Thanks to viragomann, the problem is solved. The problem is that the default gateway for devices in the client lan is not pfSense, we need to setup NAT mapping as a work around. Really appreciate the help @viragomann !

@viragomann completely agree.. Lets see what it shows.

@johnpoz said in LAN to local server rule?:

NOT the correct way to do it.. but OK.

then please propose the better one
Prior to change I identified the passing rule:
Screenshot from 2021-06-18 15-35-22.png
192.168.5.0/24 is LAN, 192.168.101.0/24 is a subnet on the other site.
VPN_S2S is the interface added for ovpnsX according to Assigning OpenVPN Interfaces in the doc.

I see my current configuration to be inline with this Tip from the docs:
"The best practice is to create manual negation rules at the top of internal interfaces such as LAN. These rules should pass to local and VPN destinations without a gateway set on the rule, to honor the system routing table. "

@bob-dig said in VPN (Surfshark) not working after reboot:

I do a nightly reboot of my pfSense via cron.

So I added another cron job (rc.reload_all) after that one and this does it for me. All in all a little bit to complicated for my taste.

@juancho1981 said in two openvpn:

But if I have the network added in the tunnel

On both OpenVPN servers?

Post the routing table of both clients when they are connected.

Ensure that the destination device in 10.6.0.x doesn't block the access by its own firewall.

@viragomann omg facepalm yep, you're totally right. Thanks. I know what I did now. When I initially set up the OpenVPN client I entered the wrong credentials (and didn't realize it) so it didn't appear as an option when I was initially assigning an interface so I arbitrarily selected em2 not knowing it should have said something like ovpnc1.

Went back just now and changed it. Gateway shows as up. And was able to select it in my firewall rule. Beautiful. Thank you very much.

you ran out of /24 Ips - ok then how about a /23 or /22 ;)

The jump from /24 to /16 is nuts. You use that as your mask on your devices or you just using it as a routing summary?

To be honest that is not here or there to be honest - but it one of my trigger points is all ;) Insanely huge networks used for no valid reason.

The only thing you need to do is fire up another instance.. The details of which are up to you, the really the only thing needs to change is has to be an actual different instance.. so another port say 1195, and use say 10.0.183.0/24 as the tunnel network. Then create your rules in your openvpn interface for 10.0.182 and 10.0.183 that limit or allow what you want those clients to be able to do.

There is no way to get v3 with the config built in yet.

You can export an inline config and then import that into whatever and it should work.

But none of us here have tried builds of v3 yet. It's still too early.

Thanks

I had a play with this over the weekend and i tried running some ping tests.

I pinged machine b while remote desktop to machine b on site b from site c.
I had no ping drops but the remote desktop connection did drop so i have a feeling this isn't a VPN issue, it might be more of an issue with FRR / routing.

Any help how i can debug FRR? (and how can i change this post to that forum?)

so sad! thanks!

@s0p4l1n said in Issue with VPN Bandwidth, even with scaling:

100% of the bandwidth because they are loading high quality image

We have several radio stations, ergo we had the same problem with transmitting raw uncut *.WAV audio files.

We then deployed the Cisco UCS and its performance is satisfactory.

Good luck with your work 😉

@pippin Thanks a ton ! It definetly looks like it !

Thank you dotdash and bingo600.

I was able to change the login name

Yeah - freaking covid! And while I will be in the EU in 2022.. Unless things go south again, not correct time of year for oktoberfest - and not in Germany.. The amount of trips planned and then cancelled to DE is just heart breaking. Always seem to miss it when in EU.. Belgium, France, Luxembourg, Spain, Italy.. Just can never seem to get to DE.. :(

@cdunbar No news from netgate.

In my case, I can not manage the situation with a manual restart of OpenVPN service.
As a workaround, I've created an adhoc OpenVPN virtual machine (based on Debian) on my private network with NAT & routing settings on the pfSense firewall.

It's too bad and more complicated, but I had no choice.

@viragomann,
My Lord!
It works now.Added 10.1.5.0/24 to each "remote networks" configuration.
I appreciate that.😊
Thanks a lot.
Скриншот 07-06-2021 12.07.06.png