bump Any thoughts?

Yesterday it was not working. But now Openvpn as connect to my pfsene. I afraid I do not learn how is this work?  >:( it is working by miracle. I do not remember what do i change in pfsense? Thanks everyone. Now try to access my local pc from Outeside home. Please see the openvpn log in pfsense and another question where do i find (link-mtu : 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542')? Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.14) Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.14) Nov 18 10:07:33 openvpn 38877 Options error: option 'route-metric' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.14) Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.14) Nov 18 10:07:33 openvpn 38877 TUN/TAP device ovpnc3 exists previously, keep at program end Nov 18 10:07:33 openvpn 38877 TUN/TAP device /dev/tun3 opened Nov 18 10:07:33 openvpn 38877 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) Nov 18 10:07:33 openvpn 38877 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Nov 18 10:07:33 openvpn 38877 /sbin/ifconfig ovpnc3 10.128.0.3 10.128.0.1 mtu 1500 netmask 255.192.0.0 up Nov 18 10:07:33 openvpn 38877 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1542 10.128.0.3 255.192.0.0 init Nov 18 10:07:38 openvpn 38877 Initialization Sequence Completed

The local networks option is still there in 2.4. No need to do it with overrides. The only time the local networks option is hidden with that kind of setup is if you have set the option to redirect all traffic over the tunnel ("Force all client-generated  traffic through the tunnel.") and in that case, local networks are redundant because all of the user's traffic is already going over the tunnel so sending a specific route for your other subnets is unnecessary.

that is what "don't pull routes" do. You then have to set up rules on LAN to push devices and ports you want out the VPN interface.

yep - the official OpenVPN connect clients are solid …ugly, but solid!

If it doesn't it is because it actually reconnects. I have never seen ssh do that.

So I fired up a VM of pfsense.. running 2.4.1 I created a client connection, big bang zoom connected.. I then created a server connection.. Running just fine.. This took all of 5 minutes to setup.. Your going to have to give us some details if you want us to help you other than saying its not working.. Like the openvpn log of client connetion.. The log of the server starting, etc.. Attached you can client connected and server running.. [image: workingjustfine.png] [image: workingjustfine.png_thumb]

Try this NAT outbound rule: Interface: NordVPN Client Protocol: Any Source: Network (OpenVPN Server Subnet) Destination: Any

Gotcha - I figured as much. We run rds connections via wyse thin clients through our broker and 1-2 drops disconnects their session. CSR's complain but it doesnt kill them as a simple click back in, but production may not be at their machine. We run live monitoring on our plant machines and this is where the issue comes into play as if they do not reconnect quickly, the RPM data is lost. Anywho thats an issue in itself so with that being said, I will test this package and see how it goes. Thanks!

Sounds like what people reported in this thread, see what, if any, of these things apply: https://forum.pfsense.org/index.php?topic=138608.msg764734#msg764734

Narrowed down the issue to PFBlockerNG, disable that service and I can access the internal LAN via OpenVPN Server…Will need to read up on PFBlockerNG.

Thank you for the quick reaction, Jim

@Murrayd222: Greetings, I'm curious if it is possible to run an OpenVPN server to permit remote connections to my network, via iPad and scuh, while also taking advantage of the benefits offered by Private Internet Access.  I finally got my OpenVPN server up and running and remote connects now work flawlessly.  However, when I installed PIA as instructed in the PIA pfsense router setup, the status shows as "down."  The only step I skipped was deleting the various certificates required to make the OpenVPN server work. I'd like the benefits of remote access to my network as well as the benefits provided by PIA.  Any suggestions or guides that I've missed.  My experience with pfSense consists of about a month, with MANY failures trying to get the OpenVPN server up and running. EDIT: Ok, after more tweaking, factory resetting, and more tweaking…I have everything working except one thing.  I can connect to my network via the OpenVPN server, I have the PIA VPN Client pushed to the network IP addresses I want going through the VPN.  I can remotely access both Plex and my Blue iris surveillance server.  However, there is one thing I cannot get figure out and I'm sure it has to do Firewall Rules or NAT Outbound rules.  When remotely connecting to my OpenVPN server, I want those connections to be able to access the Internet as well.  Currently, any remotely connected client to my OpenVPN server can access network IPs only and any attempts to connect to the Internet are being blocked.  The OpenVPN Server is assigned its own openvpn interface and the PIA Client is assigned its own unique PIA Interface.  If I disable the PIA client, then my OpenVPN Server connections are able to access the Internet.  Once I restart the PIA client, the Internet access of the OpenVPN Server connected clients stops.  Anyone have a suggestion or guide on how to setup the needed rules? EDIT 2:  Well, the recently changed NAT Outbound (posted below) granted my OpenVPN Server remotely connected clients to access the Internet, but it broke their ability to access LAN clients.  How can I get both Internet and LAN access for clients remotely connected to the OpenVPN Server? EDIT 3: Never mind, all is working correctly, but for some reason the remote desktop cliet on my iPad isn't connecting this morning where as the RD app on my iphone is. Current NAT Outbound Rules: [image: y4mEXk7KoQU4B6sPRulJ_3SN2BOScjfJynnv8r4UlVNvOxBcscO3eIZrI4cg39LE1QJHkYVcJRHesBtzdJy9YpkBIvgAfmQEyUXF0HzPY-tQvEGfVGMT8ASmZNu3vtbX_qsT1GVVagx9fzJTUBvkDl4pw3T9nC_ZGQAVKtt6-ymNDlFKnz-uZeb_olGAoKDIvPpjWS8vVK-RhlFUg45izcphg?width=1153&height=681&cropmode=none] Current Firewall Rules for WAN: [image: y4mySYudi7gkWW8wEFYd_G1W890iw462qh1MsshjdxO1-fGHQZqHwDQszktCJ2WcdIG5zV5VYNNEzbofY1wXUvEqx4JxzmpLmU3d5Er9QcSb9ARWxe8HAMYgZnS753dpHfGBzQtRTjLWtD1tM3LC0V-p5q1cLvVUVOMHNv8t3s6iy3KwXCZd1-qKRy_NzUl-cxkTXJs9khUZCIutISxj-Z0Nw?width=1151&height=401&cropmode=none] Current Firewall Rules for LAN: [image: y4mrTSc2Ovy84OczAWnfQoe0StvXA3q0zTRXuopL8cSTC6L4OYTBZbtKXdcCrDHgjI-BbIsQRl3XWxreywm08I12hgOh98twt297-sKOFcNulD4g-AFnbE3jD7np9LhRdXx4ozY3YutyPmDw438yNhhgeTItJ5v20wTJ2UiWsVpJVfPL0133FVTt_4KGHYHHZlq7wtq2ZD76mqe3wcWiErDTA?width=1151&height=541&cropmode=none] Are these above your working settings? Can you please please share your current working settings? I can't get them to work together no matter what I tried. I've spent the better part of the past 3 days epxerimenting with all possible combinations. I did factory resets, installed the server first and then the client and vice versa. Played with all the possible rules I could think of. Duplicated the existing outbound NAT with values both for OpenVPN and PIAVPN. I would be greatful if you could share the server's and client's config as well as the rules in WAN, LAN (or anywhere else) and also your NAT/outbound tab. I have created separate interfaces for the PIA Client and the OpenVPN server while the ''don't pull routes'' option suggested by  @viragomann disables completely the PIA client and then magically the OpenVPN server will accept the connection from my Android client. I have already asked in several topics but failed to draw any attention so I'm hoping you could help me out. Otherwise I'll have to open a new thread. I just did not want to do as there are many like us who had the same issue and the forum is full of similar threads…

@pfsensory: What I decided to do was revert my pfSense box to a backup (before I started messing around with this), and redo everything again.  Now everything is working great. One question though - I am using a tun connection, which is working fine for my purposes except for one issue.  I use Syncthing, and I would like to be able to have it sync files when I am connected to the network via VPN.  However, because Syncthing accesses devices by IP addresses, and the VPN client device now shows up under a different subnet (10. for the VPN client, 192.168. for the main LAN), the syncing devices do not see each other.  Is there some way I can get these to connect? And one more question - this time when I set things up (using the VPN wizard), no interfaces got assigned to ovpns1 or ovpns2, and there are no corresponding tabs under the Firewall rules (although rules were set up for me at the end of the wizard), unlike when I did everything manually last time. Everything seems to be working fine, but should there be something there? Hello. We have a similar setup running both OpenvPn Server and a PIA client and I was hoping you could share your settings as I can't get them to work together…. That would be greatly appreciated as it seems I'm not getting any support from anywhere for such a common thing.

Hi, my Site to Site is now running and i have setup according recommendation, it means that i have no static routes. The final solution was to reset the states and take a /30 tunnel network. Thx and Bye

At least on 2.4.2, I can't find any problems. No CRL = Connects Empty CRL = Connects Cert in CRL = Doesn't connect (and it shouldn't) Using a different cert not in the CRL = Still connects. Maybe it got fixed along the way with something else, but it doesn't seem to be an issue on 2.4.2.