@spaceboy You can do that on pfSense directly with Diagnostic > Packet Capture. Select the interface the client is connected to and enter its IP and start the capture. Access the remote site, then stop the capture to see the result. You will find all IPs the client had called. However, it would be more reliable to know the host names, because a host name can be resolved to multiple IP, while the client only call one of it on a single access. Since I don't know what your client really tries to access, I'm in the dark here.

@cctl01 I can't say for certain, but I suspect from your description you had a /16 subnet mask, which meant those subnets actually overlapped. With a /16 mask, everything within 10.1.0.0 /16 is one subnet.

@pcooper I have client logs but the forum will not let me post them.

@nerdzilla IMHO you should describe your setup here, in the thread. I'm not going to spend a lot of time watching youtube , in order to understand your setup. /Bingo

@pepito32 said in CYBERGHOST CONFIGURATION: cyberghost Hi, I found this one: https://forum.netgate.com/topic/146717/cyberghost-openvpn-config-files-for-client-get-mangled-by-pfdense-web

You need to add an iroute (VPN > OpenVPN > Client Specific Overrides) when using topology style subnet. Use the client cert name as Common Name and fill the Clients local subnet to IPv4 Remote Network/s -Rico

@marvosa thanks for answering me. The reason why I've deployed a bridged solution is because I am doing a migration of several virtual machine from the siteA to the siteB and I can't change IP address of thoose virtual machine for multiple reasons. I've invastigated more deeply the problem and it appears that the issu comes from the pfsense of the siteB. In fact, when the pfsenseA (18.254) send a ping to the pfsenseB (18.1), the pfsenseB receive the ping request but it doesn't reply to it. And when the pfsenseB (18.1) send a ping to the pfsenseA (18.254), the pfsenseA replies to pings but the pfsenseB doesn't interpret the answer for an unknown reason. So I don't really know what is wrong with the pfsenseB.

@sse450 So the client cannot connect to the server from what I can see here. However, the provided screenshots are not very helpful to investigate this issue. Your client log is puzzling me. Seems you have multiple remote lines for different servers / IPs, but since you've replaced all remote IPs with the same string, I have to assume, it is connecting to the same IP on each attempt. Is the server running? What does Status > OpenVPN show? Is the server listening on WAN address? Can you see something in the server log mentioned the connection attempts?

@holly Apart from the routes within OpenVPN, wich you may have already set, you need a route on the device 192.168.178.52 for 192.168.1.250 pointing to 192.168.178.51 (the RPi).

I've been curious about this as well. I have a site-to-site VPN server configured and an interface assigned to it, but I've never managed to get gateway monitoring working properly for it.

@m0l50n Hello, In pfSense navigate to - VPN / OpenVPN / Servers and click on the "pencil" to Edit your Server. In the Edit screen scroll all the way down (almost to the bottom) and find - Advanced Configuration. Under Advanced Configuration select Custom Options. In Custom Options I have the below line entered push "inactive 3600 1000000" Hope this is Helpful! Really Great to have idle VPN connections automatically disconnect. Best Regards, R.K. Graves

@kevin-chan-aebc Configure the server to listen on localhost and forward the VPN packets on both WANs to it. In the client config file add an additional remote line for the second WAN. In the client export utility you can enter the second remote line into the advanced options box, so that it is added to exported config files: [image: 1608291824733-10a55872-912a-48fa-811e-ab481a57c677-grafik.png] With server-poll-timeout you may define the timeout, the client tries to connect to the first remote address before switching to the second. The default value is 10 seconds.

@pippin After I had changed the Local Port Number in a new Wizard run, the new port number was added to the WAN firewall rules. When I was cleaning that up, by accident I removed the wrong port number. And then you can do whatever you want, but you will never get it working

@bingo600 said in Need to log OVPN user activity to syslog server. How ?: Btw: Who would prefer Bridging to Routing ?? Hmmm, Hi don't declare this like this, just think of branch to branch (VPN) TUN and TAP are not in vain (developers are not stupid) +++edit: yeah and nowadays the log files are the ones that take up the least space in a logged environment... we store a lot more nonsense stuff, like your FaceBoo... ksit stuff, just kidding.... you don't have FB

@marvosa said in HELP routing VLAN devices through OpenVPN client connection: Also, I'd dump that TP-Link asap... it'll only cause issues ;) I forgot to mention that, even though I thought about it when I read that message. I ditched my TP-Link AP a couple of weeks ago, for that reason.