@johnpoz thanks for your help with understanding why it wants netbios

@senseivita Normally, there is no need to specify a value. Definition here.

I currently try to set that up with a GXP2160 @BlazeStar did you succeed? I plan to set up a rather minimal ovpn-server just for the phones. The WebGUI of the phone is quite bad and gives no good status or feedback etc Not even logs ...

@viragomann thank you for confirmation, but it does not work unless neither IPv4 Remote Network/s are set(cannot test with two client as for now, might be the issue) nor routes are added with custom options on OpneVPN server level

@McMurphy I have a PC on my pfSense LAN, it has 192.168.1.6. I can pick from here whatever I want, and nothing works = no reply, except when I chose 'LAN' as the Source address (LAN = 192.168.1.0/24, with pfSense LAN interface using 192.168.1.1) : [image: 1718620362197-71bd14bf-2807-4add-b30d-3f415c62a232-image.png] Should I care ?

Hi, we're now on 24.03 and the problem still exists. It's not possible to create a common name with German special characters. Again, any chance to fix this in a future release? It's just the common name field :-)

@Unoptanio We output the pfsense system logs to our Syslog server (Graylog) and output or daily reports from there.

@ojosaghae The error message says, that the utility cannot find a CA for the SSL certificate, which is used in the server setting. It wants to search for user certificates then to provide to export. So which server certificate are your server using?

@Pentangle If it's a TLS OpenVPN with a wider tunnel subnet than a /30 you might have a CSO created for the client. So you also need add the additional subnet there.

Hi Gertjan, You mean : you connect to your VPN while you are already at the site ? >NO See it like this : when using a plain old telephone (the one with a line) : when at home : call your home number. To make a long story short : don't do that. > I know this Don't use your own WAN IP while you are connected behind that WAN connection. More analogy : don't call your front door bell while your at home (well, you can, but it's "strange"). No, I'm making connection from another site(this is my home site) to the customer site. My homesite router is blocking acces to the VPN server at the client site. So this is a pretty normal situation with a not so normal result. This router is a: Hardware version : 4.01 Software version : CH7465LG-NCIP-6.15.32p3-NOSH MAC-adres : 54:67:51:D3:A7:19 Serialnumber Connect Box : DDAP62010E3E This router is configured with a DMZ. When I make contact to this router with Wifi I have normal fast internet but I cannot make a VPN connection. In the DMZ I configured a PfSense firewall: I cannot make a VPN connection. Do have any idea where to search? Because when I make a VPN connection with my phone on the 4G network there is no problem.. What is a server site ? > this is OpenVPN server site(the client site)

@viragomann hi, I solved it, the problem was in the encryption, I had put a different parameter and even though I checked it 100 times I didn't see the error. Thanks to your advice I was able to identify the problem and now all the offices are working A thousand thanks

@Antibiotic Idk , tried to set in custom options: tun-mtu 1470 but when restart OpenVPN client going msg: OPTIONS IMPORT: tun-mtu set to 1500 Please, how to override MTU properly?

@viragomann I`ll give it a try, thanks

@karpia8 Is this an OpenVPN access server, where 172.20.20.0/24 is the tunnel network? If so I don't expect, that there is any impact due the IPSec settings.

Tonight at a restaurant, using Wi-Fi, I got 4 Mbps on speedtest in the browser. I then connected to VPN, and got the same 4 Mbps on the speedtest. I think that's strong evidence that my home ISP is not throttling. I then turned off both Wifi and VPN. Got 220 Mbps on speedredt in the browser. With VPN, could not even get the speedrest going. OpenVPN showed about 80 bytes/s throughput, ie. Less than 1 kilobit/s as I saw before in my OP. Perhaps it is the cell carrier throttling. I'm using US Mobile, a T-Mobile MVNO. I will ask them what's going on. They are not supposed to throttle VPNs, and I believe it's illegal here. I would like to rule out any technical problems with my pfSense config, though, before I contact the CPUC and FCC.

Did a little more research. tls-auth will use the auth algorithm so both sides need to match. tls-crypt is hard coded to use AES-256-CTR/SHA256 and the auth algorithm is not used