@sensewolf said in OpenVPN only for certain network?:

@fearnight said in OpenVPN only for certain network?:

Just wanted to chime in and say I finally got my setup working after finding this thread. All I had to do was uncheck "Don't pull routes" and it started working. I was having the same symptoms as @sensewolf before.

Sorry, did you mean to say you checked the box "Don't pull routes" or did you actually uncheck it (which I would find even more counter intuitive than everything else that is happening on my pfSense in this context)?

Right, I typed this wrong. Sorry. I went in and "checked" the box in the OpenVPN client config. It was unchecked by default.

@docop2 hum interesting.. it's the same if i plug to pf1 a win10pc and open a vpn client, as soon it start.. it only give me terminal, no more web browsing.

Somebody please?

@derelict said in Access site to site networks through remote access setup:

@bambos Did you route the Remote Access tunnel network over the VPN on firewall B so traffic flows the other way?

Do the firewall rules on both OpenVPN tabs on both firewalls pass the necessary traffic?

@Derelict actually your first comment was right on point.
I have set on firewall B, on site to site settings, in the field of remote networks, i have added the tunnel IP of road warrior VPN. Thank you very much for your help.

I know you know, i just explain it here for future reference, maybe someone need it.

@alep11 Follow up sure would be nice..
I'm sure most people don't care but I spend hours and hours chasing answers only to find threads like this one where people never follow up on what they post.

This is the first crap that google always pulls up.
Old unanswered and unfollowed up on posts.

Then when I ask the same question months later I get attitude thrown at me Like I didn't even bother to search the web or the forum for answers first.

Thanks..

@antonio-briguglio said in Voip app connected via openvpn when you start phone call the audio is not heard:

OK thanks

Just yell if you need something 😉

After a whole day i'm able to run stunnel with openvpn. From a fesh install of Pf. Vpn, nat,rule give the vpn working fine. i don't set any dns. Dns leak , as it seem not possible to set DOH or dot in pfsense with just : providerdns.com/dns-query.

the how: make sure Vpn is set to tcp 1194 and work fine before.
So install stunnel package / then put:
client mode check / listen ip : 127.0.0.1 /listen port: 1194
redirect to ip : vpnprovider.com / redirect to port: 443
log: notice / timeout : 0 / custom option: it,s exactly as your provider conf file. if they write option = noSslv2 , you put it all. If not it will just not work. The box custom option could be rename to : extra setting to be more clear. This is the first guide on internet.
Also, passing from a first ovpn inudp1194 do work fine, no forward port or anything else. A bit slow to get the page load directly, but all fine, dual vpn back to back.

@cobrahead
If it is a standard OpenVPN it will work on pfSense as well. But I don't know, what their desktop app really does. You may have to ask the providers support for details.

@stevemosher I'm on the verge of reverting too.. 2.5 is a shockingly bad release. Considering they had release candidates and still not fixed this.. I think the issue is around ciphers

I have managed to 'fix' the fluctuating speeds by unchecking Enable Data Encryption Negotiation and changed the Fallback Data Encryption Algorithm to AES-128.

I get lots of warnings in the logs but it connects and my speeds are now consistently back to how the were before my upgrade.

How that's working or why, no idea but it seems to fix it for me so guessing from your comment even though it shouldn't affect it, it is for me.

Let's see how much I can out up with it before I switch back to odler release

openvpn.txt

Log kept getting flagged as spam, so it is attached.

-Edit 2: -
Even though the tunnel is disabled in config, it can still be alive (don't ask)
It even survives a service cycle. This is probably the reason the overlap existed in the 1st place...

@divsys
Looks like that. But what is strange, since my post here I've set logging to my WAN rule to see incoming traffic to the OpenVPN port, yet for the 2 entries in the OpenVPN log I only see one matched entry in the firewall log. I would expect them both in the firewall log.

@zeeohsix And, if you got more rules underneath, make this rule @marvosa suggested.

@jknott 😂 thank you, that’s what I thought ! Wanted to clarify some stuff I read elsewhere ...

BRgds/ Alan

@kiokoman Thank you for clarifying.

@divsys

Ah ... My bad
I might have missed that OP was using one server to serve multiple remote sites.

I'm always using one server per remote site.

/Bingo

@westlos said in Openvpn, port 993 not Connected:

993

Unless your isp is blocking that port - pfsense wouldn't care what port the vpn service is running on..