Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN interface is up, but is being bypassed.

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 554 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      gunnerrrrrrr
      last edited by

      I had to replace the certificate for my VPN as it expired and now I am having trouble getting to work again. Please keep in mind my friend help me set pfSense for me and initially installed the VPN as well. However I know I will be able to fix it. Also I got a premium CyberGhost VPN for free so don't hate  :P

      CA: I downloaded the keys from the CyberGhost website and selected UDP OpenVPN as the protocol.
      https://image.prntscr.com/image/TJ2_jsY3RQio0eEBT41dow.png

      Certificate: NOTE I did not change this since they are not expired!
      https://image.prntscr.com/image/Db-6EOIVQJyxPKEM6qhr6Q.png

      OpenVPN Client Page:
      https://image.prntscr.com/image/Rsuet_jbSyyef-FJdynV1g.png
      https://image.prntscr.com/image/6khfkjGTQhS196ImepnRjA.png
      Everything else on this page is left blank except the IPv4 tunnel network, and IPv6 is checked to be disabled.

      This is in the "custom options" box at the bottom of the page. My friend added this and frankly I have no idea what it means so I have never touched it.

      tun-mtu 1500 
fragment 1300
mssfix 1300
remote-cert-tls server

      EDIT: I removed the images and added the links as the images were huge and made the post very cluttered.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        That all looks reasonable.

        Custom options should be separated by a semicolon as it says on the page so if you've entered them like that, new lines for each, it won't work. The actual options look fine but those set to 1300 they may not right now.

        If the tunnel is up and you're receiving an IP address it's not an issue with your certs/CA. If it was you would never get that far.

        What exactly are you seeing happen? Traffic just goes out the WAN directly? What have you done to route that traffic via the VPN? Your screenshots don't show the tunnel settings there.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.