@felipefonsecabh said in Make a Túnnel trought IPSSEC and OpenVPN using PFSense:

Router of External Access can ping DVC1

What source IP does it use for that?
To pass the IPSec tunnel it must be in he 192.168.15.0/24 subnet.
In which case it can only be the External Access router blocking traffic clients on it's LAN. Or potentially redirecting traffic past the IPSec tunnel?
What is that device?

Steve

And that worked?

If not then check for blocked traffic. Check the state table at both sites make sure traffic is going where you think it should.

Steve

@munzy Status > System Log >OpenVPN should be able to provide you that info.

Screenshot 2023-01-05 at 9.06.59 PM.png

@markedo hi , did you have luck resolving this ?

@mrDick гляньте тут - https://forum.netgate.com/topic/131401/%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-openvpn/75 настроено не по феншую, а переделать не получается. Но сколько лет работает на 3 офиса.

UPD по новым требованиям отключите сжатие и поставьте алгоритм на 512

UPD2 тьфу, забыл. Может уже и не актуально, но в Keenetic в ПЕРВУЮ ОЧЕРЕДЬ отрубите свой OpenVPN от других интерфейсов через CLI (там мануал есть в их хелпе), иначе эта пакость будет туннель пихать и в WI-Fi, даже если там гостевая сеть настроена!!!

@brenno_athayde said in Client vpn não comunica com a filial:

Olá, consegui resolver o problema. Percebi que estava faltando adicionar o ip do meu túnel da VPN client-to-site no campo "IPv4 Remote network(s)" nas configurações de VPN Site-to-Site tanto na matriz, quanto na filial.
Agradeço muito pela ajuda @acamoura .

Olá @Brenno_Athayde,
Ainda bem que era um simples detalhe de somente ter que publicar a rede para que a comunicação fosse estabelecida e agora se encontra funcionando o tráfego normalmente.
Precisando estamos à disposição.

@viragomann
@viragomann
Thank you so much for your reply. I have managed to do some magic by following this forum discussion:

www.truenas.com/community/threads/truenas-12-openvpn-service-testing.85461/page-2

Also, this should not be possible, right?

b59dd3a3-ac9d-4c42-89f7-6bf3dbd29f62-image.png

172.17.1.27 is a Server on the IPsec-Side, not an OVPN-client.
Why did this appear as src on the ovpns1 Interface...

@noplan said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

@trikki69 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

so your problem is now solved with this

added this to my advanced custom options within the OpenVPN client setup:
;pull-filter ignore redirect-gateway;

brNP

Yep - works great now, no thanks to ExpressVPN support.

@pigbrother
Спасибо )

@Bekoj said in TLS Error : something wrong with Certificates ?:

installed pfsense brand new in 2.4.5 version

installed pfsense brand new in 2.4.5 version

hmmm, next time I'll ask first...😉

@Gertjan "Oooohhhh. And you're telling that now ?"
Yes, we went around a bit, the point is, it's okay

Then its something with the switches.. Do they have gateways set? Do they allow access from other than their own network.. Are their masks set correctly.. What is your tunnel network, if they are set for say 10/8 and think your coming from a local IP, they won't send answer back to gateway, etc.

@jontabaco

dont know why but the supposed fix only worked for one day and nothing ive tried has resolved my remote ip from showing

You are 100% correct sir! That was the problem indeed, thanks for pointing that out!

@Derelict I think i got it to work. After i set the default gateway manually to the VPN and not automatic and saw that it worked,
i transfered the Flowing Rule i made for the outbound traffic to the Lan interface.
With the new knowledge of your help and the help of viragomann i changed some tiny things in the firewall rule.
After that i changed the default gateway back to automatic and know the outbound traffic takes the vpn and everything works.
I even rebootet the firewall to get lost of the states but everything still functions as it seems.

Thank you so very much for your dedication and your help.