Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. openvpn
    Log in to post
    • All categories
    • L

      OpenVPN Client Specific Overrides ot updated until server restarted

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn problem clientspecific openvpn
      9
      0 Votes
      9 Posts
      575 Views
      GertjanG

      @Lagan said in OpenVPN Client Specific Overrides ot updated until server restarted:

      I would like the new override to take effect when I restart the client.

      Hummm.

      It's possible that a save on the "Client Specific Overrides" page doesn't restart the OpenVPN server - I doesn't seem to do that.
      Maybe it isn't needed, as the server has a setting :

      client-config-dir /var/etc/openvpn/server1/csc/

      that tells the server to look into that folder for client special settings, the "Client Specific Overrides".

      Anyway, I did restart the server, then connected the client and it got the '.30' IP.

    • V

      openvpn.conf is not readable

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn.conf daemon service openvpn
      1
      0 Votes
      1 Posts
      110 Views
      No one has replied
    • JonathanLeeJ

      OpenVPN and MTU questions? Vs vpn packet processing settings

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN mtu openvpn mss vpn tunnel
      3
      0 Votes
      3 Posts
      297 Views
      JonathanLeeJ

      @nattygreg Thanks I have attempted many trail and error tests, another one that gave me speed boosts was changing these settings.

      Screenshot 2025-03-03 at 21.50.05.png

    • S

      No connection after certificate renewal

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN certificate openvpn tls error
      1
      0 Votes
      1 Posts
      202 Views
      No one has replied
    • O

      RADIUS authentication failing (timed out) and dumping core

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions radius openvpn authentication
      21
      0 Votes
      21 Posts
      1k Views
      O

      @Gertjan So I used both tcpdump and radsniff to look at packet traces, but I can't see any issues. In both cases (working and non-working) the radius server sends back an Access-Accept message with the same set of fields.

    • D

      Comcast started blocking SMB Port 445 in an VON tunnel…?!

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn smb
      13
      0 Votes
      13 Posts
      1k Views
      O

      @Draco

      By any chance you upgraded the pfsense (and or openvpn package) recently ?

      I got 'similar issue' that left me baffled till this day see here , maybe it is similar with what you experiencing.

    • D

      Virtual PFsense behind physical router

      Watching Ignoring Scheduled Pinned Locked Moved NAT openvpn openvpn client route virtual router
      2
      0 Votes
      2 Posts
      377 Views
      D

      Problem 2 fixed by adding route to 192.168.5.0/24 on Mikrotik side

    • K

      Portforward configuration for pfSense

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN pfsense openvpn portforward
      2
      0 Votes
      2 Posts
      363 Views
      V

      @kstlan02
      First off, it's not wise to use public IP ranges in the local network, even for docker.

      Then I'm wondering, why don't you run the OpenVPN server on pfSense.

      Do I have to do the port forwarding from the WAN to the LAN or do I have to do it from the WAN to the Docker container that is running OpenVPN?

      "LAN address" is the wrong destination here for sure. This is an IP assigned to pfSense itself. Hence forwarding to it, is not that, what you want.

      The question is then, how can pfSense reach the container?
      I'd expect, that the container gets its traffic forwarded inside the VM. But don't know, how you did configure it.

      So you have to forward the OpenVPN traffic either to the VM address or to the container IP. In the latter case, you would need to add a static route for it on pfSense of course.

    • C

      OpenVPN client authentication base on LDAP and certificate from domain CA

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn ldap domainca authentication
      3
      0 Votes
      3 Posts
      707 Views
      W

      Hey, In here I've decribed my work on this topic :)
      https://forum.netgate.com/topic/189447/openvpn-ssl-tls-user-auth-over-ldap/3

    • A

      Ca and Server certificate expiring soon

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn pfsense 2.6.0 certificates
      4
      0 Votes
      4 Posts
      2k Views
      A

      @jimp I tried but unfortunately it didn't work, because the User Certificate that I use for export the OpenVPN Client have the same CA that the server certificate (I think).
      The final solution was to reinstall all OpenVPN clients on all devices, hard work but at least all users continue to work!
      Thanks for the support 👍

    • JonathanLeeJ

      LEDs and OpenVPN state established LED program short simple bash script

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN led openvpn states customize vpn connection
      1
      1 Votes
      1 Posts
      349 Views
      No one has replied
    • JonathanLeeJ

      OpenVPN recommended Data Encryption Algorithms when using SG-2100 appliance's crypto engine?

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN cryptographic sg2100 openvpn smid encryption
      23
      0 Votes
      23 Posts
      3k Views
      JonathanLeeJ

      @kprovost The speed difference is substantial with only having one enabled so much so I would say this would need a Redmine to only allow one to be selected at a time. Anyone else agree?

    • JonathanLeeJ

      RESOLVED: ---> remote_list_error: current remote server endpoint is undefined

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn iphone client export nas nas on ap
      8
      0 Votes
      8 Posts
      5k Views
      D

      @JonathanLee

      Thanks this fixed worked for me. My iPhone would not connect without it.

    • P

      OpenVPN site to site not working both ways

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions pfsense openvpn help
      10
      0 Votes
      10 Posts
      1k Views
      V

      @Pablomdli said in OpenVPN site to site not working both ways:

      The only weird things is that it gives the ip 10.0.8.0 to de office#2 openvpn client

      So I'd suspect, that you stated this IP in the CSO.
      You should enter an IP out of the tunnel network there, but it have to be one from the second upwards.

    • C

      Openvpn changing IP address when reconnected with RDP

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn rdp
      12
      0 Votes
      12 Posts
      2k Views
      G

      @cezar_a your welcome

    • O

      OpenVPN profile Distribution from intunes

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn open vpn openvpn problem openvpn config openvpn client
      1
      0 Votes
      1 Posts
      498 Views
      No one has replied
    • E

      HAProxy and OpenVPN: Client IP forwardfor to network backend

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy haproxy forwarder backend openvpn
      5
      0 Votes
      5 Posts
      2k Views
      SimpleTechGuyS

      Trying to find a solution to this as well. It doesn't seem OpenVPN has an option to forward headers which basically makes it impossible to use openvpn as the primary on port 443 if you need to see client IP addresses on haproxy..

      As an alternative, I wondered if it might make sense to set haproxy listening on 443 and OpenVPN as a backend on a different port. Has anyone tried this yet? Does this cause double encryption (slow down the connection too much)? Here is an example of one guy who claims to have got it working:
      https://discourse.haproxy.org/t/haproxy-with-openvpn-over-tcp-443-on-pfsense/4731/2

      EDIT

      It looks like he create a TCP frontend on 443 with a default backend going to OpenVPN:TCP:1194 and an acl that checks for SSL and sends SSL traffic to an HTTPS Backend set to localhost:9443. Then he configured localhost:9443 as a Frontend that handles the forwarded Web Traffic.

      That looks like it should work, but It's a bit too complicated for me to test on my live server right now and I don't have a lab setup. Happy to help anyone else who might have a lab environment setup for testing.

    • M

      How to Monitor and Restart VPNs

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn nordvpn monitoring
      1
      0 Votes
      1 Posts
      403 Views
      No one has replied
    • J

      PIA OpenVPN: Packet Loss and Buffer Size

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions openvpn pia packet loss
      2
      0 Votes
      2 Posts
      682 Views
      stephenw10S

      I could certainly image that the faster you push traffic the more is lost, though not necessarily as a percentage.

      Do you see the same when connected to other servers? Is that server in London far from you, is the latency high?

      Steve

    • R

      Strange behaviour after update from 2.6.0 to 2.7.0

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions openvpn certificates webconfigurator 2.7.0
      2
      0 Votes
      2 Posts
      557 Views
      stephenw10S

      Hmm, strange indeed!

      Do you have an OpenVPN server running on the firewall? Does it show the clients connecting to it? What are they supposed to be connecting to?

      What do you see logged when the webgui cert changes?

      Steve