https://redmine.pfsense.org/issues/15585

Shouldn’t this export creation file include an option to customize the MTU and MSS ?

I opened a feature request for this, as I was wondering this today and referenced this thread. Please let me know if this is something you would like to see.

@Leva We're seeing the exact problem here. Running pfsense+ 24.03.

Did some research on the net in the meantime - there's a related post on Reddit (https://www.reddit.com/r/PFSENSE/comments/dc5mv8/pfsense_active_directory_authentication_using/).

I've also opened a support ticket with Netgate (#2887255105) and hope we'll get this up and running finally.

@viragomann
Man, you ever look at something so long you miss the obvious? Thanks for pointing it out, I hate when I overlook something so simple!

I understand I need to calculate MTU and MSS values then set them in pfSense.

From the test above I have identified the packets fragment above 1472. To this would make the WAN MTU value 1500 (1472 + 28)

If the correct MTU value is 1500 for the WAN link, is this the same MTU I should be using for OpenVPN?

@jucelio_rosa said in Failover (two internet links) and point-to-point VPN:

On the client's screen (graphic screen) I put in the custom options field: remote
192.168.1.15 (server ip) 1197 udp;!

A private IP?
I'd assume, that the client has to access a public IP to reach the server.

@Shuldyk-Andrii
Ah ya, also your client doesn't have proper routes.

Did you enter the local networks of C - G into the "Local Networks" box of the access server settings?
You can combine all your subnets by entering 10.35.32.0/20. So the server will push the route for 10.35.32.0 - 10.35.47.255, which include local network of A as well.

@johnpoz thanks for your help with understanding why it wants netbios

@senseivita

Normally, there is no need to specify a value.
Definition here.

I currently try to set that up with a GXP2160

@BlazeStar did you succeed?

I plan to set up a rather minimal ovpn-server just for the phones.
The WebGUI of the phone is quite bad and gives no good status or feedback etc

Not even logs ...

@viragomann
thank you for confirmation, but it does not work unless neither IPv4 Remote Network/s are set(cannot test with two client as for now, might be the issue) nor routes are added with custom options on OpneVPN server level

@McMurphy

I have a PC on my pfSense LAN, it has 192.168.1.6.

I can pick from here whatever I want, and nothing works = no reply, except when I chose 'LAN' as the Source address (LAN = 192.168.1.0/24, with pfSense LAN interface using 192.168.1.1) :

71bd14bf-2807-4add-b30d-3f415c62a232-image.png

Should I care ?

Hi,

we're now on 24.03 and the problem still exists. It's not possible to create a common name with German special characters.

Again, any chance to fix this in a future release?

It's just the common name field :-)

@Unoptanio We output the pfsense system logs to our Syslog server (Graylog) and output or daily reports from there.

@ojosaghae
The error message says, that the utility cannot find a CA for the SSL certificate, which is used in the server setting.
It wants to search for user certificates then to provide to export.

So which server certificate are your server using?

@Pentangle
If it's a TLS OpenVPN with a wider tunnel subnet than a /30 you might have a CSO created for the client. So you also need add the additional subnet there.

Hi Gertjan,

You mean : you connect to your VPN while you are already at the site ? >NO
See it like this : when using a plain old telephone (the one with a line) : when at home : call your home number.
To make a long story short : don't do that. > I know this
Don't use your own WAN IP while you are connected behind that WAN connection.
More analogy : don't call your front door bell while your at home (well, you can, but it's "strange").
No, I'm making connection from another site(this is my home site) to the customer site. My homesite router is blocking acces to the VPN server at the client site. So this is a pretty normal situation with a not so normal result.
This router is a:
Hardware version : 4.01
Software version : CH7465LG-NCIP-6.15.32p3-NOSH
MAC-adres : 54:67:51:D3:A7:19
Serialnumber Connect Box : DDAP62010E3E
This router is configured with a DMZ. When I make contact to this router with Wifi I have normal fast internet but I cannot make a VPN connection.
In the DMZ I configured a PfSense firewall: I cannot make a VPN connection.
Do have any idea where to search? Because when I make a VPN connection with my phone on the 4G network there is no problem..

What is a server site ? > this is OpenVPN server site(the client site)