@derelict I will try to post the network diagram. We are using two Devices at the Remote sites: An Intel NUC running custom data acquisition software which periodically publishes messages to the MQTT Broker at the central site . It initiates the OpenVPN channel to the central site via the 4G cellular wireless router. There is a power controlling/monitoring device at the site which has a web and SNMP interface. We need to occasionally check or reconfigure that from the central site. We would like to SSH into that device from the central site across the OpenVPN tunnel. All of this palava comes about because of the "carrier grade NAT" at these Remote sites, which means we don't have static IP addresses and DynDNS doesn't work so we need to open the comms channel from that end.

Hi Folks I tore the entire system down and redid it from scratch from the actual manual. This time it worked . So not sure what I missed but all is good now. Thanks for your input.

RESOLVED! The problem was the MTU of VPN! I had MTU 1500 but max of my openvpn machine was 1472. I add mssfix 1420 fragment 1472 mtu-test to openvpn client config and all works! Thanks!

@jimp said in OpenVPN - Connected Since time is wrong: What time zone did you select? Looks like you used one of the GMT offset zones which really shouldn't be used. Pick a geographically named zone and restart things again. Thanks I changed to Europe/London and it seems to be working well for now :)

@johnpoz Are you sure it is secure ? :) You mean register from DHCP ? Yes I do

Anyone have an ideas? I think it might be a route issue, but I'm not sure since sometimes the connections go though and sometimes they time out.

ok firewall rules created by openvpn wizard vpn server settings created with vpn wizard vpn client vpn file created by export wizard

I will follow the instructions and let u know, thanks for your help.

@johnpoz I suppose in the final setup it wont be needed as this will be the only gateway, but at the moment I need it as it is not our primary gateway just yet. Thanks for your help on this anyway John.

Check out the following guide which explains quite well how to set up multiple OpenVPN client connections in pfSense: https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

glad to hear. sometimes the small details make the difference

You cannot route the servers public IP through the tunnel. That would mean the vpn tunnel would be routed through the tunnel itself. How should that work? Access the web server by its internal IP. Also you can setup a split DNS and provide it to the vpn clients. So the client get the internal IP when they try to access the web server.

im sure im done this wrong.. and not trying to get you mad.. just learning as i go and ok ill check out that stuff reason i put the block on is.. its below the NordVPN and doesnt that mean yes when NordVPN service is working it does that rule.. but if the NordVPN is offline it would skip that rule right ..or does it still keep that rule... as thats the reason i put that block below nordvpn incase the service would shut off then the rule gets skipped and goes to allow it.. because the last line is your Default Lan so when the NordVPN goes down.. i still can use the internet im just not behind it anymore... so thats how i thought it worked NordVPN up -----> all computers are behind vpn NordVPN goes down -----> blocks the 1 computer... ---->runs last rule that allows rest of the computers to access the internet... thought thats how those rules worked i have set.... as for the block of the tunnell here is the image but im sure i did it wrong.. but im trying and ill google the info you mentioned thanks so far[image: 1536417062747-openvpn5-resized.jpg]

This fixed my speed issues. In your open vpn client settings I added this to my custom options. My speeds went from 40Mbps, to 90Mbps. My ping times also went from 27ms to 20ms This was recommended from this thread. https://forum.netgate.com/topic/114212/aes-ni-cryptodev-openvpn-help-a-n00b-understand/23 fast-io sndbuf 524288 rcvbuf 524288

What are addresses VPN net and VPN address If you assigned an interface to the OpenVPN instance then set addresses and gateways on that interface you did it wrong. Why port forward at all? Why not just directly route to 192.168.0.5?

Hello okay i got it working now :)