is .1 DHCP server is .254 broadcast is .255 Those are not usable for clients. @jimp Can we have a checkbox to set the 'nopool' option for the --server network netmask ['nopool'] directive and when ticked expands with a field to define the DHCP pool? Thanks.
• M

  FreeRADIUS - Google Authenticator (description/name/tag)
  • mathm0s

  1
  0
  Votes
  1
  Posts
  55
  Views

  No one has replied

• M

  multiwan openvpn link aggregation
  • mephisto

  2
  0
  Votes
  2
  Posts
  57
  Views

  

  https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html
• N

  Slow DL but Fast UL
  • Nucleus

  1
  0
  Votes
  1
  Posts
  60
  Views

  No one has replied

• M

  This topic is deleted!
  • mako

  1
  0
  Votes
  1
  Posts
  28
  Views

  No one has replied

• P

  Routing loop with my configuration
  • pierinhood

  1
  0
  Votes
  1
  Posts
  57
  Views

  No one has replied

• K

  No Traffic into OpenVPN Tunnel until Static Route is set
  • Kekskrümel

  2
  0
  Votes
  2
  Posts
  91
  Views

  V

  @kekskrümel said in No Traffic into OpenVPN Tunnel until Static Route is set: 0.0.0.0/1 to the tunnel gateway 10.100.6.29 0.0.0.0/1 is only the half IPv4 range, so this cannot stand for the default route. Furthermore, how have you set that route? A static route on pfSense or a CSO? Are you talking about an access server and you want to route the whole traffic of only one client over the VPN? So if the server uses TLS/SSL auth set up a CSO for the clients cert common name and check "redirect gateway".
• M

  Configuring pfSense as OpenVPN client
  • Mascot

  17
  0
  Votes
  17
  Posts
  527
  Views

  

  What VPN provider is this? Have you verified that the routes being pushed actually cover the addresses of the sites you think should be routed that way? Are any of the route add logs indicating failure? Are the pushed routes actually going tinto the routing table? If so, pfSense and OpenVPN are working fine here.
• J

  OpenVPN Tunnel TCP Traffic Extremely High Latency
  vpn routing openvpn routage vpn client • • jmarmorato

  4
  0
  Votes
  4
  Posts
  202
  Views

  V

  https://www.netgate.com/docs/pfsense/virtualization/virtio-driver-support.html
• B

  Remote access connection issues
  • bwanajag

  10
  0
  Votes
  10
  Posts
  273
  Views

  M

  How are you trying to access your resources? I see one issue: push "dhcp-option DOMAIN 192.168.11.1" You are pushing a DNS domain of 192.168.11.1 to your clients, so all of your name searches are being appended with "192.168.11.1" which is incorrect. The DNS Default Domain box in your config should have the name of your domain (e.g. MyDomain.com) in it, not an IP. Are you even using AD? If not, you shouldn't be pushing a DNS default domain. I also see you have an AirVPN client tunnel configured. Is that new? I would modify the firewall rule on the OpenVPN tab, so it's explicit to your remote access tunnel network and your LAN. In other words, change the source to 10.0.11.0/24 and change the destination to "LAN net". What do the rules look like on your AirVPN_WAN_HK tab? Hopefully, you don't have an any/any in there :) Another question, what version of PFsense were you running on your old hardware? What version are you running now?
• J

  Connect Mac Client to subnet behind pfSense OpenVPN server
  • jeffboyce

  4
  0
  Votes
  4
  Posts
  96
  Views

  

  In the OpenVPN Server configuration on pfSense. A push route configuration on a client makes little sense.
• D

  OpenVPN server (Can't have more than one client routing) Netgate sg-2440 (Resolved)
  • DeathBlade

  10
  0
  Votes
  10
  Posts
  276
  Views

  D

  Hello, Well, tl:dr that fixed it. I am not sure what would have changed to cause that to fail randomly between a few months but I am glad and thankful for the tips from every involved to help me fix this. Thanks,
• S

  Authentication OpenVPN fails when Windows AD shortens logonName
  • SvenVW

  1
  0
  Votes
  1
  Posts
  61
  Views

  No one has replied

• L

  Openvpn stop forwarding trough tunnel after some time
  forwarding stop push request • • Laszlo

  1
  0
  Votes
  1
  Posts
  66
  Views

  No one has replied

• S

  OpenVPN Client Export (Can't export real inline config .opvn file)
  • scila1996

  4
  0
  Votes
  4
  Posts
  91
  Views

  S

  @gertjan Oh ! this issue is solved, because my "IDM" (Internet Download Manager), i have disabled IDM and download config file with native browser downloader and it's work !!!!! Thank for reply and support me !!!!
• M

  OpenVPN Routing Advice Needed
  • MeCJay12

  7
  0
  Votes
  7
  Posts
  191
  Views

  M

  @viragomann When I added the NAT rule you suggested I left the other NAT rule. It didn't help. I took a look at the routing rules and eventhing is correct. Both now have the explicit routing rule but no change.
• S

  how to improve openvpn performance/ Am I doing this right way
  • shetu

  1
  0
  Votes
  1
  Posts
  117
  Views

  No one has replied

• M

  Slow Upload OpenVPN
  • Mat1987

  4
  0
  Votes
  4
  Posts
  162
  Views

  M

  Ok so i think i have found the issue but need some help fixing it I think it maybe a MTU size issue when copying over smb. I have tried some options fragment 1400 mssfix 1400 The server seems to accept it but when i add to client and click connect it errors saying failed to connect to management service. Anyone got any ideas?
• T

  pfsense-to-pfsense tunnel up? No traffic?
  • TheWaterbug

  7
  0
  Votes
  7
  Posts
  232
  Views

  T

  Thanks!
• S

  openvpn packets getting returned over WAN gateway and not VPN gateway
  • sesipod

  17
  0
  Votes
  17
  Posts
  365
  Views

  

  Check Don't Pull Routes in the VPN client.
• M

  OpenVPN Radius Client not showing up in Client Export
  • MMTadmin

  3
  0
  Votes
  3
  Posts
  67
  Views

  M

  Doh! Missed that step. Been a while since I setup a new user. Thanks for the answer.
• N

  PIA used on a dedicated interface setup for that purpose
  • newbuilder

  1
  0
  Votes
  1
  Posts
  85
  Views

  No one has replied

• A

  OpenVPN - can't ping Windows 10
  openvpn windows 10 access resource • • agustintommasi

  6
  0
  Votes
  6
  Posts
  252
  Views

  

  ...this is what I already told you 2 days ago. -Rico
• D

  Multiple VPNs talking to each other
  • dlogan

  6
  0
  Votes
  6
  Posts
  196
  Views

  V

  In some scenarios that's necessary for handle the routing with multiple VPNs. Just assign an interface to the VPN instance and enable it. Otherwise check the routes on site B and C and use traceroute to find out where the packets go to.
• X

  quick road warrior question
  • xman111

  8
  0
  Votes
  8
  Posts
  184
  Views

  

  Normally, when I use my iPhone and the VPN to connect to my work (have a pfSense over there) the App I use to connect to my DVR on the LAN, it uses the low resolution video stream when it shows all the videos. When I focus one stream, I could switch to high res. Every stream has a 1 Mbit/sec stream at least when my cameras are in colour mode. My VDSL upstream from works is hardly a 2 Megabit/sec connection, so yes, I could overload that one very easily..
• 

  Common name containing underscore
  • Gil

  13
  0
  Votes
  13
  Posts
  232
  Views

  

  Yes Pippin, I think that is best practice - and I do that. You should also ensure that you Enforce CN / User Matching when using CSO's Otherwise; a user with a valid cert can circumvent the intended CSO routing / firewalling if he knows another user's name & pwd. (Or a mindless Sys Admin can get himself confused )
• K

  OpenVPN WiFi Client Internet Access
  • kawakawa

  4
  0
  Votes
  4
  Posts
  116
  Views

  K

  @viragomann Hey thanks. Its working now thank you so much for your help! Been trying to resolve this for ages!! Kawa
• K

  Issues with VPN connection not staying up
  • kendalja

  9
  0
  Votes
  9
  Posts
  178
  Views

  K

  @bcruze @bcruze said in Issues with VPN connection not staying up: do you have IP6 enabled on your pfsense router? I will have to check on this when I get home. I am currently "working" lol
• P

  OPENVPN SITE-TO-SITE Tunel does not connect
  • PedroBelliato

  6
  0
  Votes
  6
  Posts
  238
  Views

  

  packet HMAC authentication failed is very often just down to wrong TLS Configuration or wrong key / key direction. Going just back to some old Version like 2.3.5 is a very bad idea. -Rico
• M

  Tutorial: Configuring pfSense as VPN client to Private Internet Access
  • mpboden

  347
  0
  Votes
  347
  Posts
  230539
  Views

  P

  This tutorial still works however you need to make the following changes. Change port number from 1194 to 1198 Change encryption from BF-CBC (128-bit) to aes-128-cbc
• C

  VPN Setup
  • christ0r

  3
  0
  Votes
  3
  Posts
  186
  Views

  C

  @rico said in VPN Setup: You can go with Static Key if you don't want to use Certificates. Using Certificates in pfSense with OpenVPN is no big deal tho, there are tons of tutorials around. https://www.netgate.com/docs/pfsense/vpn/openvpn/openvpn-remote-access-server.html https://www.netgate.com/docs/pfsense/vpn/openvpn/configuring-a-site-to-site-pki-ssl-openvpn-instance.html https://www.netgate.com/docs/pfsense/vpn/openvpn/configuring-a-site-to-site-static-key-openvpn-instance.html -Rico Followed the first link/guide you posted and it worked first time! Thanks Chris
• J

  Site-to-Site OpenVPN Connectivity Problem
  • JamesVA

  28
  0
  Votes
  28
  Posts
  780
  Views

  J

  I kind of gave up on the openvpn and went with IPsec... seemed to work as expected on the first try.
• T

  OpenVPN SERVER - HA/CARP *AND* Multi-WAN
  • talaverde

  3
  0
  Votes
  3
  Posts
  140
  Views

  T

  After this, I'm going to move this to a different thread. The topic has moved to remote/client performance. I did a google search. There are some other users that have had some success with various config settings. tun-mtu 9000 #ifndef WIN32 o->rcvbuf = 65536; o->sndbuf = 65536; #endif -or- sndbuf 0 rcvbuf 0 Along with some other settings that I didn't find helpful. I need a true remote setup where I'm on an alien WAN, at a distance. Best I can do at the moment is test on my AT&T WiFi Hotspot, which is horrible in itself. (Though most hotel WiFi is just as horrible, so...). Anyway, unless anyone has anything to add, I'll close this thread down. If I find out anything new/interesting, I'll start a new thread. Thanks for listening.