@jp4555 Your setup is not clear to me at all. The server which are want to access across the VPN is connected to pfSense and has the IP 192.168.10.10, but the subnet 192.168.10.0/24 is not defined on pfSense? How should access to the server work with that? Why has the PC two IPs?

@pftdm007 said in NordVPN setup on pfsense - questions about basics: FW mode is already enabled in Unbound, and Nord's DNS servers are already set in General Setup. This is leaking. Who says that it is leaking, a leaking testsite? Would be curious to know about the exact results. Also you should create this alias I told you and make more general rules with that instead of doing it on a per port basis.

@blasta I was exploring this option as well. I read about using Google Authenticator, which is free, however I was unable to find enough details to make this work. I ended up using DUO MFA, which works great. So pfSense > DUO auth proxy > MS NPS > AD

@viragomann What you are seeing is what I would expect and seems pretty normal. What the user is experiencing is not. That's in OpenVPN? The only sections I have are: General Information Cryptographic Settings Tunnel Settings Client Settings Advanced Client Settings Advanced Configuration

@skippern12 still slow on latest version to date... using openvnp connect on Android 12... and on server UDP with 128 data encryption (minimun).. I can't exchange big files (above 500 KB), I get timeout

seems like, the only, what was missing, was a OUTGOING NAT rule i've added a rule with allow all from LAN to the remote net behind the tunnel. that made it work.

@noplan Thank you !

@milosz-engel for openvpn look here: openvpn-external-crl-automatic-renewing-openvpn-restart So... you could download the CRL with Curl, transfrom it in x509 and drop it where it is needed.

@gertjan You should try how the script works. It returns IP address of the LEAST loaded server in a country at this moment . The idea I have is to use cron to stop VPN client every 15 minutes, get the least loaded server IP, change it in pfSense OpenVPN client config and start the client. This way my pfSense will be "always" connected to the fastest server in a specific country.

@gertjan gotcha so my scenario is that I have a user who needs a vpn address from me but does not need my dns, or dns suffix. Just the remote network. So I believed that setting a csc with no dns option would work but instead they get the firewalls upstream dns servers which I didn’t expect.

@viragomann sorry, still don't understand, how to stop traffic from passing to normal gateways and pass it to openvpn client instead; don't capture general idea