1. Home
  2. pfSense® Software
  3. OpenVPN
Log in to post
Load new posts
  • N

    Ubuntu 18.04 server with pfSense client

    2
    0 Votes
    2 Posts
    346 Views
    V

    I guess, you are missing the route to your network on the server side.
    However, if the VPN connection is for your own purposes, I assume you can also do a workaround with NAT.

  • P

    OpenVPN client VPN slow, especially with higher latency

    4
    0 Votes
    4 Posts
    2k Views
    P

    Made another test to see if pfsense behaves different.

    Downloaded a testfile on a machine with additional 250ms delay configured. All machines on a local LAN with Gigabit switches in-between:

    Downloading on a Linux machine gives around 12Mbyte per second:

    $ curl http://172.16.34.206/testfile.img --output testfile.img % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 4 3320M 4 155M 0 0 9.8M 0 0:05:36 0:00:15 0:05:21 12.0M^C

    Download on the pfsense machine, gives only around 6.5Mbyte per second:

    : curl http://172.16.34.206/testfile.img --output testfile.img % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 3 3320M 3 118M 0 0 6125k 0 0:09:15 0:00:19 0:08:56 6578k^C

    However, it's not that the pfsense machine is generally slower, when removing the artificial latency, the download on the pfsense reaches the expected >100Mbyte/s on a gigabit network:

    : curl http://172.16.34.206/testfile.img --output testfile.img % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 9 3320M 9 318M 0 0 111M 0 0:00:29 0:00:02 0:00:27 111M^C
  • T

    OpenVPN "The Clash of Gateways"

    19
    0 Votes
    19 Posts
    2k Views
    DerelictD

    When you connect to a VPN server it gives you a gateway address. If you connect to servers that give you the same gateway you will have the problems you are seeing because you can't have two interfaces with the same subnet/gateway on them. Choosing different access points from the same provider, or different providers, should solve it.

  • F

    Open VPN with DDNS

    2
    0 Votes
    2 Posts
    418 Views
    provelsP

    @fulail It should work fine. I do it. You should assign the DDNS address to the public IP. Can you ping the DDNS host by name? The line in your config file should be

    remote yourDDNSname yourport yourprotocol
  • A

    OpenVPN Multi WAN Connection Problem

    3
    0 Votes
    3 Posts
    593 Views
    A

    port_forwards_pfsense_openvpn_clients.JPG

    port_forwards_pfsense_openvpn_clients_wanewe.JPG

    Hi Viragomann,

    thats already done. See screenshot. Port Forward was created for every singline wan interface.

  • T

    VPN Group + a Kill Switch

    22
    0 Votes
    22 Posts
    2k Views
    T

    @Derelict If you could also answer my other (new) question here: https://forum.netgate.com/topic/147323/openvpn-the-clash-of-gateways

    Thank you very much,

  • manjotscM

    [SOLVED] OpenVPN for Guest Interface

    16
    0 Votes
    16 Posts
    2k Views
    manjotscM

    Thanks

  • D

    Fail-over client config

    9
    0 Votes
    9 Posts
    1k Views
    D

    Thanks again.
    I did it like that. No clue if it works as I cannot drop a line currently (off-site), but I see packets going to the server quite happily.
    So, the last rule in client's OpenVPN set is a pass rule that uses the gateway group (which has both ovpn IFs).
    On the server side I will reduce to one OpenVPN server only, bind this one to the localhost and create one NAT on WAN 1 and another on WAN 2 both pointing to the localhost:ovpn-port.
    I will do the same for road warriors and on the clients I will add the "remote ..." line.

  • manjotscM

    VPN client status down

    2
    0 Votes
    2 Posts
    293 Views
    manjotscM

    Oct 14 10:01:52 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/182176]
    Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:52 openvpn 30979 TLS: tls_process: timeout set to 29
    Oct 14 10:01:52 openvpn 30979 ACK reliable_send_timeout 32 [1] 0
    Oct 14 10:01:52 openvpn 30979 ACK reliable_can_send active=1 current=0 : [1] 0
    Oct 14 10:01:52 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53
    Oct 14 10:01:52 openvpn 30979 UDPv4 write returned 42

    pid=0 DATA
    Oct 14 10:01:52 openvpn 30979 I/O WAIT status=0x0002
    Oct 14 10:01:52 openvpn 30979 event_wait returned 1
    Oct 14 10:01:52 openvpn 30979 PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a2710
    Oct 14 10:01:52 openvpn 30979 I/O WAIT T?|T?|SR|SW [1/182176]
    Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0003 ev=5 arg=0x006a2710
    Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:52 openvpn 30979 TLS: tls_process: timeout set to 29
    Oct 14 10:01:52 openvpn 30979 ACK reliable_send_timeout 32 [1] 0
    Oct 14 10:01:52 openvpn 30979 Reliable -> TCP/UDP
    Oct 14 10:01:52 openvpn 30979 ENCRYPT TO: 278fa682 9edc8f08 026fc28e 4882d4aa c26a90da 00000005 5da47fb1 38c6a29[more...]
    Oct 14 10:01:52 openvpn 30979 ENCRYPT HMAC: 278fa682 9edc8f08 026fc28e 4882d4aa c26a90da
    Oct 14 10:01:52 openvpn 30979 ACK reliable_send ID 0 (size=4 to=32)
    Oct 14 10:01:52 openvpn 30979 ACK reliable_can_send active=1 current=1 : [1] 0
    Oct 14 10:01:52 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53
    Oct 14 10:01:52 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:52 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:52 openvpn 30979 event_wait returned 0
    Oct 14 10:01:51 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/182176]
    Oct 14 10:01:51 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:51 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:51 openvpn 30979 RANDOM USEC=182176
    Oct 14 10:01:51 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:51 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:51 openvpn 30979 event_wait returned 0
    Oct 14 10:01:50 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:50 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:50 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:50 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:50 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:50 openvpn 30979 event_wait returned 0
    Oct 14 10:01:49 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:49 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:49 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:49 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:49 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:49 openvpn 30979 event_wait returned 0
    Oct 14 10:01:48 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:48 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:48 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:48 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:48 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:48 openvpn 30979 event_wait returned 0
    Oct 14 10:01:47 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:47 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:47 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:47 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:47 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:47 openvpn 30979 event_wait returned 0
    Oct 14 10:01:46 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:46 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:46 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:46 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:46 openvpn 30979 SENT PING
    Oct 14 10:01:46 openvpn 30979 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
    Oct 14 10:01:46 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:46 openvpn 30979 event_wait returned 0
    Oct 14 10:01:44 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:44 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:44 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:44 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:44 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:44 openvpn 30979 event_wait returned 0
    Oct 14 10:01:43 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:43 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:43 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:43 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:43 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:43 openvpn 30979 event_wait returned 0
    Oct 14 10:01:42 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:42 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:42 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:42 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:42 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:42 openvpn 30979 event_wait returned 0
    Oct 14 10:01:41 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866]
    Oct 14 10:01:41 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:41 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:41 openvpn 30979 RANDOM USEC=54866
    Oct 14 10:01:41 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:41 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:41 openvpn 30979 event_wait returned 0
    Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:40 openvpn 30979 MANAGEMENT: Client disconnected
    Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0040
    Oct 14 10:01:40 openvpn 30979 event_wait returned 1
    Oct 14 10:01:40 openvpn 30979 PO_WAIT[1,0] fd=6 rev=0x00000011 rwflags=0x0001 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=6 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:40 openvpn 30979 MANAGEMENT: CMD 'state 1'
    Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0040
    Oct 14 10:01:40 openvpn 30979 event_wait returned 1
    Oct 14 10:01:40 openvpn 30979 PO_WAIT[1,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=6 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:40 openvpn 30979 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0040
    Oct 14 10:01:40 openvpn 30979 event_wait returned 1
    Oct 14 10:01:40 openvpn 30979 PO_WAIT[1,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:40 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:40 openvpn 30979 event_wait returned 0
    Oct 14 10:01:39 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:39 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:39 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:39 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:39 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:39 openvpn 30979 event_wait returned 0
    Oct 14 10:01:38 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:38 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:38 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:38 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:38 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:38 openvpn 30979 event_wait returned 0
    Oct 14 10:01:37 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:37 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:37 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:37 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:37 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:37 openvpn 30979 TLS: tls_process: timeout set to 15
    Oct 14 10:01:37 openvpn 30979 ACK reliable_send_timeout 15 [1] 0
    Oct 14 10:01:37 openvpn 30979 ACK reliable_can_send active=1 current=0 : [1] 0
    Oct 14 10:01:37 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 14 10:01:37 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53
    Oct 14 10:01:37 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:37 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:37 openvpn 30979 event_wait returned 0
    Oct 14 10:01:36 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:36 openvpn 30979 TLS: tls_process: timeout set to 16
    Oct 14 10:01:36 openvpn 30979 ACK reliable_send_timeout 16 [1] 0
    Oct 14 10:01:36 openvpn 30979 ACK reliable_can_send active=1 current=0 : [1] 0
    Oct 14 10:01:36 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53
    Oct 14 10:01:36 openvpn 30979 UDPv4 write returned 42
    pid=0 DATA
    Oct 14 10:01:36 openvpn 30979 I/O WAIT status=0x0002
    Oct 14 10:01:36 openvpn 30979 event_wait returned 1
    Oct 14 10:01:36 openvpn 30979 PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a2710
    Oct 14 10:01:36 openvpn 30979 I/O WAIT T?|T?|SR|SW [1/44554]
    Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0003 ev=5 arg=0x006a2710
    Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
    Oct 14 10:01:36 openvpn 30979 TLS: tls_process: timeout set to 16
    Oct 14 10:01:36 openvpn 30979 ACK reliable_send_timeout 16 [1] 0
    Oct 14 10:01:36 openvpn 30979 Reliable -> TCP/UDP
    Oct 14 10:01:36 openvpn 30979 ENCRYPT TO: 11167a31 f2051088 ad09eca3 67be345f 8a5759f6 00000004 5da47fb1 38c6a29[more...]
    Oct 14 10:01:36 openvpn 30979 ENCRYPT HMAC: 11167a31 f2051088 ad09eca3 67be345f 8a5759f6
    Oct 14 10:01:36 openvpn 30979 ACK reliable_send ID 0 (size=4 to=16)
    Oct 14 10:01:36 openvpn 30979 ACK reliable_can_send active=1 current=1 : [1] 0
    Oct 14 10:01:36 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53
    Oct 14 10:01:36 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:36 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:36 openvpn 30979 event_wait returned 0
    Oct 14 10:01:35 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:35 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:35 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:35 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:35 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:35 openvpn 30979 event_wait returned 0
    Oct 14 10:01:33 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:33 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:33 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:33 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:33 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:33 openvpn 30979 event_wait returned 0
    Oct 14 10:01:32 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:32 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578
    Oct 14 10:01:32 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710
    Oct 14 10:01:32 openvpn 30979 TIMER: coarse timer wakeup 1 seconds
    Oct 14 10:01:32 openvpn 30979 I/O WAIT status=0x0020
    Oct 14 10:01:32 openvpn 30979 event_wait returned 0
    Oct 14 10:01:31 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554]
    Oct 14 10:01:31 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578

  • S

    VPN Relay on same subnet?

    3
    0 Votes
    3 Posts
    488 Views
    S

    Thank you! That definitely pushes me in the right direction. I'm going to rebuild today!

  • C

    OpenVPN Server TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ?

    2
    0 Votes
    2 Posts
    643 Views
    C

    Dear pfSense friends,

    Unfortunately I found this
    https://github.com/davidemyers/algo-pfsense
    saying
    "pfSense does not officially support the ECDSA certs created by Algo, but they do work when you choose Mutual RSA when creating the Phase 1. You may not be able to install ECDSA certs on pfSense versions older than 2.4."
    which relates to IKEv2, but not to OpenVPN.

    I read controversial stuff ECDSA vs RSA about security and speed.
    Shall I stay with RSA ?
    If yes, why is ECDHE anyway used whatever I enter in the DH parameter ?

    Many thanks ! and

    cheers chulio.

  • nkdN

    OpenVPN to private ip

    1
    0 Votes
    1 Posts
    278 Views
    No one has replied
  • H

    OpenVPN gateway is offline but my PIA is working

    10
    0 Votes
    10 Posts
    1k Views
    H

    @viragomann got it and now my issue is resolved thanks.

  • M

    Update OpenVPN Client config from Server

    6
    0 Votes
    6 Posts
    701 Views
    M

    I can push routes and other config parameters via the server, frustrating that this isn't one of them;/ My remote user base is about 40, if I had 100's I'd be very unpopular.

  • asphalt3A

    Need your help will pay 20$: PIA on pfsense Netflix detects proxy

    54
    1 Votes
    54 Posts
    10k Views
    senseivitaS

    @johnpoz Yeah, I noticed. Originally I didn't save it directly on the forum because of the 2MB limit. But I tell you, I fixed it on the server adding a white background and flattening the PNG. Maybe you weren't getting it because Cloudflare caches things requested frequently--or maybe the browser, Chromium-based browsers in my case are always seem to be ignoring stuff, for instance: I cannot log in with smart cards to vCenter because it wouldn't kill the session while other browsers do. It would've eventually updated itself.

    I was already getting it with the white background.

    Thanks anyway, I won't post transparencies again, lesson learned. 😔

  • B

    Newbie to pfSense trying to configure OpenVPN to connect to my house network

    2
    0 Votes
    2 Posts
    408 Views
    B

    Got it sorted out. As I thought it was a simple fix to a major headache, in the client config all that is needed is to add the "Float" line to the end of the configuration. Now it shows as routing traffic through the server and no more errors in the status log.

  • G

    Problems with clients

    4
    0 Votes
    4 Posts
    485 Views
    PippinP

    No access to pfS at the moment but on client side add

    float

    to the config.
    Could be a checkbox too in CSO.
    See --float in manual 2.4:
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

  • M

    How to prevent OpenVPN clients connecting to the server when inside LAN?

    2
    0 Votes
    2 Posts
    195 Views
    RicoR

    Add a REJECT Rule on your LAN Interface with Destination "This Firewall" and your OpenVPN Port.
    Place the Rule on top of your LAN - allow any Rule.

    -Rico

  • ?

    Access LAN via OpenVPN Server and pfSense OpenVPN Client

    3
    0 Votes
    3 Posts
    557 Views
    ?

    @viragomann said in Access LAN via OpenVPN Server and pfSense OpenVPN Client:

    So I assume, pfSense is the default gateway on the LAB network.

    Yes right, all network traffic of the LAB pass throught the pfSense.

    Thanks very much for the answer @viragomann !!
    I'll try all that asap and tell you if it worked or if I've other questions !

  • C

    Openvpn with Server Centos 7.6

    Locked
    13
    0 Votes
    13 Posts
    1k Views
    RicoR

    You'll have a great experience with running pfSense on both sides, trust me. ;-)
    There is plenty of great documentation around for site to site VPNs with pure pfSense. Grab your favourite drink and just watch:
    https://www.netgate.com/resources/videos/site-to-site-vpns-on-pfsense.html
    https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html

    Some more to read in detail:
    https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html

    -Rico

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.