10MB is a lot? How much memory does your system have?

@JeGr said in Question on OpenVPN restricting IPs: Actually that's one point why I'm propagating the use of FreeRadius together with pfSense' OpenVPN in RAS scenarios, as it's much easier to handle than creating CSOs based on the CN of certificates. Also it minimizes the probability to make configuration errors that would allow VPN users to access pfSense WebUI with their only-for-VPN user when using internal authorization. Yeah it's just a bit of a pain adding the users by hand, I did pop a redmine in for a copy function in the Freeradius package a couple of years ago. https://redmine.pfsense.org/issues/8031

Forget everything- even though the remote networks field was entered and displayed properly I re-typed the values there on both sides. And -whooops- network connected proerply. Just for reference. /KNEBB

@careymichael I am having this same issue. When you said you had a static route pointed to the LAN interface, are you meaning in the firewall rules?

@viragomann Hi, Let me clarify again. Like I said, if I initiate a session directly to HTTPS from VPN client, there's no issue at all, working as I expected perfectly. The problem here is, when I initiate a session from my VPN client to HTTP, the redirection is not happening. I can see packets are going but no return packets. This can be confirmed on pfSense packet capture. I've tested from another host in the LAN and redirection works. That's why I am wondering if I missed something on pfSense. Hope I explained the situation clearly. Thanks a lot. Eoin

@Gertjan [image: 1580310491087-2.jpg] so i activated one more network (my pf sense has 4 nic) and added another router running ddrt and it worked but when i run open vpn on pf sense it shows connection up but disconnects in 20 secs... i will look

@viragomann said in Unable to connect to mutiplied pfsense based openvpn server: lport is the local port, the OpenVPN client instance binds to. It should default any if it's not stated, but maybe that doesn't work in your set up. lport 0 sets the port to any, which means OpenVPN should select the next free port. So you may give it a try. I haven't seen this as default in any config for openvpn that I work with but it connects and I can ping so far it's working thank you @viragomann

Hello. I want to specify the IPv6 rule for OpenVPN. Which source IP do I have to enter for IPv6 as shown in the picture? [image: 1580301704172-ipv6.png] Best regards Axel

Are your WAN interfaces configured automatically by DHCP or PPPoE on both, office and home? If yes, the issue may be in the ISPs network and you should consult him again.

Don't forget also you dest box your trying to rdp too, more than likely his firewall not going to allow traffic from vpn tunnel IP your remote client would be using. So the host firewall need to be adjusted to allow the traffic.

@viragomann UDP is about 10/8 ishhh....

Forgot to post an update when I fixed this, for people who might have this issue later. Check the client output settings, make sure it is set on the version 2.4+ and it points to either your domain/wan IP address. I will admit that me being a newbie I never looked at that and just went for the client output. I still get a keys out of sync error but that is because the internet drops a packet or 2 on connection, what do you expect from free wifi though.

Hey guys, I have to admit, I thought this issue was solved. However, it is not! At Local Site: When a connection is initiated from inside (e.g. I am trying to access google.de using Chrome) then my complete traffic gets routed via VPN tunnel. Back and Forth! Everything! Good! However, when a connection is initiated from outside (e.g. someone is trying to access a service) then the traffic from the outside gets routed from Remote Site to Local Site. There, the service "answers" the requests from outside, however the local pfsense just does not send this packets again through the tunnel. All packets want to leave WAN at local site - not at remote site! However, they should leave at remote site ! and not at local site! I can see this clearly when looking at packet capture. Following example: I visit https://www.yougetsignal.com/tools/open-ports/ I enter the host address of remote site and the port, which gets forwarded through the tunnel. I click "check" Then I go to pfsense -> Packet Capture at Local Site and monitor. I can clearly see that all answer-packets leave at WAN interface! However, they should get routed through the VPN tunnel and leave the WAN interface of the remote site! I have clearly defined a firewall rule at local site: [image: 1579889963907-unbenannt.jpg] At remote site I have configured Outbound NAT. But I think the problem right now is local site, because there the packets want to leave via WAN interface. However, they should get sent into the tunnel. Does anyone have an idea what's the problem?

Check your floating rules, and check Status > Filter Reload to make sure your ruleset is loading properly. And are you certain you are hitting your own nginx? Is the logged by nginx on the firewall? Does it show in a packet capture?

@heper Dear heper, I have followed the steps as your guidance, but nothing is showing in packet capture while constantly pinging the host (192.168.1.19) from vpn client. [image: 1579766024566-capture7.jpg]

Thank you! That's what it was, Windows firewall was blocking it. I was able to ping 2 Windows Server 2019 machines but not 2 Windows 10 machines. In case someone is looking for the same info here's how to allow it on Windows https://superuser.com/questions/1106907/windows-firewall-doesnot-allow-to-connect-from-vpn I just set range from 10.0.0.0 - 10.0.0.254

@viragomann Hello, thanks for the answer. I do get the public IP. @kiokoman It WORKS!!! I am so happy. Many thanks. I deactivated the DMZ settings and I changed the NAT rules to 192.168.3.1 in place of 192.168.1.1 and it just works... Stupid mistakes are sometimes the most difficult ones to find. Many thanks to you, Viragomann & Kiokoman. I really appreciate!