@kprovost thanks for your help I went from 18kbs-200 up to 580kbs that was significant with mss clamping max enabled

@Gertjan The page links to an OpenVPN config files page which has no mention of pfsense. The CA,crt files look very odd in that they contain 2 lots of certificate data. I could not get either to work. The CA file sent to me by a tech support guy worked fine. Thanks again for your assistance

It is probably related to the NPS Extension for Azure MFA version, of which we have the latest 1.2.2216.1. My guess is that the prior successful posts were all written when using earlier versions of NPS Extension for Azure MFA.

@Antibiotic Now remove everything regarding OpenVPN and adjust Wireguard from the same provider and traffic anyway not going over VPN. What the hell is going on with this BETA?

Hello, i ran into this issue quite a while ago. Last time i tried to use ec25519 certs i went to the official doku pages. They are referencing to a list of compatible / accepted algorithm but unfortunately forget to put a link to this list into the dokumentation. Certificate Properties -> curve name. Does somebody know were to find this reference? Thank you very much.

@snewby review the following from documentation Short of changing MSS, Options to scale ovpn are quite limited https://docs.netgate.com/pfsense/en/latest/vpn/performance.html#scaling-openvpn

@ojosaghae Clients in VPN - OpenVPN - Clients - are for VPN services like SurfShark, NordVPN. ExpressVPN.. where the connections you create to these services would show as clients. I think you are running your own OpenVPN server for "Road Warrior" access. So no, if I am correct in my perspective. However if you want to assign a specific IP to each "Road Warrior" device you can us the "Client Specific Overrides" - VPN - OpenVPN - Client Specific Overrides.

@viragomann nevermind LOL im such an idiot. U are correct sir, it was a windows firewall issue, I feel so stupid!!!! Im connecting to my shares now

@cotton "Great success"...if you know what i mean.

@Bridger yeah if you put pfsense behind the isp "router" then no need for pppoe - mystery solved.

If you use SHA1 in clients. Temporary add "tls-cert-profile insecure" in "Advanced Configuration -> Custom options" on your Server.

@br8bruno Gateways seem to get created for both openvpn server and client instances. Whilst I believe it is not absolutely necessary, that is how it is done in pfsense and you are then able to policy route (select a non-default gateway) in your firewall rules. EDIT: You can turn off the gateway creation in the openvpn server|client config.

@Draco By any chance you upgraded the pfsense (and or openvpn package) recently ? I got 'similar issue' that left me baffled till this day see here , maybe it is similar with what you experiencing.

@Stefano-Coccia I created an networks alias: [image: 1730326497463-cf232d43-b3ac-44d1-86f5-f2d45c837db7-grafik.png] Then I use this in the firewall rules to allow internet access: [image: 1730326609280-b9b952ec-707f-4674-9296-b40cfedb19b0-grafik.png] The alias includes all RFC 1918 (private) network ranges. Note that in the rule "invert. match" is checked. So the pass rule is only applied to traffic with other destinations then the alias. To allow access to internal services like DNS, you need to add additional rules then. E.g. [image: 1730326826680-74728306-3bf6-47bf-9450-6bb6b783013d-grafik.png]

@davek79 I’d try to kill all states and let Pfsense rebuild the state table. I believe a restart would do the same thing. If that doesn’t resolve it then you’re going to have to start posting info. Your OpenVPN rules and OpenVPN settings.

The same thing happens to me too. With the previous version of PFSENSE it did not happen, and now with version 2.7.2 when I click on client export it takes a long time to load. It must be some error on the part of the package or the 2.7.2 update. Yes, it is true that I have many certificates created, but before it did not happen and now it does. Can Netgate fix this?