Thanks for your help, seems the client didn't like being converted to tap, I recreated a new client config with the exact same data and it worked.

Okay, I see one additional possible reason for this behaviour: the client uses another upstream gateway. So requests come through the vpn to the client, but responses are sent to its default gateway and will be blocked there. You can resolve this either by checking "Redirect gateway" in the server settings to direct the whole client traffic over the vpn (you can also do this just for this one client with client specific overrides) or you do outbound NAT for the traffic forwarded to this client and translate the source address to the interface IP. The latter has the disadvantage that the client doesn't see the original IP address.

Many thanks for your replies.

I just see this recently posted here: https://forum.pfsense.org/index.php?topic=118196.0 Will try that and post back if it does not work. Thanks. Tom. EDIT: That worked perfectly for me. I did just need to also disable the default LAN rule.

When you test from your inside host it is connecting out WAN so that is the IP address it will be testing. You need to create a rule on LAN that policy routes that test traffic out OPT1 so that is the interface the test is done on.

That worked perfectly. Thank you so much.

That makes sense.  I notice, however, that some of the warnings have a source IP that is internal to my network.  How would one explain that?

Ah, shared key.  ok.

Hi iorx, The OpenVPN road warrior can go to all the LAN where it is connected to as well as all the Ipsec tunnels. Where I have a problem is that the OpenVPN road warrior cannot go to other OpenVPN site-to-sites… Regards, Carlos

I found the solution to my problem. I went through a clean install, but there was no change in the issue of the OpenVPN client disconnecting.  I finally tried changing from UDP to TCP for OpenVPN.  This resolved the issue.  I believe it is due to poor line quality from my ISP and TCP dealing with the errors better.

I don't really want to see your asci art.. Post up your setting in your gui.. Where is the one that works… So your trying to use the same port on both of them?? lport 1194

If you guys could share your OpenVPN Client config screens, that would be great.  I've been configuring it and I'm being jerked around by an AUTH_FAILED error, when I know for a fact that the user/pass are correct because I can connect with those creds when using their app on Windows. Edit:  Bizarre.  My creds work just fine when using the VyprVPN app.  When using their .ovpn file with OpenVPN, I can't authenticate with those same creds.  That explains why I couldn't connect via pfSense.  Time to see what's up with the VyprVPN folks.

Why are you bridging if the subnets are different? You have given the two sides no way to reach each other. There is no tunnel network on the VPN for them to use as a gateway, and they have no subnets in common. Routing requires both sides to have an address in a common subnet. It can't push nor use routes because there is nowhere for them to go. Usually in a bridge scenario the LANs are the same subnet. From the look of your network layout, you don't need nor want a bridge. You could use tap but there is no advantage in this scenario. Remove the bridge components and follow this to setup the VPN using SSL/TLS like you have started: https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)