@viragomann That was one of the first things I did when I rebuilt the network (static assignment). It wasnt DHCP, I just assigned it from a new block of addresses I'd reserved for a few devices. It just didn't remotely occur to me there would be dependencies on that IP within that client box. That just goes back to my lack of familiarity with the internals of the OpenVPN server box he is using. Hey, at least I learned something.....

I think it's got to be some sort of asymmetric issue. What would I look at to investigate that?

I think it's not a pfsense firewall being cleared during testing because a) I'm not clearing it and I'm theonly admin and b) if I try the test a few hours later I get the same results. Just before retrying the test later I confirm the openVPN has no sessions on it. That being said maybe I should try clearing the sessions of both the LAN and WAN? I do have my clients when testing on my LAN just before disconnecting and joining the openVPN over the WAN.

@visseroth said in OpenVPN no traversing:

@jknott I agree though I'm not quite sure how to correct that problem.
If I check the routes on my firewall for 192.168.1 nothing comes up

Your network knows how to reach the other end of the VPN, as it's network is directly connected to your firewall. You have to create a route for the LAN at the other end via the VPN. Then, any device on your LAN will be able to get to the other LAN, with the default route pointing to your firewall and your firewall will know how to get to the LAN at the other end of the VPN.

@jsnl said in OpenVPN dies and wont restart when my main internet temporarily goes down:

I'm unsure if my issue is related and so I've opened a new topic, but I have this happen when my remote (not my server) internet is unstable. In my case I think it has something to do with exceeding the maxclients value. Is your maxclients value set low, or at the default number?

This is the thread I just opened with my logs attached.

I dont have an option for maxclients in this config. I think because you're having problems with PFSense as an OpenVPN server and im having a problem with PFSener as an OpenVPN client

@jsnl said in OpenVPN quits on unstable client connection:

Inactive: 300

I'm using the default settings :

3f56ae85-9af4-462e-ad91-f6c4f5ac9320-image.png

Did you solved the huge clock time difference between the client and the server ?
1 minute is far to much.

@gertjan said in OpenVPN quits on unstable client connection:

When you see a packet coming in on "13:03:26" an the packet states it was send at "13:02:24" then the message (may be a replay) makes sense.

@dajones13 Thank you for your response. I ended up figuring out about the push notification. However, I did not know about the phone call option which is great to know. I also had the encryption set to PAP instead of MSCHAP which I don't think was the issue but I changed it prior to the VPN working so it could have been a factor. Thanks a lot!

@djdmx Good to hear!!
Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!

@albinali ok so i figured it out, when i inspected the route table i noticed it was messed up (probably because i was playing around too much), i rebooted the PFsense device and i can connect now.

@jarhead problem solved, I was missing some static routes on both the routers...

I opened a new topic here since I now have different issues with rules and interface.
Thank you

@solarhacker I would reach out to whoever is the OVPN host and see what they say at this point... or wait for someone else to see this thread suggests.

If you're the host check the remote-side logs.

@rm17 "We" all want this but it is not gonna happen. Again, there is no policy routing for the resolver in pfSense.

@jarhead Yeah it's definitely a problem with NAT, I tried logging into the router to change it and I couldn't even change the wifi password..

Okay, thank you!

@joeseph hey,
You do not need to set each client' s network configuration.
If you set (on your switch) ports 2 and 3 to belong to vlan 10, that should be enough.

So configure all your vlans in pfsense, put them on your switch. Clients are put on your untagged switch access ports. Then use a trunk connection between pfsense and switch, here all vlans are tagged except vlan 1 (default).

Do not use vlan 1 as a prodductive vlan, it only carries neccessary packets for your network infrastructure but should not carry any productive data.

Port 1 (to pfsense as trunk) : vlan 1 untagged, others tagged
Port 2 (to client 1): vlan 10 untagged
Port 3 (to client in let's say vlan 30): vlan 30 untagged
Etc.

Evidently, ProtonVPN is shuffling IP addresses and lagging behind on updating their documentation. I used a server with a different IP address in that same state and the system immediately connected with no issues. Odd that the connection worked right up until I restarted it - maybe they were supporting extant connections on that address but not accepting new ones...?

Appears to be working fine now.

I will recommend Ivacy VPN. Its not heavy on the pocket plus provide great services in term of speed and unblocking the content.

@mgbolts

Whenever you edit anything related to (VPN) policy routing, do not forget to do a Status > Filter reload.
Or Diagnostics > States and reset all states (this will even disconnect you from the GUI)

@atomitech
Yes, correct. The client has to be bound to the gateway failover group.