@jucelio_rosa said in Failover (two internet links) and point-to-point VPN:

On the client's screen (graphic screen) I put in the custom options field: remote
192.168.1.15 (server ip) 1197 udp;!

A private IP?
I'd assume, that the client has to access a public IP to reach the server.

@Shuldyk-Andrii
Ah ya, also your client doesn't have proper routes.

Did you enter the local networks of C - G into the "Local Networks" box of the access server settings?
You can combine all your subnets by entering 10.35.32.0/20. So the server will push the route for 10.35.32.0 - 10.35.47.255, which include local network of A as well.

@johnpoz thanks for your help with understanding why it wants netbios

@senseivita

Normally, there is no need to specify a value.
Definition here.

I currently try to set that up with a GXP2160

@BlazeStar did you succeed?

I plan to set up a rather minimal ovpn-server just for the phones.
The WebGUI of the phone is quite bad and gives no good status or feedback etc

Not even logs ...

@viragomann
thank you for confirmation, but it does not work unless neither IPv4 Remote Network/s are set(cannot test with two client as for now, might be the issue) nor routes are added with custom options on OpneVPN server level

@McMurphy

I have a PC on my pfSense LAN, it has 192.168.1.6.

I can pick from here whatever I want, and nothing works = no reply, except when I chose 'LAN' as the Source address (LAN = 192.168.1.0/24, with pfSense LAN interface using 192.168.1.1) :

71bd14bf-2807-4add-b30d-3f415c62a232-image.png

Should I care ?

Hi,

we're now on 24.03 and the problem still exists. It's not possible to create a common name with German special characters.

Again, any chance to fix this in a future release?

It's just the common name field :-)

@Unoptanio We output the pfsense system logs to our Syslog server (Graylog) and output or daily reports from there.

@ojosaghae
The error message says, that the utility cannot find a CA for the SSL certificate, which is used in the server setting.
It wants to search for user certificates then to provide to export.

So which server certificate are your server using?

@Pentangle
If it's a TLS OpenVPN with a wider tunnel subnet than a /30 you might have a CSO created for the client. So you also need add the additional subnet there.

Hi Gertjan,

You mean : you connect to your VPN while you are already at the site ? >NO
See it like this : when using a plain old telephone (the one with a line) : when at home : call your home number.
To make a long story short : don't do that. > I know this
Don't use your own WAN IP while you are connected behind that WAN connection.
More analogy : don't call your front door bell while your at home (well, you can, but it's "strange").
No, I'm making connection from another site(this is my home site) to the customer site. My homesite router is blocking acces to the VPN server at the client site. So this is a pretty normal situation with a not so normal result.
This router is a:
Hardware version : 4.01
Software version : CH7465LG-NCIP-6.15.32p3-NOSH
MAC-adres : 54:67:51:D3:A7:19
Serialnumber Connect Box : DDAP62010E3E
This router is configured with a DMZ. When I make contact to this router with Wifi I have normal fast internet but I cannot make a VPN connection.
In the DMZ I configured a PfSense firewall: I cannot make a VPN connection.
Do have any idea where to search? Because when I make a VPN connection with my phone on the 4G network there is no problem..

What is a server site ? > this is OpenVPN server site(the client site)

@viragomann hi, I solved it, the problem was in the encryption, I had put a different parameter and even though I checked it 100 times I didn't see the error.
Thanks to your advice I was able to identify the problem and now all the offices are working
A thousand thanks

@Antibiotic Idk , tried to set in custom options:
tun-mtu 1470 but when restart OpenVPN client going msg:
OPTIONS IMPORT: tun-mtu set to 1500

Please, how to override MTU properly?

@viragomann I`ll give it a try, thanks

@karpia8
Is this an OpenVPN access server, where 172.20.20.0/24 is the tunnel network?
If so I don't expect, that there is any impact due the IPSec settings.