@jere7em said in Not natted access to LAN network: No, the default gateway is the VPC Internet Gateway (they are on AWS)... That's why you need NAT. @jere7em said in Not natted access to LAN network: maybe I have to add the routes to the AWS Lan configuration... Don't know the structure of the AWS network, so I cannot help. If it's possible you can install a transit network between the default gateway and pfSense. So you have only to add a static route for the LAN to pfSense. Otherwise you will need a static for the OpenVPN tunnel network route on each device the VPN clients should be able to access.

@Rico Thanks, this might be the cleanest solution. @oddussiben-3161 That would require me to define every single client connection in order to make them gateways and able to be added to a gateway group. This is exactly what I want to avoid. Thanks for you r reply though. I appreciate it.

Yes. So check "Redirect gateway" in the server settings to push the default route to the clients and provide a DNS server. Additionally you have to add an outbound NAT rule for the VPN clients. Firewall > NAT > Outbound. Select the hybrid mode and hit save if you have the automatic mode now. Then add new rule: interface: WAN source: <OpenVPN tunnel network> destination: any translation: interface address

@DaddyGo I have this processor [image: 1597153553300-cc874b28-faad-4faf-8bec-4b7f7592cefc-image.png] I´ll look this =) In pfSense, you can configure multiple servers on a single device. Due to redundancy and for the sake of a high number of users, I would even run multiple servers in a separate box. (we do anyway) i´ll try change port Port scanners are familiar with the sub-2K range, yes the dedicated port(s) is 119X, but i wouldn't leave the port here, if you have that many VPN users. i´ll update the version this week. Current version and 2.4.5-p1 contains very important fixes !!! (pfctl, etc.) 23d05161-da56-456f-b9af-b03d8644b5e1-image.png Please Update...... ASAP after update S.O , i´ll update this post about the vpn Connection. Thansk you in advanced.

@netblues said in Work from home security issues: policy won't happen by asking on any forum.

https://docs.netgate.com/pfsense/en/latest/book/monitoring/firewall-states-reset.html -Rico

@techsalot said in Home VPN: I want to get IPs that are on the same subnet as my other devices. For why? Makes no sense to do this.. RDP doesn't need L2 discovery.. there would be no reason to be on the same network as you lan to rdp to stuff. "My problem is none of the guides I have seen are specific enough." You walk through the wizard following the bouncing ball.. You then export your certs and configs for your clients via the vpn export package. https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.html Here some advice trying to follow some guide that says click here, do this.. Isn't helping you learn anything.. Nor helping you understand anything... And when it stop working for whatever reason.. You will have not have clue 1 to what is the problem. What exactly do you not understand about spinning up a vpn server on pfsense? Have you read through the book about openvpn? https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html Now again back to this.. My problem is none of the guides I have seen are specific enough. Why? What part are you confused about? Point to a guide or guides you have read through and what parts - exactly are confusing you?

@Bekoj said in TLS Error : something wrong with Certificates ?: installed pfsense brand new in 2.4.5 version installed pfsense brand new in 2.4.5 version hmmm, next time I'll ask first... @Gertjan "Oooohhhh. And you're telling that now ?" Yes, we went around a bit, the point is, it's okay

@Bob-Dig I need to get some work done right now and I don't know enough to figure this out quickly so I just did a factory reset and I'm just going to use the IVPN app on my computer today… Really frustrating but… No choice right now. Thanks for trying to help!!

Thanks for your help Netblues, helped to understand better what I need to do

@nikkon thanks you for the information!

@jordiSL said in Poor perfomance over OpenVPN: FW: Super Micro XG-1537 You mean, like original Netgate hardware (XG-1537)? @jordiSL "I get is 30Mbps" Yes, it seems low... (This gives me almost 10x higher speed (M11SDV-4C-LN4F), so your device also needs to know this speed) interesting to read this: https://docs.netgate.com/pfsense/en/latest/book/hardware/hardware-sizing-guidance.html two things I'm thinking about now: loader.conf.local (flow control (FC), EEE, hw.igb.rx_process_limit="-1" hw.igb.tx_process_limit="-1, etc.) https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-troubleshooting-network-cards.html https://calomel.org/freebsd_network_tuning.html @jordiSL "The client fiber is 300Mbps which I'm connected." incorrectly configured this side or incorrect measurement method... BTW: OpenVPN dslreports.com (on 500/200 - ISP): [image: 1596809326215-c7581716-ed59-4378-b5c7-5617a6c24f44-image.png] and what about these? ifconfig igb0 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso (igb, IX, em, etc.)

Then its something with the switches.. Do they have gateways set? Do they allow access from other than their own network.. Are their masks set correctly.. What is your tunnel network, if they are set for say 10/8 and think your coming from a local IP, they won't send answer back to gateway, etc.

Thank you very much! That works perfect!

@dotdash Thank you for this helpful hint. I did this: VPN - openvpn - Client Specific overriedes - add common name: xxx IPv4 Tunnel network: 192.168.10.200/24 (network 192.168.10.x is the ipv4-tunnel I also use for my other "normal" users without fixed ip address) IPv6-Tunnel network: fd73:123:456:2::200/64 (network fd73:123:456:2 is the ipv6-tunnel I also use for my other "normal" users without fixed ip address) Now I can create firewall rules (Firewall/Aliases/Edit) specific for my clients.