Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Difference between OpenVPN Server and Client in P2P mode

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orgel
      last edited by

      Hello everyone!

      I'm bit new to pfsense, so I hope I don't ask a FAQ.

      What is the difference between OpenVPN Client and Server while working in P2P-mode with preshared keys? I'm quite experienced with OpenVPN and normaly you just configure a server for both sites.

      What is the difference with pfsense?

      Regards,

      Thomas

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        OpenVPN in static key mode is always one client, one server, at least in any place I've ever touched it.

        You just pick one side to be the server, one side to be the client. Server listens for connections, client is the one that tries to initiate. Make sure the key matches on both, and set the routes you want on both ends, and it should just work.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • O
          orgel
          last edited by

          No, this isn't correct (I found it out myself).

          OpenVPN behaves exactly as described in the manual. There is NO client or server in static-key mode. Even "clients" will connect to each other. The difference with pfsense is, that it omits the "remote <adress>" option when it's configured as server (if you add it under "Advanced configuration", you'll get the "client"; "rport" option is also important).

          This can be important if you connect to systems with dyndns adresses (for example), because you get a conection even if the "servers"-adress won't resolve at the moment (because the "server" connects the "client").

          Anyway, it works as expected…</adress>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.