@monden2

Windows file sharing uses broadcasts to announce it's presence to other devices. Since broadcasts are not passed by routers, you don't see the shares. You'll have to use the host name or IP address to set up a connection to that share.

so i've done it the old school way
kind of doing some clean up in user name and settings and cleaning up style.

Certificate Manager --> Certificate Revocation --> Certificate Revocation List added CRL to openVpn Server revoked all vpn-user Certs via CRL revoked openVpnServerCert controlled via System --> Certificate Manager --> Certificates disabed vpn-users System --> User Manager --> Users

so far ...

added new Certs changed Certs on openVpn Server adden new CRL to openVpn Server created new users testet

works like a Charm and it feels good ;)
so [solved]

Thanks for helpin me out.

Look also at https://forums.openvpn.net/viewtopic.php?t=24703
It boils down to : if you can't trust the humans that operate your devices ....

@Bob-Dig is this correct?

Senza titolo.jpg

@NogBadTheBad Yep, or just add a blacklist to an IP range individually.

If you connect via SSH you can monitor the log directly and, if you set a large scroll back buffer in the client, can capture more logs. From the shell, run clog -f /var/log/openvpn.log

Or setup a syslog server and export the logs there for more/long term storage.

@heathstiles said in OpenVPN Routes to Remote sites:

The sites are connected using IPsec Site to Site VPN tunnels if that makes any difference.

You didn't mention above. Of course is that different.

So will have to add an additional phase 2 in the IPSec configuration for the respective local network and the OpenVPN tunnel network.

@JKnott said in best pfsense appliance for openvpn:

@akuma1x

Also, how much traffic is going off the local network? There's a big difference between mainly using local servers and going to the Internet for everything.

I agree with jknott I think its better to plan that out first..

Glad you have it working now.

-Rico

It looks similar there but between the formatting and other info it's hard to say.

Compare the actual OpenVPN config file in the profile from the Access Server with the client configuration made by pfSense under /var/etc/openvpn/

@bingo600 I just added an additional interface for openvpn client. If you want to ask feel free to ask, not starting like that. And the reason I couldn't post anymore because this is a new account, the forum limits my time to post, I was fixing this earlier and I want to post a lot of times.

Thanks for the feedback. The MS RADIUS server has no static address specified by default but it does offer the above 172.16.0.0/16 subnet though it's not "user configurable" (I discovered it looking at the logs - there are no such setting in the NAP/RADIUS mmc) unless you probably manually edit the registry (there was no RRAS service previsouly enabled to set them). By removing the 2 above attributes it works as desired using subnet topology without further modifications which is fine for me.

Cheers

Hi,

with pfSense 2.4.4, it's possible to "force" the ip server to connect :

In the "Client Export Utility", "Client Connection behavior" heading, select "Other" for "Host Name Resolution". A second field appears "Hostname" and indicate in the hostname (dyndns, etc.) or public ip of the box...

The next exe client generated will had the good public ip or hostname !