@umm12 said in Problem with discovered local ip in openvpn:

but when i used firefox

See here :

0f42851a-7f5a-45ff-8a81-003f9929a760-image.png

These are the webrtc options.

what all these options mean, I can't tell.
See the manual.

Btw : why asking here ? Firefox support could help you ;)

@kom OK, found the issue, it was basically this: https://forum.netgate.com/topic/82412/pia-openvpn-gateway-offline

the solution was to go into System / Routing / Gateways, and to set the Monitor IP in the VPN gateway to an IP that accepts pings (or to turn off gateway monitoring). Then the status of the gateway switches to online. Then my PC connects to the internet through the VPN.

I just don't understand why the same problem didn't occur on my private switch setup. Perhaps because it is an earlier version of pfsense (2.4.4-p2)

@ctech I fixed it. You need to go to the client-specificScreen Shot 2021-09-07 at 6.50.28 AM.png overrides and add your network as shown:

@peterthompson Hi

i have the same problem, I am using Starlink and a router with OpenWRT and installed OpenVPN.. on slow DSL it is working fine, but with the Starlink I can't connect VPN, it fails on TLS Handshake.
can you maybe give details, how you get OpenVPN and Starlink working? :)

@umm12 said in how to route openvpn tunnel traffic through squid proxy server?:

but i have port 6000 for squid proxy server. I do not use this port on Remote networks on client side of Pf-1???

So you want to use the proxy in transparent mode, but on port 6000?
I‘m not really family with proxying, but don’t think it can work this way. Maybe it does when you forward the traffic to port 6000 on pf1.

@johnpoz
I using layer 3 tunnel mode.
How i can disable arp on openvpn clients in pfSense?

@abracadabras The problem is solved. I have several CA, I had to choose the FreeRADIUS CA certificate in the OpenVPN setup.

@heiko-ecm4u said in DNS problems vor connected clients having dual stack ipv4/v6:

office has only a ipv4 had no need until now ...

Prob be that way for 10+ more years at least if not longer.. Until such time that major players go IPv6 only - offices have little need of IPv6 to be honest.

@gertjan Yes. The reason is to use the always-on vpn-feature in android and not manually have to to anything for a vpn connection at anytime. Also OpenVPN for Android works as an app firewall, so I can block apps to access the internet at anytime.

@fuxxik
pfSense cannot control the traffic between OpenVPN clients, this happens within OpenVPN and here you only can allow all inter-client communication or not.

To achieve what you want, you will have to set up an additional OpenVPN server on pfSense for that specific client. This way the traffic to this client has to pass pfSense and you can control it by filter rules.

Is there any information available on adding Okta 2FA? This could be a deal breaker for out continued purchase of pfsense licenses.

Is there any information available on remote pulling CRLs? This could be a deal breaker for out continued purchase of pfsense licenses.

I've run into a similar issue, also having many other instances working in the field.

The problem that I can see is that the iroute works, within the openvpn space, but the OS underlay is not adding the route, so traffic doesn't go back.

If you raise the log level to 6 and grab the logs, you'll see if your iroute gets installed, then ssh into the pfsense os and perform netstat -rn, you'll se if the OS has the route.

Still haven't found a solution myself.

Split tunnel maybe ?

@marvosa hi dear friend.
I have different services like monitoring and others that needs to be in two different VM, so I need my users traffic to pass from two nodes With full tunnel remote access server I can only pass my traffic through one node. I also need my connection to be layer two connection.
I uploaded full config of my pfsense-1 and pfSense-2.please see them and help me.
I want to connect pfSense-1 with layer 2 tap mode and then because pfsense-1 and pfsense-2 conncted with layer 2 tap mode site to site therefore i will using pfsense-2 ip address that for example when i checking my ip address on https://myip.ms website, i pfsense-2 ip address.
5.PNG

7.PNG 6.PNG 5.PNG 4.PNG 3.PNG 2.PNG 1.PNG 9.PNG 8.PNG

5.PNG 4.PNG 3.PNG 2.PNG 1.PNG

@ipguy

That's a openvpn thing, and thus a openvpn question.
You can find these on the openvpn forum. I found one for you.
Also have a look at the openvpn "manual".