Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. vpn
    Log in to post
    • All categories
    • M

      Не вижу подсеть клиента OpenVPN
      Russian • open vpn vpn openvpn keenetic pfsense • • mrDick

      33
      0
      Votes
      33
      Posts
      573
      Views

      PTZ-M

      @mrDick гляньте тут - https://forum.netgate.com/topic/131401/%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-openvpn/75 настроено не по феншую, а переделать не получается. Но сколько лет работает на 3 офиса.

      UPD по новым требованиям отключите сжатие и поставьте алгоритм на 512

      UPD2 тьфу, забыл. Может уже и не актуально, но в Keenetic в ПЕРВУЮ ОЧЕРЕДЬ отрубите свой OpenVPN от других интерфейсов через CLI (там мануал есть в их хелпе), иначе эта пакость будет туннель пихать и в WI-Fi, даже если там гостевая сеть настроена!!!

    • M

      Route Wireguard traffic through Squid Proxy
      Traffic Monitoring • wireguard vpn squid proxy • • ma0f97

      2
      0
      Votes
      2
      Posts
      286
      Views

      M

      @ma0f97 Has no one an idea?

    • S

      Trying to use PfSense DDNS with Dreamhost
      DHCP and DNS • ddns dreamhost dns vpn • • Superion

      1
      0
      Votes
      1
      Posts
      136
      Views

      No one has replied

    • H

      New gateway causes all traffic to be rerouted
      Routing and Multi WAN • gateway vpn routing • • HybridX

      2
      0
      Votes
      2
      Posts
      310
      Views

      Rico

      Make sure you have the Don't pull routes option checked in your OpenVPN Client configuration:
      pfSense_Dont_pull_routes.png

      -Rico

    • R

      IDS/IPS With VLANS, VPN, TLS & Network Setup
      IDS/IPS • vpn vlans suricata sg-2100 ids • • rennit

      1
      0
      Votes
      1
      Posts
      318
      Views

      No one has replied

    • P

      Internal LAN routing when connected to a VPN service
      Routing and Multi WAN • dns resolver host overrides dns vpn • • pfsense_joe

      3
      0
      Votes
      3
      Posts
      233
      Views

      P

      @mer Thanks for the reply! Your comments got me to thinking which can be dangerous ;-)

      I figured out the problem. It has to do with little Windows 10 app that the commercial VPN provides. This app resides in the system tray on the right side of the task bar in Windows 10. The app is used to connect and disconnect from the VPN. With your comments, I had the thought to try to figure out what DNS server windows was using when connected to the VPN and when not connected to the VPN. With a quick google search I found the Windows 10 command prompt nslookup command. Simply entering "nslookup" in a windows command prompt will return the DNS server being used. In my case, when I wasn't connected to the VPN, it returned the ip of my pfSense router. When I was connected to the VPN it returned an ip of a DNS server that belongs to my VPN provider. It seems that everytime you connect to the VPN service using their Windows 10 app, they change your DNS server address to their DNS server. I tried manually changing it back to the ip of my pfSense router but that didn't work when connected to the VPN - in that case I broke internet access altogether and couldn't connect to anything. When connected to the VPN, Windows wasn't able to resolve the local ip of my pfSense router. The solution will have to be to stop using the app provided by the VPN provider so that the DNS server that Windows uses stays pointing to my pfSense router. I had previously setup a gateway associated wiht the commercial VPN provider in my pfSense router. My solution will be to configure pfSense to route traffic from my Windows 10 through the VPN gateway when I want to use the VPN from my Windows 10 pc. Sort of a pain b/c I will have to log in to pfSense every time I want to use (or not use) the VPN. But in this scenario I can use the https://server1name.domain_name.tld paradigm to access my local services from my Windows 10 pc whether or not its WAN traffic is being routed through the VPN. This is because my Windows 10 pc will always be configured to use pfSense for domain name resolution.

    • D

      IPsec tunnel from remote site, need to pass VLAN traffic for phones?
      IPsec • l2tp vlan ipsec voip vpn • • djohnson

      2
      0
      Votes
      2
      Posts
      355
      Views

      R

      @djohnson
      This is a late reply but it may assist someone else in future.
      The VOIP audio traffic (RTP) require separate UDP ports to be open. The exact range will vary depending on your VoIP system.

      Hence, if the RTP ports are not open, you can experience a "working" system, but with a complete lack of audio.

    • B

      Wan Gateway + OpenVPN Failover
      OpenVPN • vpn site-to-site failover • • bbicudo

      1
      0
      Votes
      1
      Posts
      127
      Views

      No one has replied

    • F

      IPSec Caindo
      Portuguese • vpn • • fastsimple

      1
      0
      Votes
      1
      Posts
      99
      Views

      No one has replied

    • L

      Tunnel Unbound through OpenVPN client, if available
      DHCP and DNS • dns unbound vpn openvpn client • • Logic

      1
      0
      Votes
      1
      Posts
      279
      Views

      No one has replied

    • L

      Unbound durch OpenVPN Client tunneln, sofern verfügbar
      Deutsch • vpn unbound firewall rules dns resolver openvpn client • • Logic

      11
      0
      Votes
      11
      Posts
      369
      Views

      Bob.Dig

      Musste leider feststellen, dass "meine" Lösung wohl nur eine gewisse Zeit funktioniert. Irgendwann scheint es so, dass Windows den "ersten" DNS-Server nicht mehr nutzt und daher interne Namen nicht mehr auflöst.
      Habe daher vorerst auf IPs umgestellt.

    • L

      PFsense 2.5 RC OpenVPN/ExpressVPN problem
      General pfSense Questions • vpn open vpn expressvpn networking problems • • LayerThree

      43
      0
      Votes
      43
      Posts
      2775
      Views

      T

      @noplan said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

      @trikki69 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem:

      so your problem is now solved with this

      added this to my advanced custom options within the OpenVPN client setup:
      ;pull-filter ignore redirect-gateway;

      brNP

      Yep - works great now, no thanks to ExpressVPN support.

    • X

      Netgate Hardware & VPN Questions
      General pfSense Questions • vpn netgate • • XrayDoc88

      32
      0
      Votes
      32
      Posts
      952
      Views

      stephenw10

      On a Windows laptop you can indeed just use file explorer (smb) to connect to other Windows hosts and view their file shares.
      You may need to enter the remote IPs directly. If you are passing a dns search domain to clients and pSense as a DNS server they may be able to resolve LAN side hostnames if pfSense is a the DHCP server there.
      The hosts you are connecting to need to allow smb connections from the OpenVPN tunnel subnet of course.

      Anything you can do from the Android phone locally on WIFI should also work over OpenVPN.
      I don't know what you are trying there. I'm not sure I've ever tried to access smb fileshares on a phone. There may well be an app for that.

      Steve

    • J

      OpenVPN LAN can't talk to VPN Clients
      OpenVPN • routing vpn • • jrj2011

      7
      0
      Votes
      7
      Posts
      172
      Views

      J

      Thanks for all your help your comment about the windows firewall got me to look at it a different way. Turns out during one of my previous attempts to get internet to my VPN clients (a different issue not this one) I messed with some other firewall settings and pushed all of the VPN traffic out the WAN interface which worked fine for getting my clients internet access but caused issues when I tried to access the LAN. I removed that and now with the push route command my clients are able to access the Internet and my LAN

    • A

      Old Dell Poweredge 860 as a router/firewall
      Hardware • dell poweredge router firewall vpn • • AidenTheBot

      2
      0
      Votes
      2
      Posts
      172
      Views

      stephenw10

      That's using a Netburst Xeon right? It's not going to be fast. I don't have much to compare it with but waaay back when I was running a P4 2.8 it was good for ~300Mbps.
      I would expect that pass 400Mbps using firewall and NAT only but maybe not much more.

      Try it and see.

      Steve

    • charles_moody

      DNS Resolver - only on 443 > DNS_PROBE_FINISHED_NXDOMAIN
      DHCP and DNS • dns dns forwarder vpn netflix • • charles_moody

      10
      0
      Votes
      10
      Posts
      297
      Views

      johnpoz

      Your rules force all traffic out the gateway.

      rules.png

      And the rules below that make no sense, because rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

      So your rule sending traffic out your gateway is any any.. When would there be traffic that does trigger that rules.

      When would there be traffic to ! private, that does not match the rule above it any any?

      If you want your clients to talk to pfsense IP.. Where do you allow that? You block talking to pfsense on 443, then your next rule says go out the vpn.. How does vpn have access to pfsense vlan30 interface for example?

    • N

      PPTP подключение через Pfsense
      Russian • pptp vpn • • n1kasus

      5
      0
      Votes
      5
      Posts
      81
      Views

      K

      @n1kasus
      Посмотрите вот тут

      https://www.thin.kiev.ua/router-os/50-pfsense/680-pptp-clien-wan-pfsense-20.html

      Пост старый , но идея ясна
      Тоже самое предложил Dимыч

    • A

      Monitor VMware ESXi Host Using LibreNMS
      Virtualization • vpn • • Aiden Liam

      1
      0
      Votes
      1
      Posts
      587
      Views

      No one has replied

    • guicampos21

      Disable NAT on IPSec output
      NAT • nat ipsec vpn • • guicampos21

      1
      0
      Votes
      1
      Posts
      57
      Views

      No one has replied

    • guicampos21

      IPSec/NAT
      Portuguese • ipsec nat vpn • • guicampos21

      1
      0
      Votes
      1
      Posts
      70
      Views

      No one has replied

    • M

      Single Subnet Traffic through VPN
      General pfSense Questions • vpn • • misanthropist

      2
      0
      Votes
      2
      Posts
      79
      Views

      Z

      Use policy routing
      https://docs.netgate.com/pfsense/en/latest/routing/directing-traffic-with-policy-routing.html
      https://docs.netgate.com/pfsense/en/latest/book/multiwan/policy-routing-configuration.html

    • CNLiberal

      Solution for Multicast Over Tunnel
      General pfSense Questions • vpn multicast gre • • CNLiberal

      7
      0
      Votes
      7
      Posts
      926
      Views

      dotdash

      @CNLiberal said in Solution for Multicast Over Tunnel:

      haven't found decent OpenVPN software for the Mac yet.

      On this point, the client linked on this page from the OpenVPN Access server docs, in my experience, works fine with an OpenVPN server on pfSense. Just import the standard config. I have not tried this with a tap connection. I used the 2.7 version, and haven't tested the 3.1 beta. The page also mentions alternate clients.
      https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-macos/

    • B

      WireGuard release 1.0.0
      General pfSense Questions • vpn wireguard • • bbusa

      6
      0
      Votes
      6
      Posts
      457
      Views

      J

      @jimp Yes would love this feature as wel. Tested it and works really fast en easy to setup. Timeline even for beta release would be great.
      OpenVpn has so much overhead, and just does not meet the speed requirements with low(er) end hardware.

    • A

      L2PT VPN maximum concurrent connections limit?
      IPsec • l2tp vpn • • andrewmso

      7
      0
      Votes
      7
      Posts
      644
      Views

      A

      Thanks, I will look into setting up OpenVPN instead.

    • luis.gil

      Hardware choice for home/office upgrade
      Hardware • minisys qotom xcy hardware vpn • • luis.gil

      2
      0
      Votes
      2
      Posts
      442
      Views

      Raffi_

      All of those links take me to a page that requires login on aliexpress.

      Is there any reason the official netgate solution wouldn't work for you?

      I'm not sure if the SG-3100 would work for the home, office and guest setup using the LAN and OPT1 interfaces. Not sure if the RT-AC87u setup as an access point with a separate guest login would prevent the guest users from accessing the rest of the LAN it's connected to. My feeling is it wouldn't so you might need another interface and AP for the guest if that's the case (SG-5100).

      If price is an issue, I hear good things about the apu2 platform.

    • M

      2 vpn clients setup and keeps dropping what I think is dns
      OpenVPN • vpn firewall rules • • michael178212

      1
      0
      Votes
      1
      Posts
      72
      Views

      No one has replied

    • M

      How to setup multiple concurrent L2TP users?
      IPsec • l2tp vpn ipsec • • Memes11

      2
      0
      Votes
      2
      Posts
      93
      Views

      M

      I could not find my previous post, I thought it was not posted properly, now I found it but can not remove this one... please Admin, remove it and pardon my mistake

    • M

      Multiple Concurrent VPN connection L2TP/IPsec
      IPsec • ipsec l2tp vpn • • Memes11

      1
      0
      Votes
      1
      Posts
      130
      Views

      No one has replied

    • asphalt3

      Windscribe pfsense guide
      OpenVPN • windscribe openvpn setup netflix vpn • • asphalt3

      1
      0
      Votes
      1
      Posts
      669
      Views

      No one has replied

    • B

      Multiple load-balanced VPN clients with same gateway IP
      Routing and Multi WAN • vpn client vpn loadbalance multi-wan gateways • • bgkgangani

      1
      0
      Votes
      1
      Posts
      288
      Views

      No one has replied

    • J

      Pfsense não consegue fechar mais de um túnel vpn
      Portuguese • vpn windows server rdp firewall • • junior-soares

      1
      0
      Votes
      1
      Posts
      143
      Views

      No one has replied

    • N

      how to outbound NAT an OpenVPN peer-to-peer network.
      OpenVPN • vpn nat peer-to-peer • • nuclearstrength

      1
      0
      Votes
      1
      Posts
      242
      Views

      No one has replied

    • C

      VPN S2S Fortigate Fortiwan no Levanta
      Español • vpn • • chucho_lestat

      1
      0
      Votes
      1
      Posts
      77
      Views

      No one has replied

    • P

      NAT VLAN through VPN Troubles
      NAT • nat vlan vpn headers • • picnicsecurity

      5
      0
      Votes
      5
      Posts
      321
      Views

      P

      @Pippin Thank you for the reply. I went into VPN -> OpenVPN -> Clients and edited my client's configuration. Under Advanced Configuration I put into the custom options "ns-cert-type server; persist-tun; persist-key; mssfix 1400" and then saved. I then reloaded the VPN by going to Status -> OpenVPN. I did the usual ping/nmap verification checks to confirm connectivity. However this does not seem to have done anything. Below is a picture of the wireshark output (with the TCP stream from the browser being currently selected) and below that is the capture file.

      Untitled.png

      mssfix1400_full_cap.pcapng

    • S

      AWS VPN BGP - Routing
      General pfSense Questions • vpn ipsec virtualip desperate bgp • • stev

      23
      0
      Votes
      23
      Posts
      1796
      Views

      M

      P.S. I take it back - you may need firewall rules for IPSec to allow BGP traffic. You can create them from the firewall logs if you see blocked BGP traffic on IPSec.

    • asphalt3

      Slow Speeds
      Traffic Shaping • pfsense low download speed vpn • • asphalt3

      12
      0
      Votes
      12
      Posts
      433
      Views

      asphalt3

      @KOM ok thanks will try that

    • J

      Computers can't see each other | Equipos cliente no responden a traves de la VPN
      OpenVPN • openvpn pfsense vpn • • jogofus

      2
      0
      Votes
      2
      Posts
      96
      Views

      Rico

      Show your OpenVPN Config and Firewall Rules (Screenshots).

      -Rico

    • B

      Google Cloud to pfSense VPN with BGP Dynamic Routing
      IPsec • ipsec vpn google cloud bgp dynamic routing • • block24

      7
      0
      Votes
      7
      Posts
      2133
      Views

      B

      Thanks Pablo. Good to have in case we ever move to an HA setup with Google VPN. For anyone else that reads this, my posts were for the Classic Google VPN setup (non HA).

      One note I wanted to add, in the BGP settings in my instructions above, don't change the setting for "Redistribute connected networks" to Yes. When set to Yes this advertised our WAN network to Google and caused issues with hitting public facing servers we had in Google. Since we only have a few networks locally, I just manually defined those along with the BGP network 169.254.10.0/30 in the fields below that setting.

      The other option may be to change the setting to Yes and somehow mark it to ignore the WAN network, but I haven't looked into that.

    • M

      Mobile Clients not sending all traffic via VPN
      IPsec • ipsec vpn • • MayneIT

      1
      0
      Votes
      1
      Posts
      85
      Views

      No one has replied