@jarhead
You have to establish an layer 2 connection between server and clients.
L2 between different network interfaces can be achieved with a bridge. So you have to create a bridge at both sites.

I didn't get where your clients and the server are connected to. The concerned interface have to be bridged with the VPN interface.
So at both sites you have to use tap mode OpenVPN and assign an interface to the VPN instance. Then you can bridge these interfaces with the respective server or client interface.

@viragomann Ey, sorry for no reply, i was trying and trying... i can't do more...
The log on the server says "P_CONTROL_HARD_RESET_SERVER_V2" and "P_CONTROL_HARD_RESET_CLIENT_V2".

In the client the first message is "Preserving recently used remote addres: [AF_INET]xxx.xxx.xxx.xxx:xxxx" "UDPv4 link local:(not bound)"

I don't know what can i do 😥

@viragomann

Got it working. Thanks,

Any one has any clue ?

@greywolf could this be mtu/mss issue when tje connection is over TCP?

Seems like an ISP issue, but it has resolved itself.

Thank you for the assistance.

@mmercier can you please give me the step by step to get openvpn on the 22.01 release, been trying to configure it and it won’t start. Went by all documentation twice every time and nothing, is there another documentation on configuration for 22.01 release, please and thank you.

@mariof said in PiVPN and pfsense as Client:

my devices on the network

I didnt have to disable gateway monitoring. Got it set up and since the RPI runs PiHole before VPN I use it for DNS and gateway testing.

Do you, by any chance, have two RPIs? I have to VPN servers on two seperate RPIs on two continents (Netflix :-) works) but I am having problems with CAs as common name is the same causing pfSense to get confused.

@drhans Here are screen shots of my client config for a Nord UDP client connection that is up and working as expected. Note that if you want to start out with all traffic being routed through the VPN connection, un-check the "Don't Pull Routes" option that I have checked. The full set of "Custom Options" I have, which is not fully visible in my screen shots, is:

tls-client; remote-random; tun-mtu 1500; tun-mtu-extra 32; mssfix 1450; persist-key; persist-tun; ping 15; ping-restart 0; ping-timer-rem; reneg-sec 0; remote-cert-tls server; auth-nocache; pull-filter ignore "redirect-gateway"; pull-filter ignore "dhcp-option"; auth-retry nointeract;

Note that you will NOT want the line:

pull-filter ignore "redirect-gateway";

if you want all traffic to be routed through the VPN. And in fact I probably don't need it myself with "Don't Pull Routes" enabled. You also may or may not want the line:

pull-filter ignore "dhcp-option";

which prevents the server from pushing DNS servers to use. I have pfSense configured to use unbound but with the outgoing interfaces set to my VPN client interfaces.

Some of the other things I have in my custom options are redundant to options set up by the GUI, but not harmful; it's just been a while since I've cleaned them up, but I know that these work for Nord.

a7263980-045c-4839-8c67-22e0ff199eb7-image.png
51fb8fe1-920c-42a1-89f7-caa871c1ecd6-image.png
a9999673-6e36-44ad-ae68-77d440194da5-image.png
7cfbc770-9ae4-4114-b321-e3840c6aca98-image.png

@circle-0 said in How to route a wifi interface through OpenVPN?:

These describe in various clarity how to set things up for LAN and I thought I could just replace the LAN interface occurences in the guides with the wifi interface/network. No luck however.

Generally it should work this way as described.

Consider that in the outbound NAT rule you have also to replace the source with your wifi network.

If it doesn't work, post more details of your setup.

@michmoor Ok i think i figured it out. I think..
When the phone or any device goes idle, and authentication happens again it fails obviously because the authcode changed as well.

Is there an option that will pick up where you left off ' resume the connection again.

On more corporate environments I have worked in, that is a feature with a hard time out of 24hrs so there is a user convenience factor to all of this.

@aldomoro

pfSense shows you what you've entered as user credentials.

I'm using TLS only, and not User/passwords, the connection shows the CN entry in the certificate, not the name of the iPhone, neither the created user for this VPN connection.

So, you decide what shows up when a user connects.

@summer
I would agree that something is hitting that ip/port (could be a simple portscan or worse)
But if you have a secure setup , there is prob. no reason to worry.

/Bingo

@ryanwhite36
Which pfSense version are you on?

@wgstarks said in [SOLVED] Connecting from OpenVPN server subnet to VLAN’s:

@johnpoz
Can I use an alias in place of the list of networks?

Nevermind. I see it in the fine print.