Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. OpenVPN
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • S

      OpenVPN Slow - local network test
      • spyder0552

      38
      0
      Votes
      38
      Posts
      858
      Views

      T

      I get even worse results ...

      Machine A (pfSense 2.6.0):

      time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm 2022-02-26 19:22:27 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled 0.192u 0.000s 0:00.19 100.0% 601+171k 1+0io 0pf+0w

      Machine B (pfSense 2.6.0):

      time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm 2022-02-26 19:22:35 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled 0.587u 0.023s 0:00.61 98.3% 618+176k 0+0io 0pf+0w

      I spent most of the day trying to reach reasonable speeds, and this is the result:

      iperf3 -c 172.16.16.1 -R Connecting to host 172.16.16.1, port 5201 Reverse mode, remote host 172.16.16.1 is sending [ 5] local 172.16.16.2 port 53032 connected to 172.16.16.1 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 6.10 MBytes 51.2 Mbits/sec [ 5] 1.00-2.00 sec 8.03 MBytes 67.4 Mbits/sec [ 5] 2.00-3.00 sec 7.28 MBytes 61.1 Mbits/sec [ 5] 3.00-4.00 sec 7.60 MBytes 63.8 Mbits/sec [ 5] 4.00-5.00 sec 6.77 MBytes 56.8 Mbits/sec [ 5] 5.00-6.00 sec 7.17 MBytes 60.1 Mbits/sec [ 5] 6.00-7.00 sec 8.87 MBytes 74.4 Mbits/sec [ 5] 7.00-8.00 sec 7.41 MBytes 62.2 Mbits/sec [ 5] 8.00-9.01 sec 7.54 MBytes 62.9 Mbits/sec [ 5] 9.01-10.00 sec 6.44 MBytes 54.3 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.14 sec 73.4 MBytes 60.7 Mbits/sec 91 sender [ 5] 0.00-10.00 sec 73.2 MBytes 61.4 Mbits/sec receiver

      😞

    • L

      OpenVPN Not working after update
      • lcs

      19
      0
      Votes
      19
      Posts
      801
      Views

      Gertjan

      @jknott said in OpenVPN Not working after update:

      Are there changes in the new version (again) that cause earlier versions to fail?

      There are always some pesky minor changes, that's why "just updating" pfSense == updating OpenVPN creates "OpenVPN Not working after update".

      The "OpenVPN server" is just a process that listens on a port, typically UDP/1194. That's just a firewall rule, no nat needed.

      When the connection doesn't work, that is because the 'client' doesn't understand the 'server', or the other way around.

    • P

      Can't get OpenVPN to work
      • pixel24

      18
      0
      Votes
      18
      Posts
      372
      Views

      JKnott

      @gertjan

      That setting doesn't work for me in the issue I've been having.

    • dragoangel

      OpenVPN 2.4 update task, or pull-filter ignore
      • dragoangel

      5
      0
      Votes
      5
      Posts
      2106
      Views

      B

      I also have encountered this issue. What occurs is that pfSense sometimes gloms the options together when OpenVPN is restarted, causing a syntax error. So

      pull-filter ignore "ifconfig-ipv6" pull-filter ignore "route-ipv6"

      becomes

      pull-filter ignore "ifconfig-ipv6"pull-filter ignore "route-ipv6"

      You can workaround this problem by adding a comment marker at the end of each affected line, like:

      pull-filter ignore "ifconfig-ipv6" # pull-filter ignore "route-ipv6" #
    • P

      Openvpn client on pfsense
      • philbernard

      1
      0
      Votes
      1
      Posts
      136
      Views

      No one has replied

    • cyberlogic

      Error: Unroutable control packet received from [AF_INET]XX.XXX.XXX.XXX:1194 (si=3 op=P_ACK_V1)
      • cyberlogic

      1
      0
      Votes
      1
      Posts
      164
      Views

      No one has replied

    • D

      Tricky routing attempt to send all traffic over OVPN Client
      • deanfourie

      5
      0
      Votes
      5
      Posts
      275
      Views

      D

      @viragomann sorry how do I do that? How do I get to the configuration file?

      Basically, when doing a whatmyip, I want a WAN address of my VPN endpoint, not my actual IP address at home.

      Also, I would expect to see the VPN route reflected in a tracert if I'm not mistaken.

      Thanks

    • M

      OpenVPN issues at startup, and disable client
      • markgca

      1
      0
      Votes
      1
      Posts
      216
      Views

      No one has replied

    • hugoeyng

      Error connecting third part VPN
      • hugoeyng

      12
      0
      Votes
      12
      Posts
      365
      Views

      hugoeyng

      @viragomann Hi
      All port seems to be closed on pfSense, even they are not.

      I use and "port checker" (on internet) and it shows that ports are closed but they are not.

      I already disabled AV and Squid.

    • K

      After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode
      • kalachev

      2
      0
      Votes
      2
      Posts
      272
      Views

      K

      After reverting this changes https://redmine.pfsense.org/issues/12232 in file after update, active connections shows again in OpenVPN status.

    • C

      WARNING: 'ifconfig' is present in remote config but missing in local config
      • ccb056

      1
      0
      Votes
      1
      Posts
      180
      Views

      No one has replied

    • Z

      Access to specific ip
      • zkab

      3
      0
      Votes
      3
      Posts
      197
      Views

      Z

      @johnpoz Thanks

    • F

      pfSense 22.01 + NordVPN
      • furom

      4
      0
      Votes
      4
      Posts
      330
      Views

      F

      @bob-dig Thank you!

    • D

      Muti WAN to Multi WAN S2S VPN failover
      • dlogan

      2
      0
      Votes
      2
      Posts
      207
      Views

      V

      @dlogan
      No, this cannot be done in OpenVPN.

      I think, you could achieve this with two failover groups with inverted gateway priorities. But this requires two different OpenVPN servers on the main site.

    • chudak

      FYI minor UI bug
      • chudak

      2
      0
      Votes
      2
      Posts
      226
      Views

      chudak

      If you want to fix this regression pls apply this patch

      3ade222beb2cae2c0681ed69d4e5a0c82c6303f9

    • X

      OpenVPN remote user question
      • XenonXZ

      1
      0
      Votes
      1
      Posts
      191
      Views

      No one has replied

    • M

      OpenVPN connectivity to ExpressVPN in v 2.5.2
      • maxpro

      11
      0
      Votes
      11
      Posts
      679
      Views

      Gertjan

      @jly2680
      Same problem ?
      Then you should be able to find the answer here.

      Btw : you're late. 2.5.2 is past now, so is OpenVPN 2.5.2. It's pfSense 2.6.0 now, and OpenVPN 2.5.4.
      But, be happy, the issue stays the same. Depending your setup you use, some adjustments have to be made.
      As always, as everything, this needs the old way of finding solutions : look at the logs. Make the errors go away. Do what needs to be done.

    • K

      Can't get OpenVPN client to work
      • kultigsptrizigfrisch

      12
      0
      Votes
      12
      Posts
      501
      Views

      K

      @viragomann Thanks. Came here to report the final solution and I see you had answered with the same. The issue was that the default gateway was not responding to ICMP. Changing the monitoring IP to something else had immediately brought the Gateway up, and the routing now works as expected.

      This took way longer than it should :o

    • K

      Best practice VPN Configuration (RADIUS vs TLS)
      • KKIT

      6
      0
      Votes
      6
      Posts
      336
      Views

      K

      Hi, thank you all for your valuable input. I went with Cert+RADIUS to have extra layers of protection, like @TO2020 mentioned. This way I have a tad bit more security and a better integration into active directory where I manage all accounts.

    • L

      Route traffic received on IP alias through OpenVPN tunnel
      • linkexplorer

      1
      0
      Votes
      1
      Posts
      167
      Views

      No one has replied

    • C

      VPN Working, DNS not accepting the server responses.
      • CPrat

      1
      0
      Votes
      1
      Posts
      169
      Views

      No one has replied

    • M

      Issues with Subnet behind UDM Pro
      • Misinthe

      57
      0
      Votes
      57
      Posts
      1257
      Views

      johnpoz

      @misinthe said in Issues with Subnet behind UDM Pro:

      It was just the internal networks on the pfSense weren't able to go through the UDMP.

      Most likely because the UDMP was still natting, and to get behind you would have had to setup port forwarding on the UDMP, etc.

      If your going to use the pfsense LAN as transit network to downstream router, please do not put any devices on this network - or your going to run into asymmetrical traffic flow. Whenever you connect 2 or more routers together, especially if they can firewall devices on this "transit" network between routers are going to have asymmetrical flow unless you route on each of these hosts to which router to go to get to specific networks..

      If the downstream router does not nat you will most likely see the problem with downstream network trying to talk to devices on the transit..

      You run into this problem..

      ass.jpg

      Pfsense never saw the SYN, so a SYN,ACK going to be block.. If your going to setup routers that talk to each other and route between networks they are attached to.. Setup a transit network.. See this diagram.

      pfsense-layer-3-switch.png

    • J

      Very low speed on OpenVPN
      • JMartinelli

      13
      0
      Votes
      13
      Posts
      502
      Views

      Silence

      @jmartinelli said in Very low speed on OpenVPN:

      I thought that wiregard was dropped from pfsense support (i.e; no longer supported)

      7a61259d-5d4c-4758-baec-d1c1e2077ea5-image.png

      EXPERIMENTAL

    • E

      site to site openvpn connection doesnt work fully
      • elliopitas

      22
      0
      Votes
      22
      Posts
      743
      Views

      E

      @viragomann ok figured it out
      plex was getting the my site 2 public ip so it was trying to connect directly
      so I gave the docker its own IP and made this rule 57acdb42-e989-4ae8-9caa-b086ab97f01e-image.png now I get
      29717dc3-d5e4-4881-8b42-f697f29d33c0-image.png
      this is my rule
      957da0c2-55b8-4602-b8b2-61e0bdec29c9-image.png
      I even tried
      1d3d78f6-8a74-482f-b315-cbe535e2c743-image.png
      to test if I left a port closed but still the same.

      when I disable the rule that changes the default gateway to site 1 it finds the private and public IP just fine

    • T

      All traffic crossing VPN despite "redirect all ipv4" unchecked
      • Troutpocket

      6
      0
      Votes
      6
      Posts
      296
      Views

      V

      @troutpocket
      I had this issue in former versions of the network manager OpenVPN client.
      To workaround, I checked "don't pull routes" and entered the remote network manually above. As far as I remember, you only need to enter the network and mask and save it.

    • T

      VPN til Remote Desktop
      • thebonden

      4
      0
      Votes
      4
      Posts
      275
      Views

      Silence

      @thebonden this is easy if you want we can do it for you, we offer technical support at a very low cost!

    • C

      SG-2100 can't connect to web in VPN TAP mode with LAN Bridged to WAN
      • capelog

      1
      0
      Votes
      1
      Posts
      166
      Views

      No one has replied

    • C

      SG-2100
      • capelog

      1
      0
      Votes
      1
      Posts
      171
      Views

      No one has replied

    • A

      pfsense 2.5.2: ExpressVPN connection working by gateway has 100% packet loss
      • amdreallyfast

      33
      0
      Votes
      33
      Posts
      1378
      Views

      T

      @Gertjan

      Thank you, the monitor IP (8.8.8.8) and compression is what I needed to make mine work!

    • K

      Question regarding OpenVPN Config
      • KKIT

      5
      0
      Votes
      5
      Posts
      306
      Views

      K

      @netblues im trying to optimize for performance with a good security balance. But that works for me too, thanks for the input

    • D

      OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab)
      • Dael Sutton

      15
      0
      Votes
      15
      Posts
      288
      Views

      Silence

      @dael-sutton said in OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab):

      Yee-Haa. Unticking that "flush all states" tickbox seems to have done the trick. Thankyou @Silence for your patience while I grabbed at straws until the correct one appeared. 15:15 came and went and my test openvpv connection didn't drop, and my ssh session stayed running too.

      Don't forget to like the comment that helped you.

    • Z

      External ssh login to LAN computer
      • zkab

      27
      0
      Votes
      27
      Posts
      338
      Views

      Z

      @johnpoz OK thanks ... I have learn alot thanks to this forum ...

    • T

      Packet Loss OpenVPN
      • TanguyIMS

      1
      0
      Votes
      1
      Posts
      157
      Views

      No one has replied

    • J

      Openvpn Rules Tab
      • JJ5588

      3
      0
      Votes
      3
      Posts
      410
      Views

      J

      @viragomann this makes a lot of sense. Thank you for the information!

    • W

      No Internet Connection in Lan after a while
      • wriaz132

      2
      0
      Votes
      2
      Posts
      206
      Views

      W

      Just want to share one more thing if i connect LAN cable directly on my desktop internet is fine and working but when i use internet through the WIFI router there is no internet and i can't access the webgui either.

    • T

      OpenVPN Custom Options greyed out
      • TO2020

      2
      0
      Votes
      2
      Posts
      254
      Views

      T

      @to2020 I managed to resolve this issue myself.
      I came across this article https://redmine.pfsense.org/issues/9511

      So even thought my regular login to my pfSense has access to "WebCfg - All pages" which is inherited from admins, it does not include the advanced options.
      Looking at the permissions for the "admin" user itself, I see nothing different, but that user still has access to these advanced settings.

    • M

      How to get config file to remote users?
      • mgideon

      3
      0
      Votes
      3
      Posts
      258
      Views

      N

      @mgideon It boils down to how do you authenticate your users to deliver secure information.
      pfsense doesn't have something automated in any case.

    • T

      OpenVPN client profile device lockdown / whitelist
      • TO2020

      2
      0
      Votes
      2
      Posts
      313
      Views

      T

      Does anyone have any thoughts around this?
      Or maybe this is of no concern to most users or IT security admins?

    • T

      peer-to-peer and site-to-site
      • trever

      8
      0
      Votes
      8
      Posts
      314
      Views

      V

      @trever
      So you fail to access VPN clients?

      Consider that each client run its own firewall. And firewalls of different operating systems can have different default settings naturally.
      Maybe you noticed that your issues concerns Android devices only.

    • G

      Trying to setup OpenVPN to HotspotShield but won't connect
      • gerrit700

      10
      0
      Votes
      10
      Posts
      284
      Views

      G

      Hi @viragomann,

      You're my hero! I've added the certificate to the certificate manager and selected this certificate in de VPN config and that was the solution.

      Thank for your help :-)