i use KVpnc to configure my client; i'm going to try to use basic client. where can i find client's configuration doc on a kali linux distribution? thanks

Nope. that's the weird thing i was talking about. the client secret is connected to the server with port 1202 but when i print the log on the server (cat /var/log/openvpn.log |grep secret) it prints the above. Hope not doing something wrong.

@divsys Thank you that makes it very clear. I'll have to change my local subnet, so that at the remote site i'm trying to connect to via OpenVPN has its own unique subnet. Thank you soo much. Will let you guys know when I get it all working

OpenVPN does not set the default gateway like that. It leaves the system's default gateway alone and inserts two routes: 0.0.0.0/1 128.0.0.0/1 This covers all traffic and is a longer netmask so it is controlling. Undo whatever it is you did to make that default route go to ovpnc1 and let OpenVPN do what it's supposed to do.

That was it, I changed destination and gateway to my WAN instead of wildcards and it all started working. Cheers.! OpenVPN rule for future reference.

@thenmanbr said in pfsense bypasses firewall rule: @chpalmer however, in the event of a reboot, do you know how would i prevent this issue from happening? (i'm assuming it's the order things are loaded, first vpn then filters... if that even makes sense) I do not.. I comes as a little bit of a surprise to me as well. I use separate VPN servers for each of my tunnels and Im the only road warrior connection here. If I was to stop a connection to a site I would first go to that site and delete the client. Can you try a "reject rule" and see if that does it?..

So troubleshoot resolving names from one of the connected clients and see where the process is breaking down. Do you know how to troubleshoot DNS issues using tools like dig and drill? Yeah. we know you have had nothing but problems with pfSense insert feature here lately. So troubleshoot it.

Even in the logs, I can see that the server is pushing its own address as the gateway, yet pfSense does not use it as the gateway IP: Dec 21 02:45:36 openvpn 67745 PUSH: Received control message: 'PUSH_REPLY,route-gateway 172.27.120.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.27.120.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

No. I used some tutorial of PIA open vpn client.

@viragomann said in Bypass VPN for specific www site: If I access www.alliantcreditunion.com I get redirected to www.alliantcreditunion.org, which is another IP. So you will have to add this FQDN to your alias as well. Also the site may contain further parts which come from other sources and also need to be directed over the WAN GW. You can use browser tools to investigate. Interestingly enough is I am able to access www.alliantcreditunion.org just fine. Something will not allow me to access the login page

pfSense does not impose any requirements on passwords at the moment. You will get a warning if the password is left as pfsense but that's it.

The first thing I would do is update to 2.4.4-p1

no i have a static ip so i am not using aliases. i just think i am doing it wrong. no one confirms if i am doing it right or wrong. can someone help. here is my exact setup and what i am doing openvpn server 192.168.1.0/24 openvpn client 1 192.168.2.0/24 (tunnel 10.0.1.0/30) openvpn client 2 192.168.3.0/24 (tunnel 10.0.3.0/30) client 1 and 2 reach the server with NO issues but client 1 talking to 2 or 2 talking to 1, does NOT work. i can only reach from 1 or 2 to the main openvpn server so i was told to assign the 2 openvpn on the main server to an interface. then i enabled those 2 interfaces as soon as i do this. client 1 and client 2 lost their connection to the server then i was told to go to firewall rules, openvpn tab, create a new rule as follows: action: pass interface: openvpn address: ipv4 protocol: any source: the assigned interface from client 1 openvpn destination: the assigned interface from client 2 openvpn i wrote a description and saved. but this does NOT do anything. i am still without connection to the main server openvpn from both clients. not sure what i am doing wrong! please advise

@chpalmer The machines in question are a linux box (firewall off) and grandstream phones. (cant connect to the phones web interface and the phones can't register to the pbx server (the linux box). Oh plus there is a synology NAS that can't be reached either. So no, no windows firewall or any other firewall.

All, many thanks for the help and the insight. This honestly wasn't supposed to be difficult. I've decided to get rid of pfSense altogether and use the facilities my commercial host has. It's not ideal, but it does work. All I was trying to do was access my private network remotely as I've done numerous times before with a variety of products. This has just cost me too much time as it is. Thanks again

I have solve the problem thanks to this post: https://forum.netgate.com/topic/101293/route-all-traffic-thru-vpn-except-for-modem-gui-access/2 but i have a new question, is there a way to open a port and access webgui modem from vpn public ip? Stefano

For posterity... I decided to set up a separate OpenVPN server for each group of users. In the end it was the cleanest way to differentiate between the groups by assigning a unique subnet to each instance of OpenVPN. Client Specific Overrides is an interesting feature and might have allowed a portion of what I was looking for, but did not offer a complete solution. Thank you, cdunbar

Jimp. I already solved it, what happens is that they have to wait about 3 minutes for the openvpn to discard the connection through the wan that is below. Thank you