Openvpn server on pfsense with clients connecting

shapeshifter910

I used the wizard to set up the Openvpn service.
It's running in "Remote Access (SSL/TLS + User Auth) mode.
I then exported the Openvpn client for Windows.
Installed the client on a Windows 7 Pro machine.
Made a Openvpn connection but the IP address that shows when browsing the web was not changed to the VPN server address.
So I checked the box that says "Force all client-generated IPv4 traffic through the tunnel." under Redirect IPv4 Gateway and then the address finally changed.
But still I don't see any LAN devices (computers, printers) on the VPN server network.

Both networks have pfsense for routers, standard ISP modems in bridged mode.
No other firewalls or routers in-between.

What am I missing? Is the wizard broken?
Shouldn't at least my client get the IP of the VPN server as that's one of the primary reasons of having a VPN.
The other reason - reaching local LAN devices is kind of expected too by default.

Also, it's not clear at all which Openvpn client to export for use with Mac OSX.

Rico

Show your Settings (Screenshots) and Logfiles.
No Problem here with the wizard, nothing is broken.

-Rico

Derelict

The very best thing to use on macOS is Viscosity. No, it's not free but it works great.

https://www.sparklabs.com/

You can use either of the Viscosity exports.

shapeshifter910

@derelict said in Openvpn server on pfsense with clients connecting:

The very best thing to use on macOS is Viscosity. No, it's not free but it works great.

https://www.sparklabs.com/

You can use either of the Viscosity exports.

I think I used one of the generic exports and it worked with the free client after couple trial and errors.
I can ping and reach computers on the server LAN by ip address but can't reach them by their names.

Derelict

Then you need to be sure the client is using a DNS server that has those names in a zone.

shapeshifter910

@derelict said in Openvpn server on pfsense with clients connecting:

Then you need to be sure the client is using a DNS server that has those names in a zone.

I'm using the pfsense dns resolver.
And I specified two dns servers in the Openvpn config - one from the isp and then the vpn server's ip.
Why would the dns resolver not already have all the local lan machines in its list?
I even checked the boxes for lan static mappings to get resolved as I have a few machines with static ip addresses.
I've had nothing but problems with pfsense and dns resolution on lans recently.
Some of my lans don't list any local machines, some only list a few machines, some list them sometimes and other times they don't.
All my lans are basic windows networks with pfsense as the main router - super simple layout and should just work.

Derelict

So troubleshoot resolving names from one of the connected clients and see where the process is breaking down. Do you know how to troubleshoot DNS issues using tools like dig and drill?

Yeah. we know you have had nothing but problems with pfSense insert feature here lately. So troubleshoot it.