@vladagri When setting up vpn server, is the pppoe up?
I just tried to setup a new vpn server listiening on pppoe interface and worked with no issues

@johnpoz Hi JohnPoz! any chance that you could share "picture 3" again?

The pic was In regards to filtering the pfsense gui log for vpn user logins. (old thread)

Sure you can, I have 50 OpenVPN Instances up and running.
But you need to use unique tunnel networks per Instance.

-Rico

Thanks for posting this. I was having the same issue with hardware crypto enabled on my SG-3100. Disabling seems to have resolved the issue though it certainly hasn't helped my CPU load.

I've reset my conf and started all over again and now it seems ok....
Don't know what was wrong though.

Thanks you all for you help

This is one of many reasons I dropped pia and nord.

Either way I suggest reading up on the remote host command
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

You don't. No more than you change igb0.

They are created in order, encompassing servers and clients. ovpnc1, osvps2, ovpns3, etc.

@Derelict That was what I was missing.. Thanks for the help.

I use and like freedns.afraid.org very much.
Free, no Ad stuff, good support when you need it.

-Rico

Yes i know ,i was talking about my own extra wan adapter,was wrong there,it does vpn and allow non vpn traffic on the same adapter,its not linux...:)

@mlohr said in Possible bug: Newline stripped on saving:

Yeah, this way it works. But why are some newlines stripped and some not?

It doesn't matter, because newlines are not supported in that box. Use semicolons to separate entries and you'll never have to worry about it again.

As to the why, it's probably a difference in browsers and UNIX/Windows newline styles, or who knows what. They're unreliable, hence the semicolon requirement.

You can for sure have unbound use VPN A for its queries - my point is trying to have it use vpn A for user B, and vpn C for user A or vlan X is just nuts!! For what possible reason is there to do such a thing..

Just have them all use vpn X.. If your trying to circumvent geo restrictions by using different vpns for different queries.. Your going have a shared cache.. So no going to work..

I agree that if you are connecting to other locations via vpn then the only way to make dns work the way you want it to is to have separate dns servers/caches for each.

Aliases do not work there. The local and remote networks are: Expressed as a comma-separated list of one or more CIDR ranges.

Tunnel network too, as you found out, but it's only one CIDR there.

@NogBadTheBad

Excellent! That did it, thank you.

So the issue was I had on the far side Block BOGON networks turned on for the LAN interface.

To use a wifi router as just an AP.. You don't need to do anything with their nonsense interface... Just turn off its dhcp server - connect it to your network via one of its LAN Ports!!! Set an IP on this lan port to work on your network.

Most of these nonsense native firmwares do not even allow you to put a gateway on the lan side interface.. So no you wouldn't be able to get to it remotely from another network.

Put some 3rd party on it like ddwrt or openwrt... If that doesn't work an it will not allow you to put a gateway on the lan interface - then source nat it on pfsense so that traffic going to the AP looks like it comes from the pfsense interface IP in that network.

@Gertjan said in OpenVPN and AES-NI?:

Or, that has been cancelled

Judging from those comments, I'd say postponed.

@Derelict Ah, that makes sense. Thank you very much for the help.