Hi all Still no have access to file server nor server mail. I have on openvpn rules * * * * and also in lan rules I have * * * * but if i go on diagnostic/ping and try to ping my file server from my vpn server, i can't

^ good example, if your not using user certs to validate user as 2FA then there is really nothing that can not be publicly published. And you don't have to worry about the certs because your using a different OTP as your 2FA..

I would imagine that you could follow the guide to setting up a Private Internet Access (PIA) VPN, and just replace anything in the guide that is specific to PIA with the information from hide.me.  Maybe combine a tutorial for PIA with the hide.me tutorial for setting up a client on an DD-WRT Router?  The hide.me DD-WRT guide on their site for an OpenVPN configuration should give you what you need to swap out with PIA when following the PIA guide. DDWRT Guide: https://hide.me/en/vpnsetup/ddwrt/openvpn/ PIA Guide for pfSense: https://forum.pfsense.org/index.php?topic=76015.0

the rule looks good.

@jameswebb: Can you try disabling TLS-Auth - then we can try and pick out the problem further if this works. James Alright. So I disabled TLS-auth for the remote OpenVPN. And rebooted a few times, to test. After each reboot, I can connect from my client w/o problems (deleted the tls auth in the config). BUT it seems OpenVPN server 2 (p2p) got somehow affects as now the pfsense cannot tracert nor ping the branch office pfsense (not even the tunnel IP) but the branch office pfsense can successfully ping the headquarter pfsense. (that worked before, I even tested a anything-open-for-anything rule for LAN just in case) After that I enabled TLS-auth again, with the original key. My client was still able to connect successfully. After that I rebooted once again and it remains working. So the bug seems to be fixed, which is great. The pfsense can still not ping the branch office pfsense (yes the BOpfsense has a rule on OpenVPN to allow anything for the HQpfsense and as written it was working before). I'd like to get that working again, too. But as long as both OpenVPN are working again without flaw also after reboots I'm quite happy again. Thanks for the hint.

I actually have the issue on all UDP ports. My VPN provider says to use UDP 2000 or something like that and if that doesn't work try UDP 53. I get the same speed issues on both. But not on TCP 443.

When I created my PIA Interface it let me leave it as none for the IPv4 Configuration Type setting.

The PFsense is connected both to WAN ISP provider and network Lan, yes it's just a handful of users (2-3 max). What you mean with asymetrical routing isues?, I already have a site-to-site OpenVPN that links 2 lans located in different places and works great.

@viragomann: You can achieve it with NAT. Go to Firewall > NAT > Outbound If the rule generation mode is set to Automatic set it to Hybrid and save the settings. Then add a new rule: Interface LAN Source: 10.5.0.0/24 (the VPN tunnel subnet) The other settings should stay on their defaults, enter a description and save it. perfect! Thanks a lot

Here are my NAT Outbound settings that granted my remote clients access to the Internet, but then broke access to the LAN.  I had to copy the two rules for my VPN Server (10.0.0.0/24) and replace WAN with the PIA VPN interface and now when I remotely connect to my VPN server the clients have internet access through the PIA VPN.  Anyone know how to get both LAN and Internet access for OpenVPN server clients that are remotely connected? [image: y4mEXk7KoQU4B6sPRulJ_3SN2BOScjfJynnv8r4UlVNvOxBcscO3eIZrI4cg39LE1QJHkYVcJRHesBtzdJy9YpkBIvgAfmQEyUXF0HzPY-tQvEGfVGMT8ASmZNu3vtbX_qsT1GVVagx9fzJTUBvkDl4pw3T9nC_ZGQAVKtt6-ymNDlFKnz-uZeb_olGAoKDIvPpjWS8vVK-RhlFUg45izcphg?width=1153&height=681&cropmode=none] You probably need to post screenshots of you Firewall Rules (WAN and LAN) as well as your NAT Outbound before you can get suggestions like the one that solved my problem.

For the killswitch, just have all of your firewall rules that route your traffic to the VPN use the VPN interface as the gateway, if the gateway is down then the internet is down. For the DNS leak I think this setup would be best: Do what you already did (select VPN interfaces as only outbound interfaces for DNS resolver) Go to General Setup and check "DNS Server Override" but leave all of the fields blank (also leave all other DNS fields blank, don't put your VPN providers DNS, google DNS, etc. in any of these fields, all of them totally blank). On whatever clients that you don't want using VPN DNS, create a static IP, and enter the DNS server that you want that client to use. In this setup everything will resolve to Root servers via the VPN by default. All clients that you create a static mapping for will resolve to whatever DNS server you assign via WAN (assuming you didn't force them through the VPN with firewall rules).

I have the exact some issue, did you ever resolve this?

Thank you for quick response Of course I for forget some lines On the road warrior server: push "route 10.0.1.0 255.255.255.0"; On the pfsense client with 10.0.1.1/24 network  """"10.0.101.0/24 is the roadwarrior OpenVPN range"""" route 10.0.101.0 255.255.255.0;

@Scurz: Hi all, After lots of tries, I haven't found a solution. I'm setting up an openvpn server. My network is : LAN interface : 10.50.99.16 OPT1 : 10.8.0.1 OpenVPN : IPv4 Tunnel Network : 10.8.0.0/24 IPv4 Local network(s) : 10.50.99.0/24 My routing table as a client is : 10.8.0.0    255.255.255.0        On-link          10.8.0.2    311         10.8.0.2  255.255.255.255        On-link          10.8.0.2    311         10.8.0.255  255.255.255.255        On-link          10.8.0.2    311         255.255.255.255  255.255.255.255        On-link          10.8.0.2    311         224.0.0.0        240.0.0.0        On-link          10.8.0.2    311 In my case, I can ping my own gateway (10.8.0.1) but I can't reach the subnet 10.50.99.0/24. Do you have any idea? There is no NAT, everything is open in the lan rules. Thank you You need a separate subnet for the "tunnel network"; one that doesn't conflict with your OPT1 subnet.

00goat, I was getting the exact symptom this morning when I first set my MacBook up with Viscosity. In Viscosity turn on the Details and then open the log, third tab. I will give you pretty good clues as to what's FUBAR. In my case it was a cipher setting I had to comment out and I also had to turn on username/password prompting. But your server settings could be different so have a go at the Viscosity logs first. Doug