@johnpoz
Thanks Again. I'll play around with NAS firewall to see if that's the issue.

@pastic
Of course you can control access by a VPN server.
But consider that you can only control the traffic by source and destination IPs and ports. So if user A should not see the website of user B you have to put them on different IPs or at least different ports and you have to set up client specific overrides for all users to separate them on the VPN server.

I think, it would be simpler to do that by a reverse proxy.

@viragomann
to be clear , my issue is that when im connecting to my home VPN using oVPN connect
from my PC -> DNS breaks down , and i cannot browse the internet .

if i use oVPN GUI (downloaded from withing pfsense ) everything works .

but i cannot use the GUI version , cos i have to have multiple profiles imported . (Home& work)

@david2121

montre nous les règles de pfS LAN / openVPN

est-ce un VPN site2site ?

avez-vous défini votre route xorrect

paramètres de ?

bbaf2ed3-8d78-4c17-82bc-7e376d2f04a5-grafik.png

@viragomann I just tried it again with a different server-side and it worked flawlessly.

@nick-loenders
Yes, this simply adds the proper route on the client to go over the VPN gateway.

Is it possible to open a feature request about?

@viragomann said in Can't connect windows computer to openvpn:

Therefor we use pfSense, which handles much better the nasty stuff then the any providers router

yeeessss
Totally agree on that one !

@abinition said in OpenVPN connection fails unless appliance has static IP WAN:

Away you go...

What about IPv6?

@viragomann man, thank you immensely! I had never thought about it from that perspective. Worked perfectly!

@v1k0d3n Hi, I just installed that package but I dont see an option for it to trigger when the tunnel is down, it looks like its just a basic recover if daemon is down thing.

@viragomann Game server is on Interface 2, Client is on the OpenVPN interface. Here's a quick layout of my network:

Interface 0 - WAN
Interface 1 - 192.168.0.x
Interface 2 - 192.168.1.x
OpenVPN - 192.168.2.x

Interface 1 an 2 can reach the internet through WAN/Interface 0, but generally can't talk to each other (with some exceptions made in the firewall).

Locally, a computer on Interface 1 can play games with computers on Interface 2. I just looked for the ports that were requested and opened those up on the firewall. Additionally, computers on Interface 2 can talk to a file share on Interface 1.

Using the VPN, I copied the rules used for the file share and gaming (on both the physical and OpenVPN interface respectively) to do the same thing for OpenVPN clients. I'm able to connect in, and from the OpenVPN client I can connect to the file share on Interface 1. I'm able to ping the game server on Interface 2, but when I try to run the games they server isn't visible in the game.

@maar said in The OVPN client can't reach the local network after successfully establishing:

You added a static route on pfSense with its own LAN IP as gateway??
That makes no sense at all. Moreover there should be set static routes for remote networks which are reachable via VPN.

Without that static route, traceroute to some-server under 10.0.10.10 (AWS) leads to nothing and I can't ping it from PFSense server at all.

But it should work from the OVH network, I assume.

That static route can bring some miss-routing into your network at all. Maybe the access from OpenVPN clients to AWS works if you remove it.

Some workers from AWS kubernetes are working with OVH databases through this tunnel from yesterday without interruptions.

This doesn't say anything about the tunnel 172.16.0.0/24 <> 10.0.0.0/16. You have three tunnels, each connects one local subnets with one on the remote site. All three have to be established for full function.

Update: It looks like this is a DNS issue. For some reason my computer wasn't using 192.168.1.1 as its DNS Server. I forced it to be this in the Ethernet settings, and is currently working fine.

@ssbarnea I have the same question with a twist. I created 9 OpenVPN clients to different geographical regions and they are in a gateway group for load balancing and failover.

Each region sends down different DNS addresses.

I also have two networks. All users connecting to LAN go via OpenVPN while users connecting to OPT1 network bypass VPN.

How do I make users on the LAN to only use OpenVPN provided DNS servers, preferably on the OpenVPN client they are currently using. Currently it appears that those clients use all DNS servers configured in General Setup.

Thanks