VPN interface is up, but is being bypassed.



  • I had to replace the certificate for my VPN as it expired and now I am having trouble getting to work again. Please keep in mind my friend help me set pfSense for me and initially installed the VPN as well. However I know I will be able to fix it. Also I got a premium CyberGhost VPN for free so don't hate  :P

    CA: I downloaded the keys from the CyberGhost website and selected UDP OpenVPN as the protocol.
    https://image.prntscr.com/image/TJ2_jsY3RQio0eEBT41dow.png

    Certificate: NOTE I did not change this since they are not expired!
    https://image.prntscr.com/image/Db-6EOIVQJyxPKEM6qhr6Q.png

    OpenVPN Client Page:
    https://image.prntscr.com/image/Rsuet_jbSyyef-FJdynV1g.png
    https://image.prntscr.com/image/6khfkjGTQhS196ImepnRjA.png
    Everything else on this page is left blank except the IPv4 tunnel network, and IPv6 is checked to be disabled.

    This is in the "custom options" box at the bottom of the page. My friend added this and frankly I have no idea what it means so I have never touched it.

    tun-mtu 1500 
    fragment 1300
    mssfix 1300
    remote-cert-tls server
    

    EDIT: I removed the images and added the links as the images were huge and made the post very cluttered.


  • Netgate Administrator

    That all looks reasonable.

    Custom options should be separated by a semicolon as it says on the page so if you've entered them like that, new lines for each, it won't work. The actual options look fine but those set to 1300 they may not right now.

    If the tunnel is up and you're receiving an IP address it's not an issue with your certs/CA. If it was you would never get that far.

    What exactly are you seeing happen? Traffic just goes out the WAN directly? What have you done to route that traffic via the VPN? Your screenshots don't show the tunnel settings there.

    Steve