Why do you use OpenVPN in TCP Mode? Switch over to UDP and try again. -Rico

Thanks for the help. Finally figured out (after doing tcpdump on my lan port) that the connection request was being forwarded to one of my internal systems. I forgot I had port forwarded a range of ports to a system and 1194 was one of them. Specified the ports exactly instead of port range and was able to connect right away. So for anyone facing similar issue, check your port forwarding and make sure you don't have the openvpn port you're using in a port forward to a different system.

I never noticed the change to being able to specify multiple networks in 2.4.x. That's great!

Jimp my hi5 to u, that was the trick. Now I will create a Load-Balance, FailOver1, FailOver2 for my connections. Thanks Jimp.

@jimp said in Possible Bug Setting up OpenVPN Client: In the past, having any setting other than None for IPv4/IPv6 was a configuration error. It wouldn't have actually worked, and the fact that it let you configure what it did is probably a bug. Setting it in the way you describe would cause one openvpn client to bind and run inside the other. Why would you want to run OpenVPN inside OpenVPN? Thanks for this information, I didn't realize the effect of what I was doing due to lack of knowledge and because it just worked. The reason I set it up like that is because I followed the setup guide on ExpressVPN's website and that is how the guide showed to set it up. I actually questioned them a while back concerning a different part of the guide and there response was that they couldn't help because it was a user submitted guide. EDIT: I looked at the guide again and I did misunderstand part of it. They do set the client interface to WAN but at the same time they also set the actual VPN interface to DHCP. So it looks like there guide is wrong AND I misunderstood part of it. Now if I could just figure out how to get a working monitor IP on these VPN Gateways. I'll ask that question later though.

@derelict said in iPhone/iPad no longer works after update: Have a look at Services > DNS Resolver, Access Lists and see if adding the tunnel network to an Allow list there doesn't start allowing queries. That fixed it. Thanks,

@alexxtasi said in Using Radius for accounting only, Ldap for authentication (using Radiusplugin ?): it a radiusplugin problem of openvpn in general ? thank you @alexxtasi, you forgot to reply to yourself and tell us that you have fixed this crash:)

IIRC on Windows you had to run the OpenVPN client as Administrator or it wouldn't create the routes propeprly. It would look like it was working but you had no error messages and no access.

Doubt fix, I just use the tunnel created, thanks.

Welcome.

Ok, thanks, I will plan for one user/cert per TC then. EDIT: That means creating one user/cert per Thin Client on pfsense, and creating one specific profile (in terms of IGEL UMS) per TC (deploying the individual cert, configuring the VPN-connection to use that cert). Bit more work but manageable for 4 TCs as in my current case. btw: I plan to name the users/certs after the MAC of the TC to keep it traceable and not get something like user-names in there. OK?

There is no web-based or in-browser VPN available on pfSense.

In your diagram pfsense has ZERO to do with your client running openvpn and connecting to some outside vpn server? Zero!! Unless pfsense is blocking the port your wanting to connect to the vpn server on, default UDP 1194 pfsense has nothing to do with it. Did you modify the default lan rules? because out of the box they are any any and that client would be allowed to do anything it wants outbound to the internet.. Are you wanting instead this configuration? [image: 1539079606325-vpn-resized.png] Where pfsense is the client to the vpn server, and 1 machine or multiple machines behind pfsense can be used to use the vpn to go to sites on the internet, while other machines just go out the normal internet?

@execcr said in OpenVPN in existing enviroment: could only ping clients but not reach other ports, firewall completely opened.: a Zyxel UTM Why do you not just run your vpn server there just replace it with pfsense? Running an vpn server that is inside your network is always going to be a asymmetrical mess...

Yes indeed that would be it. Nice to see it got implemented: https://forum.netgate.com/topic/120569/oddity-with-viscosity-openvpn