@Rico Well, thanks but no, it's not only the Google search box but also the search results that kept appearing.
...and btw, I just noticed that my Microsoft Teams client was still not working when vpn is on
So, more research to do !

@xman111 I believe what you are referring to Split Tunneling. This is a feature that not most VPNs offer but i believe PureVPN does. Theres a 7 day free tial on it for $0.99 if you wanna try

I think I might have figured it out. I tried setting "reneg-sec 0" in the custom settings. I'll know in an hour or so if it worked. There's aa note in the OpenVPN doc that if this isn't disabled by setting it to 0 it can cause 2 factor clients to constantly have to reauthorize.

Fingers crossed...

@viragomann in the other post you mention

at your parents box in the site2site settings, option "Remote Network/s": 10.0.8.0/24 (comma seperated from the other entries

My Server 2 is an asus router with merlin firmware using OpenVPN. Would the equivalent of this "Remote Network/s" (since its not pfsense) be a custom config like

push "route 10.87.88.0 255.255.255.0" (since that is what the network for remote access client1 is on?)

Edit - nevermind. After a little more digging i added "route 10.87.88.0 255.255.0" to my config on server 2 and now when I'm in as a RA client on 10.87.88.x I can get to 10.55.55.0. Thanks!

Might be something in the client that prioritizes RFC1918 addresses to prevent VPN leakage in cases like that. It's unfortunately common for people to accidentally mix DNS like that and unintentionally send private traffic across public networks via IPv6 when it was meant to stay private on IPv4.

@Gertjan said in OpenVPN no authenticated log generated:

--> Like exit 0

so the next piece to the puzzle ! send me an e-mail script for openVPN

thanks for helpin me out with info

I disagree. I used different CAs at one time and than it got really complex. I have a setup with 6 sites world wide and different VPNs with access for different purposes (e.G. Production access, financial access, ...) Many people would get muliple certificates for different purposes. Updating this cerificates can be really confusing for some of those people.
Including different substrings into the certificate oauthorize different VPNs would be really elegant.
The cerificates thmselves are fine (I believe). The error is that the script is prohibing it. Is there a difference with the return code and exit code? A return code "1" should be "okay" while it complains about exi code 1.
I get the error that the script failed even when I revert to the original scrip or if I insert exit(1) at the beginning of the scrip.

This can be deleted. I forgot to set the Firewall rules correctly. After following this tutorial here it worked: https://www.computing-competence.de/2020/01/03/pfsense-mit-expressvpn-teil1-der-tunnel/

Stay Healthy people!

@Bob-Dig I am glad to hear that it worked out for you well.

@JKnott

To clarify, the 2 ends need addresses, but it's not necessary to have 2 /64 networks to connect them. For example, my cable modem has a /64 link local network, but a /128 host address. So, a link local network and a /128 address or just a /64 specified address network could be used.

@noplan

This link is very helpful, thank you!

@johnpoz why are you trying to setup OpenVPN client. My suggestion is to make a self hosted vpn on your home internet. It may more secure and protect your all devices but not easy to configure. If you have some technical knowledge, then you will do otherwise you need some help. This guide might be helpful for you to configure self hosted vpn. https://www.purevpn.com/what-is-vpn/how-to-get-a-vpn

@Rico said in VPN connection over a specific gateway (multiwan):

It is not possible to have a Client conncted to WAN2 and your traffic replies via WAN1

tx for pointing out that this is not possible at all, the dynamic dns client at pfsense betrayed me :(
somehow it updated the ips from the wrong gateway (not sure how this works out, need to check)

tx for reply !

Hi @johnpoz

I have NAT enabled on both pfSense firewalls, however as a test I disabled NAT to ensure all natting was handled by the Cisco router and I was still unable to reach the 10.0.20.10 client.

RFC1918 blocking is disabled on all the pfSense interfaces.

I can access all clients on the LAN network of the pfSense LAB with NAT enabled. I also have a static route on the Cisco router for 10.0.15.0/24 via 10.0.50.10 and I can access any host on that network with no issues.

After some more playing around today I got it working.
Firstly I had to assignin the ovpns1 interface and enable it under the Interfaces > Interface Assignments.
Then I was required to add the 10.0.100.0/24 network into the “IPv4 Local network(s)” under the OpenVPN Tunnel Settings, however this setting wouldn't apply until a reboot of the pfSense.

Thanks to everyone for the suggestions.

Tyler