@gianeshwar0201 Every solution I've seen has been to roll back. I don't think this issue is even on Netgate's radar until someone can successfully convince them that this is a problem and it's submitted on pfsense Bugtracker. I tried but it was dismissed. I believe these forums rely on user helping user so I'm not sure if they even monitor what's going on here.

@lohphat said in Core dumping on boot if OpenVPN and pfBlockerNG-devel active:

Of course this happens one day before my vacation.

Hi,

I wish you a good holiday and a good vacation, IT does not usually wait for the summer holidays.
So I guess it's not that important. 😉

I hope you're having a good holiday here in the midst of all the austerity COVID.

Can you elaborate on your problem?😉

@viragomann I didn't try that. Since adding the OPT4 /ovpns1 assigned interface fixed it for me I stopped trying. I'll go back to the config and try when it's idle.

I don't have 2.5 install any more but I found an option which supposedly helps.
Adding this to the additional openvpn options on the server:

setenv deferred_auth_pam 1

That is only 10/100? ugghh.. Yeah time for an uplift ;)

Smart switches can be had for very reasonable prices these days.. But if budget is a constraint, and you need more ports for different networks/vlans than you can provide with your 3100. A simple 5 or 8 or even low cost 16 could be purchased and then run your downstream dumb switches off that.. Until such time that budget allows for upgrade of all the switches to provide for full flexibility of what vlan is where, etc.

I show a
D-Link Ethernet Switch, 8 Port Smart Managed Gigabit Desktop EEE Network Internet (DGS-1100-08V2)
for $35 on amazon right now..

16 port model $109, and 24 port $129..

@gertjan said in Getting error on "data-ciphers" line on OVPN client:

Yes, they have issues - like any other huge (OpenVPN is huge ....) (software) product.

Sure, but I didn't mean it like that, I was referring to the interaction with the "client export" generated settings. Anyway, the latest release of openvpn has the same problem.

I'm also having this issue, client is disconnected due to timeout.

May 12 17:59:48 openvpn 28114 user/10.0.0.240:1194 [user] Inactivity timeout (--ping-restart), restarting

Happens when phone is on 4g and via wireless.

Some days i get long solid connections, some days its reconnecting every 10 seconds for hours on end.

I havent figured out a solution yet, tried some of the fixes from the more recents threads created here like mssfix and settings default gateway but none of this should be required as it worked flawlessly on 2.5.0.

@gertjan No, it is automatically assigning addresses from the 192.168.x.0/24 pool I specified in the OpenVPN Server instance.

It's working w/o a DHCP instance.

IPv4 Tunnel Network
This is the IPv4 virtual network used for private communications between this server and client hosts expressed using CIDR notation (e.g. 10.0.8.0/24). The first usable address in the network will be assigned to the server virtual interface. The remaining usable addresses will be assigned to connecting clients.

What I did was:

1 OpenVPN server with /22 subnet

First 512 addresses are dynamically assigned and permitted only to few segments

Next 256 addresses are defined via CCD and have special FW rules

Next 256 addresses are defined via CCD and have also special FW rules

In this way I have full control over all clients on only one VPN server

@nemo6262,

I was looking for a client setup I have to tell you precisely what to do but I can't find one. This is probably because all of the clients I manage now are on Windows Domains and this is no longer an issue for me. But, I'll tell you where you need to go to setup the Windows Firewall Rule.

Get to your Windows Defender Firewall. It's best to get to this through the Windows Control Panel. On the left click the link for Advanced Settings. From this screen you can create custom rules to allow for Inbound and Outbound Rules. If you right click on Inbound Rules or Outbound Rules you can click on New Rule... and a Wizard will come up to create a Rule. When you go through the wizard there will be a portion at the end where you can allow REMOTE subnets.

Unfortunately you'll have to do this for every Windows 10 machine you want access to across the VPN.

Hello,

The solution in this video worked very well for my configuration.

@rico said in [Solved] use openVPN partially:

https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html

-Rico

was something changed in the routing after the video was published?

I want to use this solution in version 21.02.2-RELEASE (amd64).
However, I can no longer use - as 2.4.xx was possible different gateways.

Currently everything is routed via VPN. If I specify the WAN gateway, I no longer have a connection.

I have rebuilt everything 1:1 for testing.

Ok, anyone knows if I were to pay for support netgate would help me on this ?

my LAN dhcp server is assigning adresses from 10.1.10.1 to 10.1.10.255
subnet with mask 255.255.0.0 and the gateway 10.1.1.3 (pfsense server)

all my lan switches are in the 10.1.1.0 subnet with mask 255.255.0.0 and their gateway is pointing at 10.1.1.3

all my servers are in the 10.1.0.0 subnet and mask 255.255.0.0 and their gateway is pointing at 10.1.1.3

my printers are in the 10.1.4.0 subnet mask 255.255.0.0 and their gateway is pointing at 10.1.1.3

on the openvpn server settings

the ipv4 tunnel network is 10.1.5.0/24 I tried going 10.1.5.0/16 and it would fail to give me an ip adress from the openvpn server

my ipv4 local network(s) is 10.1.0.0/16

as i stated previously, if I don't add a gateway on my pfsense lan adress (10.1.1.1) which is a layer 3 cisco switch I can't connect to my lan ressources from the vpn

I've added more screenshots

In the openvpn status I see the target network being the ip assigned for each user connected, on my sonicwall this would've been my 10.1.0.0/16 network, is this good for openvpn ?

729ee8f4-9726-4df7-bbd5-b2a684b656f9-image.png

76fd2d58-1870-454b-9101-b3a1f39976ad-image.png

9260d808-50a0-4434-8b7b-5c05f6fddaad-image.png
I really would appreciate help on this,

@gertjan Thanks. Yeah, I was not really expecting a positive answer to be honest. Well, I guess I have no choice, just have to keep the current method. Thanks again.

Perfect! That worked - thank you :)

Not sure if this is supported by the openvpn binary
you can check it on https://community.openvpn.net/openvpn/report/

@kom Thanks for the fast reply. Allow rule is OK and logs shows no error. I'll try a clean instalation and configuration.

@viragomann thanks for answers!