Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. vpn
    Log in to post
    • All categories
    • M

      Local hostnames are not resolved for clients from a network connected via IPsec site-to-site VPN tunnel
      DHCP and DNS • dns ipsec vpn site-to-site ubiquiti • • mebert

      2
      0
      Votes
      2
      Posts
      212
      Views

      V

      @mebert
      Consider that you have to state the remote domain if you client uses another search domain, what I assume.

      So if you want to request the remote host name is "host" and its domain is "local" you need to type "host.local" to access it.

    • F

      Connect 2 routers but maintain separate internet?
      Routing and Multi WAN • vpn routing multiple pfsens • • F4 0

      3
      0
      Votes
      3
      Posts
      481
      Views

      F

      @steveits

      I may be interested in knowing more. My ATT router has a 5G port that is unused, but only 1 of the 2 routers has 5G capability, the pfSense. The other router is a MikroTik, but none of it's eth ports have 5G.

      For clarity, my pfSense router has a 5G wan input, and 2 10G SFP+ ports as potential outputs.

      I wanted perfect separation at the WAN connection, but I could use the 5G ethernet port on the ATT machine and go to the pfRouter, then split the connection to a second router via SFP+ and then to a switch for VPN access via the 2nd SFP+.

      This would give me 5G all the way to each router, than separate LANs from there.

    • D

      VPN with DHCP from server LAN
      OpenVPN • vpn tap dhcp • • djdmx

      14
      0
      Votes
      14
      Posts
      373
      Views

      J

      @djdmx Good to hear!!
      Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!

    • moadmin

      Google Meet going through my VPN connection.
      OpenVPN • google meet openvpn vpn • • moadmin

      12
      0
      Votes
      12
      Posts
      548
      Views

      moadmin

      @moadmin
      Hey guys, can i get any suggestion on this, its still happening even with split tunnel config.
      When VPN is on and connected, google meet calls are choppy and distorted, when we turn it off the video is smooth and in good quality.
      This happened after we updated our pfsense to 2.6.

    • L

      Port Forward within LAN via Wireguard VM
      Firewalling • vpn port forward • • leonidas-o

      16
      0
      Votes
      16
      Posts
      583
      Views

      L

      But anyway you don't need NAT reflection on pfSense for this now. It's useless, since nothing points to its WAN IP.
      And the port forwarding rule with the WAN IP is useless as well.

      @viragomann no I need both, I tested it. As soon as I remove the reflection from the port forward, the service is not accessible from within LAN. If I deactivate the WAN port forward Rule, I can't access it from the internet. Maybe because of the first main forward "everything" to pfsense rule in proxmox's network interfaces file. So I will leave as it is for now. I'm just happy that it finally works.
      Yes, got a scheduled job doing VM backups every day.

    • M

      Multi WAN pfSense to pfSense VPN
      Routing and Multi WAN • vpn ipsec • • McMurphy

      1
      0
      Votes
      1
      Posts
      168
      Views

      No one has replied

    • A

      NordVPN makes internet speeds very slow on PfSense.
      OpenVPN • nordvpn vpn slow speed • • andrewkl

      3
      0
      Votes
      3
      Posts
      371
      Views

      A

      @gertjan said in NordVPN makes internet speeds very slow on PfSense.:

      hardware encryption

      Thank you for your reply! I believe N*rdVPN doesn't allow to choose from a list of cyphers. AES-256-GCM is the encryption algorithm I use. Hardware Crypto is availible:
      7590057b-a6da-40b4-919f-203b79dfee1d-image.png
      For now, I'm changing my desktop's local IP to disable the VPN if I need high speed like you said. 180-200 Mbps is still enough for browsing the internet and even gaming, video streaming, but it sucks that 80% of my internet speed goes to VPN. I originally chose NordVPN because they were recommended in many forums and they had a nice deal VPN + Password Manager and Data Leak Scanner, but now I think about switching to PIA.

    • G

      Wireguard Routing Problems - Help wanted
      General pfSense Questions • wireguard routing assymetric vpn • • gelcom

      10
      0
      Votes
      10
      Posts
      285
      Views

      G

      @stephenw10 I deleted the WireGuard tunnel then I set it up all over again. Done the same thing at VPS. Rebooted remote VM and pfSense and it started working.

      I have no idea what happened before but I thanks you for all the support you provided!!

      Thanks a lot

      :-)

      kind regards

    • M

      No Clients Can Connect To OpenVPN Due to CRL Expiry
      OpenVPN • openvpn vpn bug crl openssl • • mmulqueen

      17
      1
      Votes
      17
      Posts
      3473
      Views

      jimp

      @jeffreyn said in No Clients Can Connect To OpenVPN Due to CRL Expiry:

      @jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself?

      You do not need to do anything with the patch after upgrading. You can delete the entry from the system patches package.

    • H

      Initiating a WOL when router is behind a VPN?
      OpenVPN • wol ddns vpn • • hansolo77

      19
      0
      Votes
      19
      Posts
      503
      Views

      H

      @viragomann
      I see. This is all still ridiculously new to me. I will make adjustments.

      Yeah still not working. I'm about to give up on this.

    • M

      IPSec before Windows login
      IPsec • vpn before login ipsec • • mkulm

      1
      0
      Votes
      1
      Posts
      216
      Views

      No one has replied

    • luckman212

      Possible to shape NFS traffic?
      Traffic Shaping • shaper shaping qos vpn wireguard • • luckman212

      2
      0
      Votes
      2
      Posts
      362
      Views

      luckman212

      I created a small tool luckman212/stv to help make it a little easier to debug states. In case it's useful to anyone else.

    • M

      Не вижу подсеть клиента OpenVPN
      Russian • open vpn vpn openvpn keenetic pfsense • • mrDick

      33
      0
      Votes
      33
      Posts
      2091
      Views

      PTZ-M

      @mrDick гляньте тут - https://forum.netgate.com/topic/131401/%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-openvpn/75 настроено не по феншую, а переделать не получается. Но сколько лет работает на 3 офиса.

      UPD по новым требованиям отключите сжатие и поставьте алгоритм на 512

      UPD2 тьфу, забыл. Может уже и не актуально, но в Keenetic в ПЕРВУЮ ОЧЕРЕДЬ отрубите свой OpenVPN от других интерфейсов через CLI (там мануал есть в их хелпе), иначе эта пакость будет туннель пихать и в WI-Fi, даже если там гостевая сеть настроена!!!

    • M

      Route Wireguard traffic through Squid Proxy
      Traffic Monitoring • wireguard vpn squid proxy • • ma0f97

      2
      0
      Votes
      2
      Posts
      831
      Views

      M

      @ma0f97 Has no one an idea?

    • S

      Trying to use PfSense DDNS with Dreamhost
      DHCP and DNS • ddns dreamhost dns vpn • • Superion

      1
      1
      Votes
      1
      Posts
      200
      Views

      No one has replied

    • H

      New gateway causes all traffic to be rerouted
      Routing and Multi WAN • gateway vpn routing • • HybridX

      2
      0
      Votes
      2
      Posts
      364
      Views

      Rico

      Make sure you have the Don't pull routes option checked in your OpenVPN Client configuration:
      pfSense_Dont_pull_routes.png

      -Rico

    • R

      IDS/IPS With VLANS, VPN, TLS & Network Setup
      IDS/IPS • vpn vlans suricata sg-2100 ids • • rennit

      1
      0
      Votes
      1
      Posts
      448
      Views

      No one has replied

    • P

      Internal LAN routing when connected to a VPN service
      Routing and Multi WAN • dns resolver host overrides dns vpn • • pfsense_joe

      3
      0
      Votes
      3
      Posts
      284
      Views

      P

      @mer Thanks for the reply! Your comments got me to thinking which can be dangerous ;-)

      I figured out the problem. It has to do with little Windows 10 app that the commercial VPN provides. This app resides in the system tray on the right side of the task bar in Windows 10. The app is used to connect and disconnect from the VPN. With your comments, I had the thought to try to figure out what DNS server windows was using when connected to the VPN and when not connected to the VPN. With a quick google search I found the Windows 10 command prompt nslookup command. Simply entering "nslookup" in a windows command prompt will return the DNS server being used. In my case, when I wasn't connected to the VPN, it returned the ip of my pfSense router. When I was connected to the VPN it returned an ip of a DNS server that belongs to my VPN provider. It seems that everytime you connect to the VPN service using their Windows 10 app, they change your DNS server address to their DNS server. I tried manually changing it back to the ip of my pfSense router but that didn't work when connected to the VPN - in that case I broke internet access altogether and couldn't connect to anything. When connected to the VPN, Windows wasn't able to resolve the local ip of my pfSense router. The solution will have to be to stop using the app provided by the VPN provider so that the DNS server that Windows uses stays pointing to my pfSense router. I had previously setup a gateway associated wiht the commercial VPN provider in my pfSense router. My solution will be to configure pfSense to route traffic from my Windows 10 through the VPN gateway when I want to use the VPN from my Windows 10 pc. Sort of a pain b/c I will have to log in to pfSense every time I want to use (or not use) the VPN. But in this scenario I can use the https://server1name.domain_name.tld paradigm to access my local services from my Windows 10 pc whether or not its WAN traffic is being routed through the VPN. This is because my Windows 10 pc will always be configured to use pfSense for domain name resolution.

    • D

      IPsec tunnel from remote site, need to pass VLAN traffic for phones?
      IPsec • l2tp vlan ipsec voip vpn • • djohnson

      2
      0
      Votes
      2
      Posts
      437
      Views

      R

      @djohnson
      This is a late reply but it may assist someone else in future.
      The VOIP audio traffic (RTP) require separate UDP ports to be open. The exact range will vary depending on your VoIP system.

      Hence, if the RTP ports are not open, you can experience a "working" system, but with a complete lack of audio.

    • B

      Wan Gateway + OpenVPN Failover
      OpenVPN • vpn site-to-site failover • • bbicudo

      1
      0
      Votes
      1
      Posts
      191
      Views

      No one has replied

    • F

      IPSec Caindo
      Portuguese • vpn • • fastsimple

      1
      0
      Votes
      1
      Posts
      152
      Views

      No one has replied

    • L

      Tunnel Unbound through OpenVPN client, if available
      DHCP and DNS • dns unbound vpn openvpn client • • Logic

      1
      0
      Votes
      1
      Posts
      387
      Views

      No one has replied

    • L

      Unbound durch OpenVPN Client tunneln, sofern verfügbar
      Deutsch • vpn unbound firewall rules dns resolver openvpn client • • Logic

      11
      0
      Votes
      11
      Posts
      529
      Views

      Bob.Dig

      Musste leider feststellen, dass "meine" Lösung wohl nur eine gewisse Zeit funktioniert. Irgendwann scheint es so, dass Windows den "ersten" DNS-Server nicht mehr nutzt und daher interne Namen nicht mehr auflöst.
      Habe daher vorerst auf IPs umgestellt.

    • L

      PFsense 2.5 RC OpenVPN/ExpressVPN problem
      General pfSense Questions • vpn open vpn expressvpn networking problems • • LayerThree

      43
      0
      Votes
      43
      Posts
      3783
      Views

      T

      @noplan said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

      @trikki69 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

      so your problem is now solved with this

      added this to my advanced custom options within the OpenVPN client setup:
      ;pull-filter ignore redirect-gateway;

      brNP

      Yep - works great now, no thanks to ExpressVPN support.

    • X

      Netgate Hardware & VPN Questions
      General pfSense Questions • vpn netgate • • XrayDoc88

      32
      0
      Votes
      32
      Posts
      1131
      Views

      stephenw10

      On a Windows laptop you can indeed just use file explorer (smb) to connect to other Windows hosts and view their file shares.
      You may need to enter the remote IPs directly. If you are passing a dns search domain to clients and pSense as a DNS server they may be able to resolve LAN side hostnames if pfSense is a the DHCP server there.
      The hosts you are connecting to need to allow smb connections from the OpenVPN tunnel subnet of course.

      Anything you can do from the Android phone locally on WIFI should also work over OpenVPN.
      I don't know what you are trying there. I'm not sure I've ever tried to access smb fileshares on a phone. There may well be an app for that.

      Steve

    • J

      OpenVPN LAN can't talk to VPN Clients
      OpenVPN • routing vpn • • jrj2011

      7
      0
      Votes
      7
      Posts
      335
      Views

      J

      Thanks for all your help your comment about the windows firewall got me to look at it a different way. Turns out during one of my previous attempts to get internet to my VPN clients (a different issue not this one) I messed with some other firewall settings and pushed all of the VPN traffic out the WAN interface which worked fine for getting my clients internet access but caused issues when I tried to access the LAN. I removed that and now with the push route command my clients are able to access the Internet and my LAN

    • A

      Old Dell Poweredge 860 as a router/firewall
      Hardware • dell poweredge router firewall vpn • • AidenTheBot

      2
      0
      Votes
      2
      Posts
      251
      Views

      stephenw10

      That's using a Netburst Xeon right? It's not going to be fast. I don't have much to compare it with but waaay back when I was running a P4 2.8 it was good for ~300Mbps.
      I would expect that pass 400Mbps using firewall and NAT only but maybe not much more.

      Try it and see.

      Steve

    • charles_moody

      DNS Resolver - only on 443 > DNS_PROBE_FINISHED_NXDOMAIN
      DHCP and DNS • dns dns forwarder vpn netflix • • charles_moody

      10
      0
      Votes
      10
      Posts
      430
      Views

      johnpoz

      Your rules force all traffic out the gateway.

      rules.png

      And the rules below that make no sense, because rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

      So your rule sending traffic out your gateway is any any.. When would there be traffic that does trigger that rules.

      When would there be traffic to ! private, that does not match the rule above it any any?

      If you want your clients to talk to pfsense IP.. Where do you allow that? You block talking to pfsense on 443, then your next rule says go out the vpn.. How does vpn have access to pfsense vlan30 interface for example?

    • N

      PPTP подключение через Pfsense
      Russian • pptp vpn • • n1kasus

      5
      0
      Votes
      5
      Posts
      179
      Views

      K

      @n1kasus
      Посмотрите вот тут

      https://www.thin.kiev.ua/router-os/50-pfsense/680-pptp-clien-wan-pfsense-20.html

      Пост старый , но идея ясна
      Тоже самое предложил Dимыч

    • A

      Monitor VMware ESXi Host Using LibreNMS
      Virtualization • vpn • • Aiden Liam

      1
      0
      Votes
      1
      Posts
      636
      Views

      No one has replied

    • guicampos21

      Disable NAT on IPSec output
      NAT • nat ipsec vpn • • guicampos21

      1
      0
      Votes
      1
      Posts
      85
      Views

      No one has replied

    • guicampos21

      IPSec/NAT
      Portuguese • ipsec nat vpn • • guicampos21

      1
      0
      Votes
      1
      Posts
      104
      Views

      No one has replied

    • M

      Single Subnet Traffic through VPN
      General pfSense Questions • vpn • • misanthropist

      2
      0
      Votes
      2
      Posts
      107
      Views

      Z

      Use policy routing
      https://docs.netgate.com/pfsense/en/latest/routing/directing-traffic-with-policy-routing.html
      https://docs.netgate.com/pfsense/en/latest/book/multiwan/policy-routing-configuration.html

    • CNLiberal

      Solution for Multicast Over Tunnel
      General pfSense Questions • vpn multicast gre • • CNLiberal

      7
      0
      Votes
      7
      Posts
      1318
      Views

      dotdash

      @CNLiberal said in Solution for Multicast Over Tunnel:

      haven't found decent OpenVPN software for the Mac yet.

      On this point, the client linked on this page from the OpenVPN Access server docs, in my experience, works fine with an OpenVPN server on pfSense. Just import the standard config. I have not tried this with a tap connection. I used the 2.7 version, and haven't tested the 3.1 beta. The page also mentions alternate clients.
      https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-macos/

    • B

      WireGuard release 1.0.0
      General pfSense Questions • vpn wireguard • • bbusa

      6
      0
      Votes
      6
      Posts
      516
      Views

      J

      @jimp Yes would love this feature as wel. Tested it and works really fast en easy to setup. Timeline even for beta release would be great.
      OpenVpn has so much overhead, and just does not meet the speed requirements with low(er) end hardware.

    • A

      L2PT VPN maximum concurrent connections limit?
      IPsec • l2tp vpn • • andrewmso

      7
      0
      Votes
      7
      Posts
      913
      Views

      A

      Thanks, I will look into setting up OpenVPN instead.

    • luis.gil

      Hardware choice for home/office upgrade
      Hardware • minisys qotom xcy hardware vpn • • luis.gil

      2
      0
      Votes
      2
      Posts
      489
      Views

      Raffi_

      All of those links take me to a page that requires login on aliexpress.

      Is there any reason the official netgate solution wouldn't work for you?

      I'm not sure if the SG-3100 would work for the home, office and guest setup using the LAN and OPT1 interfaces. Not sure if the RT-AC87u setup as an access point with a separate guest login would prevent the guest users from accessing the rest of the LAN it's connected to. My feeling is it wouldn't so you might need another interface and AP for the guest if that's the case (SG-5100).

      If price is an issue, I hear good things about the apu2 platform.

    • M

      2 vpn clients setup and keeps dropping what I think is dns
      OpenVPN • vpn firewall rules • • michael178212

      1
      0
      Votes
      1
      Posts
      103
      Views

      No one has replied

    • M

      How to setup multiple concurrent L2TP users?
      IPsec • l2tp vpn ipsec • • Memes11

      2
      0
      Votes
      2
      Posts
      131
      Views

      M

      I could not find my previous post, I thought it was not posted properly, now I found it but can not remove this one... please Admin, remove it and pardon my mistake