@jsnl said in OpenVPN dies and wont restart when my main internet temporarily goes down: I'm unsure if my issue is related and so I've opened a new topic, but I have this happen when my remote (not my server) internet is unstable. In my case I think it has something to do with exceeding the maxclients value. Is your maxclients value set low, or at the default number? This is the thread I just opened with my logs attached. I dont have an option for maxclients in this config. I think because you're having problems with PFSense as an OpenVPN server and im having a problem with PFSener as an OpenVPN client

@jsnl said in OpenVPN quits on unstable client connection: Inactive: 300 I'm using the default settings : [image: 1672324428319-3f56ae85-9af4-462e-ad91-f6c4f5ac9320-image.png] Did you solved the huge clock time difference between the client and the server ? 1 minute is far to much. @gertjan said in OpenVPN quits on unstable client connection: When you see a packet coming in on "13:03:26" an the packet states it was send at "13:02:24" then the message (may be a replay) makes sense.

@dajones13 Thank you for your response. I ended up figuring out about the push notification. However, I did not know about the phone call option which is great to know. I also had the encryption set to PAP instead of MSCHAP which I don't think was the issue but I changed it prior to the VPN working so it could have been a factor. Thanks a lot!

@djdmx Good to hear!! Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!

@albinali ok so i figured it out, when i inspected the route table i noticed it was messed up (probably because i was playing around too much), i rebooted the PFsense device and i can connect now.

@jarhead problem solved, I was missing some static routes on both the routers... I opened a new topic here since I now have different issues with rules and interface. Thank you

@solarhacker I would reach out to whoever is the OVPN host and see what they say at this point... or wait for someone else to see this thread suggests. If you're the host check the remote-side logs.

@rm17 "We" all want this but it is not gonna happen. Again, there is no policy routing for the resolver in pfSense.

@jarhead Yeah it's definitely a problem with NAT, I tried logging into the router to change it and I couldn't even change the wifi password..

Okay, thank you!

@joeseph hey, You do not need to set each client' s network configuration. If you set (on your switch) ports 2 and 3 to belong to vlan 10, that should be enough. So configure all your vlans in pfsense, put them on your switch. Clients are put on your untagged switch access ports. Then use a trunk connection between pfsense and switch, here all vlans are tagged except vlan 1 (default). Do not use vlan 1 as a prodductive vlan, it only carries neccessary packets for your network infrastructure but should not carry any productive data. Port 1 (to pfsense as trunk) : vlan 1 untagged, others tagged Port 2 (to client 1): vlan 10 untagged Port 3 (to client in let's say vlan 30): vlan 30 untagged Etc.

Evidently, ProtonVPN is shuffling IP addresses and lagging behind on updating their documentation. I used a server with a different IP address in that same state and the system immediately connected with no issues. Odd that the connection worked right up until I restarted it - maybe they were supporting extant connections on that address but not accepting new ones...? Appears to be working fine now.

I will recommend Ivacy VPN. Its not heavy on the pocket plus provide great services in term of speed and unblocking the content.

@mgbolts Whenever you edit anything related to (VPN) policy routing, do not forget to do a Status > Filter reload. Or Diagnostics > States and reset all states (this will even disconnect you from the GUI)

@atomitech Yes, correct. The client has to be bound to the gateway failover group.

@chuck1968 OpenVPN is OpenVPN. Doesn't need pfSense. Just make sure settings are the same on both ends. Best to post pics so someone else can see because I'm sure you went through them already.

@thedharma Can you show pics of the outbound NAT? You would just use the guest network as source and wan address as NAT address and all else as ANY.

My Solution Install Shellcmd package Package Manager --> Available Packages --> Install The shellcmd utility is used to manage commands on system startup. Add a boot command to disable the OpenVPN services Find your 'OpenVPN ID' and whether it is a client or server from VPN --> OpenVPN --> (Servers|Clients) --> edit Services --> Shellcmd --> Add Command pfSsh.php playback svc stop openvpn server 1 or pfSsh.php playback svc stop openvpn client 3 ShellcmdType: shellcmd Description: Disable my OpenVPN on boot Repeat for each OpenVPN service you want to disable