Topics tagged under "openvpn"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

L

OpenVPN Client Specific Overrides ot updated until server restarted

OpenVPN
• openvpn problem clientspecific openvpn • 10 days ago • Lagan 10 days ago

9

0
Votes

9
Posts

121
Views

G 10 days ago

@Lagan said in OpenVPN Client Specific Overrides ot updated until server restarted:

I would like the new override to take effect when I restart the client.

Hummm.

It's possible that a save on the "Client Specific Overrides" page doesn't restart the OpenVPN server - I doesn't seem to do that.
Maybe it isn't needed, as the server has a setting :
client-config-dir /var/etc/openvpn/server1/csc/
that tells the server to look into that folder for client special settings, the "Client Specific Overrides".

Anyway, I did restart the server, then connected the client and it got the '.30' IP.
V

openvpn.conf is not readable

OpenVPN
• openvpn.conf daemon service openvpn • 27 days ago • Varmandra 27 days ago

1

0
Votes

1
Posts

60
Views

No one has replied
J

OpenVPN and MTU questions? Vs vpn packet processing settings

OpenVPN
• mtu openvpn mss vpn tunnel • Mar 3, 2025, 1:57 PM • JonathanLee Mar 4, 2025, 5:50 AM

3

0
Votes

3
Posts

139
Views

J Mar 4, 2025, 5:50 AM

@nattygreg Thanks I have attempted many trail and error tests, another one that gave me speed boosts was changing these settings.

Screenshot 2025-03-03 at 21.50.05.png
S

No connection after certificate renewal

OpenVPN
• certificate openvpn tls error • Jan 29, 2025, 10:14 AM • seArs Jan 29, 2025, 10:14 AM

1

0
Votes

1
Posts

113
Views

No one has replied
O

RADIUS authentication failing (timed out) and dumping core

General pfSense Questions
• radius openvpn authentication • Dec 12, 2024, 10:51 PM • opoplawski Dec 20, 2024, 6:51 PM

21

0
Votes

21
Posts

648
Views

O Dec 20, 2024, 6:51 PM

@Gertjan So I used both tcpdump and radsniff to look at packet traces, but I can't see any issues. In both cases (working and non-working) the radius server sends back an Access-Accept message with the same set of fields.
D

Comcast started blocking SMB Port 445 in an VON tunnel…?!

OpenVPN
• openvpn smb • Oct 29, 2024, 1:09 AM • Draco Oct 31, 2024, 3:48 AM

13

0
Votes

13
Posts

686
Views

O Oct 31, 2024, 3:48 AM

@Draco

By any chance you upgraded the pfsense (and or openvpn package) recently ?

I got 'similar issue' that left me baffled till this day see here , maybe it is similar with what you experiencing.
D

Virtual PFsense behind physical router

NAT
• openvpn openvpn client route virtual router • Jun 16, 2024, 5:03 PM • Dante4 Jun 16, 2024, 6:25 PM

2

0
Votes

2
Posts

257
Views

D Jun 16, 2024, 6:25 PM

Problem 2 fixed by adding route to 192.168.5.0/24 on Mikrotik side
K

Portforward configuration for pfSense

OpenVPN
• pfsense openvpn portforward • Apr 17, 2024, 3:31 AM • kstlan02 Apr 17, 2024, 5:20 PM

2

0
Votes

2
Posts

259
Views

V Apr 17, 2024, 5:20 PM

@kstlan02
First off, it's not wise to use public IP ranges in the local network, even for docker.

Then I'm wondering, why don't you run the OpenVPN server on pfSense.

Do I have to do the port forwarding from the WAN to the LAN or do I have to do it from the WAN to the Docker container that is running OpenVPN?

"LAN address" is the wrong destination here for sure. This is an IP assigned to pfSense itself. Hence forwarding to it, is not that, what you want.

The question is then, how can pfSense reach the container?
I'd expect, that the container gets its traffic forwarded inside the VM. But don't know, how you did configure it.

So you have to forward the OpenVPN traffic either to the VM address or to the container IP. In the latter case, you would need to add a static route for it on pfSense of course.
C

OpenVPN client authentication base on LDAP and certificate from domain CA

OpenVPN
• openvpn ldap domainca authentication • Feb 12, 2024, 5:24 PM • Czuki91 Sep 17, 2024, 8:33 AM

3

0
Votes

3
Posts

467
Views

W Sep 17, 2024, 8:33 AM

Hey, In here I've decribed my work on this topic :)
https://forum.netgate.com/topic/189447/openvpn-ssl-tls-user-auth-over-ldap/3
A

Ca and Server certificate expiring soon

OpenVPN
• openvpn pfsense 2.6.0 certificates • Jan 23, 2024, 1:21 PM • andrew98 Jan 30, 2024, 2:32 PM

4

0
Votes

4
Posts

1.2k
Views

A Jan 30, 2024, 2:32 PM

@jimp I tried but unfortunately it didn't work, because the User Certificate that I use for export the OpenVPN Client have the same CA that the server certificate (I think).
The final solution was to reinstall all OpenVPN clients on all devices, hard work but at least all users continue to work!
Thanks for the support 👍
J

LEDs and OpenVPN state established LED program short simple bash script

OpenVPN
• led openvpn states customize vpn connection • Jan 4, 2024, 9:06 AM • JonathanLee Jan 4, 2024, 9:06 AM

1

1
Votes

1
Posts

281
Views

No one has replied
J

OpenVPN recommended Data Encryption Algorithms when using SG-2100 appliance's crypto engine?

OpenVPN
• cryptographic sg2100 openvpn smid encryption • Jan 2, 2024, 5:07 PM • JonathanLee Nov 15, 2024, 4:06 PM

23

0
Votes

23
Posts

2.3k
Views

J Nov 15, 2024, 4:06 PM

@kprovost The speed difference is substantial with only having one enabled so much so I would say this would need a Redmine to only allow one to be selected at a time. Anyone else agree?
J

RESOLVED: ---> remote_list_error: current remote server endpoint is undefined

OpenVPN
• openvpn iphone client export nas nas on ap • Jan 2, 2024, 6:25 AM • JonathanLee Apr 24, 2024, 12:50 AM

8

0
Votes

8
Posts

3.9k
Views

D Apr 24, 2024, 12:50 AM

@JonathanLee

Thanks this fixed worked for me. My iPhone would not connect without it.
P

OpenVPN site to site not working both ways

General pfSense Questions
• pfsense openvpn help • Nov 24, 2023, 9:12 AM • Pablomdli Nov 24, 2023, 1:21 PM

10

0
Votes

10
Posts

966
Views

V Nov 24, 2023, 1:21 PM

@Pablomdli said in OpenVPN site to site not working both ways:

The only weird things is that it gives the ip 10.0.8.0 to de office#2 openvpn client

So I'd suspect, that you stated this IP in the CSO.
You should enter an IP out of the tunnel network there, but it have to be one from the second upwards.
C

Openvpn changing IP address when reconnected with RDP

OpenVPN
• openvpn rdp • Nov 7, 2023, 6:20 PM • cezar_a Nov 13, 2023, 9:21 AM

12

0
Votes

12
Posts

1.4k
Views

G Nov 13, 2023, 9:21 AM

@cezar_a your welcome
O

OpenVPN profile Distribution from intunes

OpenVPN
• openvpn open vpn openvpn problem openvpn config openvpn client • Oct 31, 2023, 1:20 PM • optimusprime Oct 31, 2023, 1:20 PM

1

0
Votes

1
Posts

423
Views

No one has replied
E

HAProxy and OpenVPN: Client IP forwardfor to network backend

Cache/Proxy
• haproxy forwarder backend openvpn • Oct 27, 2023, 8:44 AM • Emanuele83 Dec 7, 2023, 3:22 PM

5

0
Votes

5
Posts

1.8k
Views

S Dec 7, 2023, 3:22 PM

Trying to find a solution to this as well. It doesn't seem OpenVPN has an option to forward headers which basically makes it impossible to use openvpn as the primary on port 443 if you need to see client IP addresses on haproxy..

As an alternative, I wondered if it might make sense to set haproxy listening on 443 and OpenVPN as a backend on a different port. Has anyone tried this yet? Does this cause double encryption (slow down the connection too much)? Here is an example of one guy who claims to have got it working:
https://discourse.haproxy.org/t/haproxy-with-openvpn-over-tcp-443-on-pfsense/4731/2

EDIT

It looks like he create a TCP frontend on 443 with a default backend going to OpenVPN:TCP:1194 and an acl that checks for SSL and sends SSL traffic to an HTTPS Backend set to localhost:9443. Then he configured localhost:9443 as a Frontend that handles the forwarded Web Traffic.

That looks like it should work, but It's a bit too complicated for me to test on my live server right now and I don't have a lab setup. Happy to help anyone else who might have a lab environment setup for testing.
M

How to Monitor and Restart VPNs

OpenVPN
• openvpn nordvpn monitoring • Oct 12, 2023, 12:48 AM • MartynK Oct 12, 2023, 12:48 AM

1

0
Votes

1
Posts

340
Views

No one has replied
J

PIA OpenVPN: Packet Loss and Buffer Size

General pfSense Questions
• openvpn pia packet loss • Oct 6, 2023, 1:59 PM • justinhow Oct 7, 2023, 7:33 PM

2

0
Votes

2
Posts

545
Views

S Oct 7, 2023, 7:33 PM

I could certainly image that the faster you push traffic the more is lost, though not necessarily as a percentage.

Do you see the same when connected to other servers? Is that server in London far from you, is the latency high?

Steve
R

Strange behaviour after update from 2.6.0 to 2.7.0

General pfSense Questions
• openvpn certificates webconfigurator 2.7.0 • Sep 21, 2023, 10:05 AM • RicS Sep 21, 2023, 12:09 PM

2

0
Votes

2
Posts

425
Views

S Sep 21, 2023, 12:09 PM

Hmm, strange indeed!

Do you have an OpenVPN server running on the firewall? Does it show the clients connecting to it? What are they supposed to be connecting to?

What do you see logged when the webgui cert changes?

Steve