@viragomann Hi
All port seems to be closed on pfSense, even they are not.

I use and "port checker" (on internet) and it shows that ports are closed but they are not.

I already disabled AV and Squid.

After reverting this changes https://redmine.pfsense.org/issues/12232 in file after update, active connections shows again in OpenVPN status.

@johnpoz Thanks

@bob-dig Thank you!

@dlogan
No, this cannot be done in OpenVPN.

I think, you could achieve this with two failover groups with inverted gateway priorities. But this requires two different OpenVPN servers on the main site.

If you want to fix this regression pls apply this patch

3ade222beb2cae2c0681ed69d4e5a0c82c6303f9

@jly2680
Same problem ?
Then you should be able to find the answer here.

Btw : you're late. 2.5.2 is past now, so is OpenVPN 2.5.2. It's pfSense 2.6.0 now, and OpenVPN 2.5.4.
But, be happy, the issue stays the same. Depending your setup you use, some adjustments have to be made.
As always, as everything, this needs the old way of finding solutions : look at the logs. Make the errors go away. Do what needs to be done.

@viragomann Thanks. Came here to report the final solution and I see you had answered with the same. The issue was that the default gateway was not responding to ICMP. Changing the monitoring IP to something else had immediately brought the Gateway up, and the routing now works as expected.

This took way longer than it should :o

Hi, thank you all for your valuable input. I went with Cert+RADIUS to have extra layers of protection, like @TO2020 mentioned. This way I have a tad bit more security and a better integration into active directory where I manage all accounts.

@misinthe said in Issues with Subnet behind UDM Pro:

It was just the internal networks on the pfSense weren't able to go through the UDMP.

Most likely because the UDMP was still natting, and to get behind you would have had to setup port forwarding on the UDMP, etc.

If your going to use the pfsense LAN as transit network to downstream router, please do not put any devices on this network - or your going to run into asymmetrical traffic flow. Whenever you connect 2 or more routers together, especially if they can firewall devices on this "transit" network between routers are going to have asymmetrical flow unless you route on each of these hosts to which router to go to get to specific networks..

If the downstream router does not nat you will most likely see the problem with downstream network trying to talk to devices on the transit..

You run into this problem..

ass.jpg

Pfsense never saw the SYN, so a SYN,ACK going to be block.. If your going to setup routers that talk to each other and route between networks they are attached to.. Setup a transit network.. See this diagram.

pfsense-layer-3-switch.png

@jmartinelli said in Very low speed on OpenVPN:

I thought that wiregard was dropped from pfsense support (i.e; no longer supported)

7a61259d-5d4c-4758-baec-d1c1e2077ea5-image.png

EXPERIMENTAL

@viragomann ok figured it out
plex was getting the my site 2 public ip so it was trying to connect directly
so I gave the docker its own IP and made this rule 57acdb42-e989-4ae8-9caa-b086ab97f01e-image.png now I get
29717dc3-d5e4-4881-8b42-f697f29d33c0-image.png
this is my rule
957da0c2-55b8-4602-b8b2-61e0bdec29c9-image.png
I even tried
1d3d78f6-8a74-482f-b315-cbe535e2c743-image.png
to test if I left a port closed but still the same.

when I disable the rule that changes the default gateway to site 1 it finds the private and public IP just fine

@troutpocket
I had this issue in former versions of the network manager OpenVPN client.
To workaround, I checked "don't pull routes" and entered the remote network manually above. As far as I remember, you only need to enter the network and mask and save it.

@thebonden this is easy if you want we can do it for you, we offer technical support at a very low cost!