OK so that's a port forward on the OpenVPN interface. I would not NAT to the tunnel address there. I am not 100% certain that the DNS resolver even listens on the tunnel address. I would NAT to a LAN address or probably localhost (127.0.0.1) Forward both TCP and UDP. DNS can use both. But it looks like what you have should work. Pretty sure you do not need an assigned interface to do that.

I get that. But the client was also able to access vlans on different subnetd when connected to the VPN server while originating from a home vlan. That is what confused me. (As noted earlier, this does not occur if connecting to the VPN server from outside the home)

What kind of safenet token? If the authentication is out-of-band (like Duo) or something can be prepended/appended to the user's password (like an OTP) it can probably be made to work. I don't know of any way to do a second discrete password entry.

The user certificates are in the .p12 file. Try exporting with Microsoft Certificate Storage enabled. You are exporting for Linux, not Windows!

By default pfSense passes nothing into WAN. You need firewall rules to pass traffic into WAN. Even pings.

You shouldn't need to change anything. All of my setups let the client immediately reconnect. Are there any errors in the client or server logs when it fails?

@imparker Glad to hear..

Hence opened a bug - https://bugzilla.redhat.com/show_bug.cgi?id=1611812

If I'm reading correctly, it sounds like your subnets aren't routing between each other? Set the local and remote networks correctly in the OpenVPN config Add custom rule to OpenVPN as follows: push "route 192.168.10.0 255.255.255.0"; Make sure that firewall rules are set up - bearing in mind they only affect traffic coming in to the interface, and so can only deny traffic going out on that interface (not altogether). HTH.

@patrick0525 If you're completely certain that nothing on your end changed, it stands to reason that maybe something on their end did? I'm not familiar with the provider, but have you checked to see whether they have an updated configuration guide? Have you tried connecting to them from a PC instead of the pfSense machine? If they support TCP as well have you tried that? Just a few thoughts for preliminary troubleshooting steps.

@jimp said in Error Pfsense 2.4.3 and PureVpn error SSL: It can't validate the server certificate for that site. So either you need to load a different CA for that server, or there is something wrong on the server. Contact PureVPN to find out why. Thank you for your answer but I already contact PureVpn, after chat life and email, no solution, he send me a new certificate! I just tried to put the old one and it works, I still have to configure the NAT and GATEWAY thank you very much for your help ;-)

That makes sense. Thanks for your Help !

This is fairly straightforward. When exporting your clients, choose "other" in the Host Name Resolution box and enter your Dynamic DNS FQDN. If you don't want to re-export existing clients, you can manually edit the client's .ovpn file and replace the IP with an FQDN on the remote line.

Thank You John, I fixed the problem, I forgot to add DNS server in the configuration. It is done and it is working fine.

ok, laptop VPN works and was able to log into pfsense. Uninstalled OpenVPN and re-ran the exported EXE and it installed OpenVPN. So I think I should be good to go now. Thank you so much to those who pitched in. This is pretty much the first success with anything other than base configuration that I have gotten to work. Still a little confused about the subnetting stuff above, but I'll take this as a win.

i wouldnt know.. why cant pfsense know if the WAN connection is a private or public IP... so much for just simple Asus router.. you set it for DHCP or PPPOE no problems it does it for you you dont need to know anything i know basics 192.168.x.x is private network.. 174.x.x.x is public NordVpn said its a issue with Pfsense i posted in the forums and no one could answer the question.. one guy wouldnt even look at the video to see my problem he didnt try to help if he watched it then he would see what problem i having.. just get bashed more for even trying.. its like taking your car to a mechanic you tell him what your issue is you video tape your issue but he cant be bothered to look at it and say your wrong you dont know what your talking about your not having a problem i didnt scream bug i asked a question there is no screaming i never wrote caps i wasnt the person that said i i not going to watch your video to see what problem im having from other guy.. and you say the difference from Public and Private.. shouldnt pfsense know what a Private IP and Public IP on the Wan connection and route it properly by just choosing your options PPP PPPOE STATIC DHCP etc as i figured once you set your WAN interface thats your internet.. and when you set your lan or the OpenVPN Server to connect to the WAN interface its like WAN interface is like an interperter you speak english to the interpertor and the WAN connection automaiclly interpertes like french it to the internet accordling but im guessing this stuff is more complex then just choosing guess ill do more research since there are no discussions on to set WAN interface for OpenVPN not to use PPPOE as i dont understand why i get blasted for using PPPOE what is wrong with using pfsense to log in PPPOE its like a death using it.. but its option when you setup pfsense from a factory reset or new install.. choose dhcp or pppoe etc and OpenVPN server remote access works fine in PPPOE but doesnt in dhcp mode and NordVPN cant use PPPOE as it ruins there connection they say guess they need a private ip address not your public ip address.. but i didnt cause problems like i said guy from start was disrespecting me not even bothering to read i stated i had 2 problems didnt wanna look at a video to see what problems i dealing with.. all i got was basiclly bashing.. i ask for serious help and i get bashed that i idiot for using PPPOE we simple home user people arent using this pfsense software day in day out like you networking people.. but thanks for the reply.. since i apparently screaming i not going to get help from the other forum.. and like i said i never screammed nothing i get blasted by the other guy... where is the help to novice home users i just gonna keep my mouth shut in the other forms not reply i dont wanan cause problems i didnt ask to get in trouble didnt mean to sound screaming i just wanted to be respected and i didnt get respect right from the get go thanks for your replies.. i wont distrub you either.. sorry i caused so much problems

not sure what a RasPi is but i guess ill google how to port forward so OpenVPN Server REmote access setup then

and i followed the CrossTalk video steps to do this and there is no 1194 in it that i set https://www.youtube.com/watch?v=Q6YbCQEiC3c