Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. openvpn
    Log in to post
    • All categories
    • B

      OpenVPN connects but no traffic
      OpenVPN • openvpn server dd-wrt • • bobby121418

      9
      0
      Votes
      9
      Posts
      182
      Views

      JKnott

      @bobby121418

      As long as the ends have different addresses, within the same subnet, it should work. PfSense does that for you automagically. It assigns the first usable address to itself and subsequent addresses to the client(s). All you have to do is pick the subnet.

    • semiraue

      Pfsense 1:1 NAT with site-to-site ipsec
      General pfSense Questions • ipsec nat site-to-site openvpn • • semiraue

      4
      0
      Votes
      4
      Posts
      171
      Views

      stephenw10

      So the P2 will effectively end up being (in my example) 10.200.10.0/24 to 10.100.10.0/24.
      Each side 'hides' it;s local 10.10.10.0/24 subnet behind another, same sized, subnet. You could use any unused subnet for that I just chose 10.100.10.0 and 10.200.10.0.

      So on each side that would be the Binat address.

      https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html

      However if you do not need access between the two subnets dircetly but only from the pfSense_1 OpenVPN subnet this becomes easier. You only need to BiNAT on the pfSense_2 side like:

      Screenshot from 2022-05-12 14-02-05.png

      On the pfSense_1 side the P2 would be just be 172.10.10.0/24 to 10.100.10.0/24

      To access the remote side VPN clients would need to use the equivalent NAT address.

      Steve

    • M

      MTU question with MultiWan/OpenVPN/Wireguard
      Routing and Multi WAN • mtu mss multiwan wireguard openvpn • • murdof

      1
      0
      Votes
      1
      Posts
      158
      Views

      No one has replied

    • M

      Не вижу подсеть клиента OpenVPN
      Russian • open vpn vpn openvpn keenetic pfsense • • mrDick

      33
      0
      Votes
      33
      Posts
      570
      Views

      PTZ-M

      @mrDick гляньте тут - https://forum.netgate.com/topic/131401/%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-openvpn/75 настроено не по феншую, а переделать не получается. Но сколько лет работает на 3 офиса.

      UPD по новым требованиям отключите сжатие и поставьте алгоритм на 512

      UPD2 тьфу, забыл. Может уже и не актуально, но в Keenetic в ПЕРВУЮ ОЧЕРЕДЬ отрубите свой OpenVPN от других интерфейсов через CLI (там мануал есть в их хелпе), иначе эта пакость будет туннель пихать и в WI-Fi, даже если там гостевая сеть настроена!!!

    • blasterspike

      OpenVPN server certificate verify failed on pfSense 2.6.0
      OpenVPN • openvpn verify failed certificate tls-verify certificate crl • • blasterspike

      3
      0
      Votes
      3
      Posts
      292
      Views

      blasterspike

      Still following the thread I mentioned above, I saw that the eval previously was right before RESULT=.
      I have tried to comment the if statement block and move eval, so this way

      # eval serial="\$tls_serial_${check_depth}" # if [ -n "$serial" ]; then eval serial="\$tls_serial_${check_depth}" RESULT=$(/usr/local/bin/php-cgi -q /etc/inc/openvpn.tls-verify.php "servercn=$2&depth=$3&certdepth=$4&certsubject=$5&serial=$serial&co nfig=$config") if [ "${RESULT}" = "FAILED" ]; then exit 1 fi # fi

      and I don't get anymore the error on the certificate!
      I don't know if I need to open an issue about this.

      However, now I get the error about the user authentication

      SENT CONTROL [spike]: 'AUTH_FAILED' (status=1)

      like I was getting when I set "Certificate Depth = Do Not Check".
      I looks like I'm not the only one having this issue.

    • mgi

      OpenVPN client drops after assigning interface
      OpenVPN • openvpn client openvpn openvpn problem tls tls error • • mgi

      10
      0
      Votes
      10
      Posts
      766
      Views

      mgi

      @johnsheridan Thanks for the info and testing. That makes sense. I’ll have a look at those files and patch.

      This will be probably fixed in one of the next releases then.

    • I

      openVPN authentication to Okta LDAP
      OpenVPN • openvpn ldaps ldap • • ignazio.castellana

      1
      0
      Votes
      1
      Posts
      164
      Views

      No one has replied

    • S

      OpenVPN external CRL automatic renewing - OpenVPN restart
      OpenVPN • crl expiration restart openvpn crl expired • • sokosko

      1
      0
      Votes
      1
      Posts
      153
      Views

      No one has replied

    • S

      Internal FTP Client to outside FTP Server?
      General pfSense Questions • ftp client openvpn pfsense • • sweeperq

      5
      0
      Votes
      5
      Posts
      126
      Views

      S

      @stephenw10 I didn't realize that I was able to create an interface for VPN. I did that (and it booted the remote users, lol), and was able to configure the FTP Proxy Client plugin to work with it. Thank you for your help!

    • B

      PfSense AWS OpenVPN kein Internet
      Deutsch • aws openvpn internet • • benjaminpc

      8
      0
      Votes
      8
      Posts
      262
      Views

      V

      @benjaminpc said in PfSense AWS OpenVPN kein Internet:

      Wenn ich mich aber nun via OpenVPN verbinde kann ich zwar die PfSense pingen aber nicht die Server im LAN Netz
      Ebenso haben die Server kein Internet

      Beide Symptome könnten hier dieselbe Ursache haben, aber auch verschiedene.
      Ich würde die Internet Verbindung der VMs als erstes in Angriff nehmen. Scheint mir leichter zu klären zu sein.

      Nachdem die pfSense aus dem Internet erreichbar ist und ihrerseits die Server erreichen kann, besteht mal "physisch" eine durchgehende Verbindung.
      Ich nehme an, vom LAN ist nach wie vor alles erlaubt, also die standardmäßige any-to-any Regel aktiv.

      Dann versuche mal von einer VM einen Ping auf 8.8.8.8. Wenn das funktionieren sollte, liegt es vermutlich daran, dass die VMs keine Hostnamen auflösen können.

      Falls der Ping auch scheitert, könnte das Outbound NAT nicht funktionieren. Dann würde ich die Frage stellen, wie dein WAN konfiguriert ist. Wenn manuell, hast du in den Interface Einstellungen auch das Gateway angegeben?

    • JeGr

      Pot. Bug: OSPF routes via OVPN lost or not refreshed in routing table
      FRR • frr pfsense 2.5.2 ospf openvpn routing • • JeGr

      5
      1
      Votes
      5
      Posts
      388
      Views

      W

      @mdomnis I have since upgraded to 22.01 with FRR version 1.1.1_6. In my preliminary testing, the routes seems to be working closer to what is expected. I still have a weird issue where sometimes the neighbors don't like to peer fully and I have to force restart FRR, but from some quick tests, it looks like at least the route is being added to the table correctly. For now at least.

    • E

      Sometimes issues with OpenVPN udp via OpenVPN udp
      OpenVPN • openvpn mtu multi-wan • • Elephant

      1
      0
      Votes
      1
      Posts
      160
      Views

      No one has replied

    • M

      Remote OVPN Client access devices in Remote LAN over OpenVPN Site2Site link?
      OpenVPN • openvpn openvpn client site-to-site routing • • mpcjames

      4
      0
      Votes
      4
      Posts
      310
      Views

      johnpoz

      @mpcjames glad I could help.

    • A

      Site to Site AWS
      OpenVPN • aws openvpn • • acinoarevirn

      1
      0
      Votes
      1
      Posts
      171
      Views

      No one has replied

    • C

      AUTH_FAILED
      OpenVPN • help openvpn log openvpn • • corathan90

      1
      0
      Votes
      1
      Posts
      132
      Views

      No one has replied

    • I

      OpenVPN hinter HAProxy Reverse Proxy - wie?
      Deutsch • haproxy openvpn reverse proxy • • iHaveAstream

      15
      0
      Votes
      15
      Posts
      688
      Views

      nonick

      @viragomann Dachte ich mir schon, ist aber ist trotzdem schade. Irgendwas ist immer, vor allem wenn etwas einfach umzusetzen ist. Das ganze funktioniert ja überraschend gut, nur das die IP-Adressen von der anfragenden Quelle nicht an den HAProxy weitergereicht werden.

    • A

      Can’t access TrueNAS machine outside its own VLAN
      General pfSense Questions • vlan openvpn ping truenas • • agomendes

      7
      0
      Votes
      7
      Posts
      379
      Views

      A

      @johnpoz

      Yap! You are right... Some times we don’t think as it should be. It’s exactly the same situation that I’ve with the printer – just an IP assign and everything is working.

      As far as I know, TrueNAS (before FreeNAS) has not any internal firewall. At least configurable with the GUI. I’ll investigate deeper.

      Maybe it’s the gateway (I’ve some doubts that is wrong), so I’ve to confirm.

      For testing, I’ll also change the NAS to the LAN (same net where I’ve also the pfSense) and check if anything changes.

    • R

      pfSense OpenVPN on VPS client not access internet
      OpenVPN • openvpn • • romanvekil

      15
      0
      Votes
      15
      Posts
      466
      Views

      V

      @romanvekil said in pfSense OpenVPN on VPS client not access internet:

      here wireshark listening vpn interface form pc when connected

      Would like to know if you can see these packets on pfSense OpenVPN interface likewise. I suspect, you can't.
      In this case, I'd recommend to tear down the OpenVPN server and start from scratch.
      Have read some threads here in the past, where people complaining similar issues and never got it working.

    • B

      OpenVPN Verbindung mehr als nur miserabel
      Deutsch • pfsense openvpn • • benjaminbeckcsl

      11
      0
      Votes
      11
      Posts
      353
      Views

      H

      @benjaminbeckcsl
      Ohne Konfiguration ist das echt schwer

    • A

      OpenVPN NAT 1:1 on only one client configured
      NAT • nat openvpn • • AnthoInn

      2
      0
      Votes
      2
      Posts
      234
      Views

      A

      @anthoinn Problem resolved just need to put correct subnets on server side

    • N

      openvpn and surfing
      OpenVPN • openvpn public ip wan p public ip • • nick.loenders

      10
      0
      Votes
      10
      Posts
      250
      Views

      V

      @nick-loenders
      Yes, this simply adds the proper route on the client to go over the VPN gateway.

    • B

      nmap HS through openvpn
      Français • nmap openvpn • • Bizbi

      1
      0
      Votes
      1
      Posts
      187
      Views

      No one has replied

    • C

      OpenVPN S2S client daemon get's killed
      OpenVPN • openvpn s2s daemon dies • • copadmin

      1
      0
      Votes
      1
      Posts
      96
      Views

      No one has replied

    • 3

      Cannot access Windows share via OpenVPN
      OpenVPN • openvpn windows share • • 3lmar

      5
      0
      Votes
      5
      Posts
      190
      Views

      3

      @3lmar It turned out it was a totally different problem.
      The solution is somehow related to pfsense, because I would not have found it without pfsense's package capture.
      My windows 10 notebook on the OpenVPN was trying to connect via port 80, which seemed strange. I learned it did that, because the share wasn't on the same subnet.
      The solution was to disable NetBIOS over TCP/IP: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/direct-hosting-of-smb-over-tcpip

      Sorry for having disturbed you.
      Maybe this helps anybody else, who like me wouldn't expect a problem with windows pcs connecting to windows pcs.
      I should have stayed with linux.

    • K

      OpenVPN site to site NAT
      NAT • nat openvpn site-to-site • • KryQ

      7
      0
      Votes
      7
      Posts
      359
      Views

      K

      @viragomann Ok i got it working.
      It took some cleaning up after previous attempts and I wouldn't make it work if it wasn't for you info.
      Thanks

    • J

      Communication entre OpenVPN Site/Site et clients roadwarrior
      Français • openvpn site-to-site roadwarrior • • John63

      4
      0
      Votes
      4
      Posts
      273
      Views

      J

      (L'adresse 20.0.0.1 n'est pas privée : ce n'est pas recommandé !)

      Je ne comprends pas que vous ayez utilisé le MEME réseau pour le VPN site-à-site et le VPN roadwarrior ! Ce réglage ne peut que perturber le pfSense !

      Il faut

      configurer des réseaux différents pour le client OpenVPN et le serveur OpenVPN, en sus, pour les clients roadwarrior, il faudra ajouter une route (push route) pour qu'il atteigne le site Bureau.
    • E

      How can I get OpenVPN to use QAT acceleration offload?
      OpenVPN • openvpn quickassist wireguard • • ensnare

      3
      1
      Votes
      3
      Posts
      315
      Views

      E

      @johnnyfive Yeah this is the problem - what a shame. It would be really great to have full acceleration using QuickAssist!

    • A

      2.5.0 ruined 1:1 nat
      OpenVPN • openvpn nat • • anyfreename

      2
      0
      Votes
      2
      Posts
      214
      Views

      A

      Somebody please?

    • M

      Openvpn Manual Start
      OpenVPN • openvpn • • mttpfsenseadmin

      1
      0
      Votes
      1
      Posts
      74
      Views

      No one has replied

    • M

      OpenVPN connect but no internet on iOS and Mac Pls help
      OpenVPN • open vpn help openvpn • • mrdenis

      1
      0
      Votes
      1
      Posts
      114
      Views

      No one has replied

    • J

      OpenVPN roadwarrior can't access remote office via existing IPSEC - setup screenshots included
      Routing and Multi WAN • ipsec openvpn roadwarrior • • JustSomeAussieGuy

      3
      0
      Votes
      3
      Posts
      154
      Views

      J

      @mainzelman Thanks for the reply.

      Site B IPSec firewall rules were empty (I assumed this to be ok because Site A and Site B hosts can talk no problems)

      I added the rule for Site B and it appears to be now working!
      dd6e54f6-fa74-4b38-bf03-a8b3e6c04ec9-image.png

      I knew it had to be something simple I missed, thank you!

    • semiraue

      Route openvpn client traffic through another openvpn client
      General pfSense Questions • routing nat gateway openvpn site-to-site • • semiraue

      14
      0
      Votes
      14
      Posts
      517
      Views

      stephenw10

      Do you see it being routed in packet captures or the state table when you try to reach 1.1.1.1?

      Where does it fail?

    • N

      packet checksum/connectivity error when routing from OpenVPN to IPSec.
      IPsec • checksum ipsec openvpn • • nuclearstrength

      1
      0
      Votes
      1
      Posts
      196
      Views

      No one has replied

    • N

      Is it possible to NAT all the OpenVPN clients to LAN addresses?
      OpenVPN • openvpn nat routing • • nuclearstrength

      3
      0
      Votes
      3
      Posts
      193
      Views

      N

      @viragomann thank you for the suggestion, I am gonna give it a try, we should fix the issue by having the remote endpoint add a phase 2 for the openvpn subnet but in the meantime this should fix it as well.

    • N

      OpenVPN Clients reach only some remote MPLS addresses, LAN client reach them all
      Routing and Multi WAN • openvpn mpls routing • • nuclearstrength

      1
      0
      Votes
      1
      Posts
      71
      Views

      No one has replied

    • W

      Combining Remote Access VPN with Site-to-Site VPN
      OpenVPN • openvpn routing pfsense site-to-site remote-access • • WoodenGolem

      3
      0
      Votes
      3
      Posts
      110
      Views

      W

      Thank you very much! Your solution fixed my problem! I missed to add the tunnel network to the remote networks on site B.

    • P

      OpenVPN Tunnel network metric
      OpenVPN • openvpn openvpn routing openvpn client • • pszafer

      3
      0
      Votes
      3
      Posts
      76
      Views

      P

      IMO it's impossible to tell active directory domain member to not look for dns record of domain name.

    • N

      OpenVPN Can not reach devices in LAN other than the LAN-Gateway
      OpenVPN • openvpn lan unreachable • • NiDaKuDE

      4
      0
      Votes
      4
      Posts
      105
      Views

      N

      Hey there,
      I think the problem is not within the Router but in the testserver.

      Even though I did a reinstall recently and never installed anything else than apache2 and openssh-server, a tcpdump confirmed that the packets arrive at my testserver but my testserver does not respond to them for whatever reason. So most probably my fault.

      Anyway

      Thank you @Rico !

    • W

      Configuration OpenVPN : site-to-site et roadwarrior
      Français • openvpn openvpn routage site-to-site roadwarrior • • wkup

      11
      0
      Votes
      11
      Posts
      514
      Views

      J

      Ce n'est pas agréable de répondre et de se voir attribuer une attitude qui n'est pas la sienne ... C'est donc mieux.

      Le VPN_ADMIN est le VPN roadwarrior (qui est très bien avec OpenVPN).
      La config que vous indiquez me semble correcte cette fois ci.
      Elle est logique puisque le Local est l'ensemble des réseaux de chaque site !
      Usuellement, et la doc pfSense l'utilise, le Tunnel est 10.0.x.0/24 (ce qui permet à 63 clients de se connecter).
      Si on a plusieurs sites, avec chacun un serveur OpenVPN, on fait varier le x : 8,9,10, ...

      Le VPN_SITES devrait passer à IPsec et idéalement en maillé.
      Donc chaque site doit avoir des définitions suivantes
      pour le site 1 :
      phase1 : vers site 2 / phase 2 : lan1 <-> lan2 / 2 rules ipsec : lan1 -> lan2 + lan2 -> lan1
      idem pour site 3
      idem pour site 4
      et on recommence site par site

    • A

      Can't access server
      OpenVPN • openvpn openvpn problem pfsense nat pfsense firewal pfsense lan wan • • Archangel

      6
      0
      Votes
      6
      Posts
      180
      Views

      Rico

      So your on-prem Webserver is also running as OpenVPN client which is connected to your gcloud pfSense? You are only running this one pfSense? What is your OpenVPN mode?

      -Rico