VPN interface is up, but is being bypassed.
-
I had to replace the certificate for my VPN as it expired and now I am having trouble getting to work again. Please keep in mind my friend help me set pfSense for me and initially installed the VPN as well. However I know I will be able to fix it. Also I got a premium CyberGhost VPN for free so don't hate :P
CA: I downloaded the keys from the CyberGhost website and selected UDP OpenVPN as the protocol.
https://image.prntscr.com/image/TJ2_jsY3RQio0eEBT41dow.pngCertificate: NOTE I did not change this since they are not expired!
https://image.prntscr.com/image/Db-6EOIVQJyxPKEM6qhr6Q.pngOpenVPN Client Page:
https://image.prntscr.com/image/Rsuet_jbSyyef-FJdynV1g.png
https://image.prntscr.com/image/6khfkjGTQhS196ImepnRjA.png
Everything else on this page is left blank except the IPv4 tunnel network, and IPv6 is checked to be disabled.This is in the "custom options" box at the bottom of the page. My friend added this and frankly I have no idea what it means so I have never touched it.
tun-mtu 1500 fragment 1300 mssfix 1300 remote-cert-tls serverEDIT: I removed the images and added the links as the images were huge and made the post very cluttered.
-
That all looks reasonable.
Custom options should be separated by a semicolon as it says on the page so if you've entered them like that, new lines for each, it won't work. The actual options look fine but those set to 1300 they may not right now.
If the tunnel is up and you're receiving an IP address it's not an issue with your certs/CA. If it was you would never get that far.
What exactly are you seeing happen? Traffic just goes out the WAN directly? What have you done to route that traffic via the VPN? Your screenshots don't show the tunnel settings there.
Steve
