Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn on PF 2 B4 remote access for users

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tbaror
      last edited by

      Hello All,

      I am setting OpenVpn for our branch users we are using Pfsense 2 B4 18 Nov release.

      There are few settings i didn't understand well, first one on the servers settings mod of auth and listen Port UDP or TCP as showing in first screen shoot.
      Second setting what should i export for user and how do i create the config file for user.

      Please advice

      Thanks

      open1.PNG
      open1.PNG_thumb
      open2.PNG
      open2.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        UDP is best unless you have no choice.

        Auth mode is up to you, if you plan on making the users in the GUI and giving them certificates, then what you have (SSL/TLS + User Auth) is best.

        Go to System > Packages and install the OpenVPN Client Export package, then you can go to VPN > OpenVPN, and you'll have a Client Export tab, from there you can download a config file, or even an executable installer that preloads the certificates into the OpenVPN client software.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          tbaror
          last edited by

          @jimp:

          UDP is best unless you have no choice.

          Auth mode is up to you, if you plan on making the users in the GUI and giving them certificates, then what you have (SSL/TLS + User Auth) is best.

          Go to System > Packages and install the OpenVPN Client Export package, then you can go to VPN > OpenVPN, and you'll have a Client Export tab, from there you can download a config file, or even an executable installer that preloads the certificates into the OpenVPN client software.

          Thank you works great :D ,
          Now only one last issue i cant connect local LAN's from remote host ,did i forget  settings i see that firewall rule were created access with no restriction maybe there routing missing somewhere?

          Thanks again

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If you have more than one subnet, you need to push more routes to the clients using the custom options box. There are multiple threads and documents about that here on the forum and on the doc wiki. If you are unable to resolve the situation, please start a new thread with an appropriate subject so that it will draw more attention.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • T
              tbaror
              last edited by

              @jimp:

              If you have more than one subnet, you need to push more routes to the clients using the custom options box. There are multiple threads and documents about that here on the forum and on the doc wiki. If you are unable to resolve the situation, please start a new thread with an appropriate subject so that it will draw more attention.

              Again thank you
              I added route under```
              Advanced configuration >push "route 192.115.37.0 255.255.255.0";

              work like a charm
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.