Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn server on pfsense with clients connecting

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 939 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shapeshifter910
      last edited by

      I used the wizard to set up the Openvpn service.
      It's running in "Remote Access (SSL/TLS + User Auth) mode.
      I then exported the Openvpn client for Windows.
      Installed the client on a Windows 7 Pro machine.
      Made a Openvpn connection but the IP address that shows when browsing the web was not changed to the VPN server address.
      So I checked the box that says "Force all client-generated IPv4 traffic through the tunnel." under Redirect IPv4 Gateway and then the address finally changed.
      But still I don't see any LAN devices (computers, printers) on the VPN server network.

      Both networks have pfsense for routers, standard ISP modems in bridged mode.
      No other firewalls or routers in-between.

      What am I missing? Is the wizard broken?
      Shouldn't at least my client get the IP of the VPN server as that's one of the primary reasons of having a VPN.
      The other reason - reaching local LAN devices is kind of expected too by default.

      Also, it's not clear at all which Openvpn client to export for use with Mac OSX.

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by Rico

        Show your Settings (Screenshots) and Logfiles.
        No Problem here with the wizard, nothing is broken.

        -Rico

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          The very best thing to use on macOS is Viscosity. No, it's not free but it works great.

          https://www.sparklabs.com/
          

          You can use either of the Viscosity exports.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          S 1 Reply Last reply Reply Quote 0
          • S
            shapeshifter910 @Derelict
            last edited by

            @derelict said in Openvpn server on pfsense with clients connecting:

            The very best thing to use on macOS is Viscosity. No, it's not free but it works great.

            https://www.sparklabs.com/
            

            You can use either of the Viscosity exports.

            I think I used one of the generic exports and it worked with the free client after couple trial and errors.
            I can ping and reach computers on the server LAN by ip address but can't reach them by their names.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Then you need to be sure the client is using a DNS server that has those names in a zone.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              S 1 Reply Last reply Reply Quote 0
              • S
                shapeshifter910 @Derelict
                last edited by

                @derelict said in Openvpn server on pfsense with clients connecting:

                Then you need to be sure the client is using a DNS server that has those names in a zone.

                I'm using the pfsense dns resolver.
                And I specified two dns servers in the Openvpn config - one from the isp and then the vpn server's ip.
                Why would the dns resolver not already have all the local lan machines in its list?
                I even checked the boxes for lan static mappings to get resolved as I have a few machines with static ip addresses.
                I've had nothing but problems with pfsense and dns resolution on lans recently.
                Some of my lans don't list any local machines, some only list a few machines, some list them sometimes and other times they don't.
                All my lans are basic windows networks with pfsense as the main router - super simple layout and should just work.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  So troubleshoot resolving names from one of the connected clients and see where the process is breaking down. Do you know how to troubleshoot DNS issues using tools like dig and drill?

                  Yeah. we know you have had nothing but problems with pfSense insert feature here lately. So troubleshoot it.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.