@noplan Thank you !

@milosz-engel for openvpn look here: openvpn-external-crl-automatic-renewing-openvpn-restart So... you could download the CRL with Curl, transfrom it in x509 and drop it where it is needed.

@gertjan You should try how the script works. It returns IP address of the LEAST loaded server in a country at this moment . The idea I have is to use cron to stop VPN client every 15 minutes, get the least loaded server IP, change it in pfSense OpenVPN client config and start the client. This way my pfSense will be "always" connected to the fastest server in a specific country.

@gertjan gotcha so my scenario is that I have a user who needs a vpn address from me but does not need my dns, or dns suffix. Just the remote network. So I believed that setting a csc with no dns option would work but instead they get the firewalls upstream dns servers which I didn’t expect.

@viragomann sorry, still don't understand, how to stop traffic from passing to normal gateways and pass it to openvpn client instead; don't capture general idea

@dimskraft Use the same command on pfSense ;) [image: 1646651924201-55c83b55-c7a9-4f0e-a804-bfeb184198ee-image.png] Your (old now) pfSEnse 2.5.1 is using (I don't recall any more) OpenVPN 2.5.2 ? 2.5.x on the client side, and 2.4.x on the server side (probably time to upgrade your docker and pfSEnse) should work. But there is a but. If you use mixed versions on both sides, you should really read the changelogs : https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25, just to make sure you not using an option that changed somewhat. Did the phone app test work ? What about an easy bare bone setup with certs, just a user/password + no -or minimal) crypto) stuff. That is, if you control the server side and have access to the server log file.

@bob-dig Thank you for all your help! BTW I updated to 2.6 AND I will make a back up of my config once I have everything back up. PFBlocker is next. :)

Try all of the below but none is working: Disabling 'Dynamic IP' setting Upgraded to latest pfSense version 2.6.0 Enabled the following [image: 1646390209421-4df3f129-3a62-4349-ba1d-ab25758f97bd-image.png] Looks like there is bug in pfSense?

@viragomann I think after some googling and a few coffees I found my solution: https://forum.netgate.com/topic/127814/pfsense-only-openvpn-server-with-only-single-interface-wan I haven't tested it yet, but it must be almost this problem. Thank you!

@alexparedes Did you also update the client? Which client is it? Also check the server logs for hints on what is failing.

after review, this is coming from older version with the EXIT NOTIFY... how can i fix old upgraded router without having EXIT NOTIFY ? powershell command ? re-make the tunnel ? thanks !

I get even worse results ... Machine A (pfSense 2.6.0): time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm 2022-02-26 19:22:27 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled 0.192u 0.000s 0:00.19 100.0% 601+171k 1+0io 0pf+0w Machine B (pfSense 2.6.0): time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-gcm 2022-02-26 19:22:35 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled 0.587u 0.023s 0:00.61 98.3% 618+176k 0+0io 0pf+0w I spent most of the day trying to reach reasonable speeds, and this is the result: iperf3 -c 172.16.16.1 -R Connecting to host 172.16.16.1, port 5201 Reverse mode, remote host 172.16.16.1 is sending [ 5] local 172.16.16.2 port 53032 connected to 172.16.16.1 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 6.10 MBytes 51.2 Mbits/sec [ 5] 1.00-2.00 sec 8.03 MBytes 67.4 Mbits/sec [ 5] 2.00-3.00 sec 7.28 MBytes 61.1 Mbits/sec [ 5] 3.00-4.00 sec 7.60 MBytes 63.8 Mbits/sec [ 5] 4.00-5.00 sec 6.77 MBytes 56.8 Mbits/sec [ 5] 5.00-6.00 sec 7.17 MBytes 60.1 Mbits/sec [ 5] 6.00-7.00 sec 8.87 MBytes 74.4 Mbits/sec [ 5] 7.00-8.00 sec 7.41 MBytes 62.2 Mbits/sec [ 5] 8.00-9.01 sec 7.54 MBytes 62.9 Mbits/sec [ 5] 9.01-10.00 sec 6.44 MBytes 54.3 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.14 sec 73.4 MBytes 60.7 Mbits/sec 91 sender [ 5] 0.00-10.00 sec 73.2 MBytes 61.4 Mbits/sec receiver