Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client & Server Issues

    Scheduled Pinned Locked Moved OpenVPN
    23 Posts 3 Posters 2.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      Iceman @Derelict
      last edited by

      @Derelict I though so too, but I changed the remote network from a Class A to a Class B, and that didn't make a difference. Upon watching the hangout video produced by Jim Pingle "OpenVPN as a WAN on pfSense", he had answered a question from one of the chat members stating that you typically would not want 1 outbound NAT firewall rule that uses the "OpenVPN" interface when using multiple VPN's.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Class A to Class B, what does that mean? Why would anyone anywhere be using /8 or /16 networks in an OpenVPN? If you are doing that you are both wrong and almost certainly conflicting with a network your OpenVPN provider is using internally.

        They either conflict or they don't. Look at the routing table. Look at the logs.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        I 1 Reply Last reply Reply Quote 0
        • I Offline
          Iceman @Derelict
          last edited by Iceman

          @Derelict In other words I went from using 10.8.0.0/24 to using 172.16.10.0/24 for my OpenVPN Server. And I will look at the logs to determine if there is confict. I don't think there is though.OpenVPN_Serv_set1.png

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            Those are /24 networks, not "Class A" or "Class B" networks. If anything, they are "Class C" networks but nobody (nobody) uses classful terminology any more. Like ever.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            I 1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              That server will do two things:

              Insert a route for 172.16.10.0/24 into the routing table so the firewall knows to send traffic to those addresses into that OpenVPN process.

              Push a route for 192.168.1.0/24 to any clients that connect so they know to send that traffic over the OpenVPN tunnel.

              None of that has anything to do with any OpenVPN client connection you have set up.

              Are you going to send that status output file?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              I 1 Reply Last reply Reply Quote 0
              • I Offline
                Iceman @Derelict
                last edited by

                @Derelict I know that has nothing to do with OpenVPN client connections. The problem seems to affect my WAN too. I run my whole LAN net through PIA_VPN but have rules in place to allow a few devices to bypass that PIA_VPN. They are also affected when the OpenVPN Client and OpenVPN Server are running simultaneously. I can send a status output file, but you'll need to be specific with me exactly which status file you are talking about and before sending it I would need to edit it if need be as to not expose any private info.

                1 Reply Last reply Reply Quote 0
                • I Offline
                  Iceman @Derelict
                  last edited by

                  @Derelict said in OpenVPN Client & Server Issues:

                  Those are /24 networks, not "Class A" or "Class B" networks. If anything, they are "Class C" networks but nobody (nobody) uses classful terminology any more. Like ever.

                  They are Non-standard
                  Non_Stand.png

                  1 Reply Last reply Reply Quote 0
                  • DerelictD Offline
                    Derelict LAYER 8 Netgate
                    last edited by Derelict

                    Nobody uses those any more. It is all Classless (CIDR) RFC1918.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    I 1 Reply Last reply Reply Quote 0
                    • chpalmerC Offline
                      chpalmer
                      last edited by

                      Except a few older websites that refuse to update things..

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • I Offline
                        Iceman @Derelict
                        last edited by

                        @Derelict said in OpenVPN Client & Server Issues:

                        Nobody uses those any more. It is all Classless (CIDR) RFC1918.

                        I was only using this to generalize with you that there shouldn't be any conflicts between the tunnel networks.

                        1 Reply Last reply Reply Quote 0
                        • DerelictD Offline
                          Derelict LAYER 8 Netgate
                          last edited by

                          Well there is obviously something wrong with what you have done or it would be working.

                          Pretty much at a loss to say what that is based on what we have been shown.

                          I sent a private asking for a complete status output that I have yet to receive. So absent that I'm not sure what to tell you.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          I 2 Replies Last reply Reply Quote 0
                          • chpalmerC Offline
                            chpalmer
                            last edited by

                            @Iceman said in OpenVPN Client & Server Issues:

                            When I have both enabled, all the traffic that that goes through the OpenVPN Client suffers a dramatic decrease in bandwidth.

                            pfsense hardware??

                            Triggering snowflakes one by one..
                            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                            I 1 Reply Last reply Reply Quote 0
                            • I Offline
                              Iceman @Derelict
                              last edited by

                              @Derelict I stepped away from the office for a moment to grab a bite to eat...I will replicate and send the log file when I get back.

                              1 Reply Last reply Reply Quote 0
                              • I Offline
                                Iceman @chpalmer
                                last edited by

                                @chpalmer said in OpenVPN Client & Server Issues:

                                @Iceman said in OpenVPN Client & Server Issues:

                                When I have both enabled, all the traffic that that goes through the OpenVPN Client suffers a dramatic decrease in bandwidth.

                                pfsense hardware??

                                Protectli FW6B

                                1 Reply Last reply Reply Quote 0
                                • I Offline
                                  Iceman @Derelict
                                  last edited by

                                  @Derelict I was able to resolve this issue by deleting the OpenVPN Server that was created by the wizard and creating a new VPN Server and assigning it to an interface. Once that was completed, I then created rules for that interface by adding the rules on it's tab and a rule on the WAN1 tab. Then I created a NAT outbound rule for that interface and everything is working correctly now.

                                  1 Reply Last reply Reply Quote 1
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.