@johnpoz: T-mobile doesn't even give out IPv4 anymore.. Atleast not here in chicagoland on my cellphone. This is true on my iPhone but my hotspot device (one of the two they currently sell) is IPv4 only.

I'd add: push "route 10.0.0.0 255.255.255.0"; to the OVPN RAS server you have on 192.168.1.10 under Advanced Options / Custom Options in the OVPN settings.  You'd "push" that route to the client, thus forcing that network down the tunnel. Cheers!

@Jackish: As far as I know, "Force all client generated traffic through the tunnel" changes nothing on Pfsense side; it only pushes the default gateway directive to the clients. Interesting! Thank you very much for that hint. I guess I will have to set up some virtual machines and reproduce my setup to see what would change for me if I enable the option. I can not do this with my current physical setup.

Not anymore. My predecessor set up the vpn with tap in order to use our central DHCP server, but now we push addresses from the the OpenVPN server instead. I guess I'll have to bite the bullet and restructure the whole setup with multiple networks. I guess it won't need to be that disruptive - I can migrate users to the networks incrementally, leaving the old setup running in parallel until everybody gets on the new setup. Thanks.

Ok, in this case the outside router is my vpn provider and I have port forwarding set up there. I'll poke around some more, thanks.

Hi guys My situation and configuration is same as user angelbit described, but for now i have only one mikrotik client. Pfsense is an openvn server and mikrotik can connect to it with no errors. I have tried your suggestions about assignig new interface (vpn) in pfsenes but still no success. Can not ping from pfsense and pfsenes lan to mikrtoik lan ip and lan clients. Can ping from mikrotik and mikrotik lan to pfsense lan clients. When pinging from pfsense lan to mikrotik lan i can see pacekts on pfsense vpn interface but not seeing on mikrotik vpn interface (tcpdup, packet capture). Have any sugesstions ? Regards

I don't know if it's actually the reason for this (I'd been using this configuration for months without problem), but it looks like it might be a conflict between a Traffic Shaper and the OpenVPN clients on the pfSense box.  I'd had a CODELQ traffic shaper on my WAN and both OpenVPN WANs (to reduce buffer bloat).  I turned that off for both OpenVPN WANs (leaving just the WAN) and the problem went away.  With the Traffic Shaper on the OpenVPN WANs, running a speed test at: https://www.dslreports.com/speedtest invariably resulted in 100% use of one core until I restarted one or the other of my two OpenVPN clients.  Without the Shaper, no problem.

It's most likely not complaining about the name you showed, but one of the other fields like city/state/company. That said, most of the restrictions we've placed on cert content have been bunk and I've been correcting that on 2.4 (See https://redmine.pfsense.org/issues/7540 ) I pushed a fix for the wizard on 2.4 just now: https://redmine.pfsense.org/issues/7854

We then start over at 15:59:40 for the second test. This time we're apparently quick enough starting our client. It successfully connects and our local pfSense box reports its tunnel as up: Sep 12 15:59:41 firewall-a openvpn[14335]: Current Parameter Settings: Sep 12 15:59:41 firewall-a openvpn[14335]:  config = '/var/etc/openvpn/server6.conf' Sep 12 15:59:41 firewall-a openvpn[14335]:  mode = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  show_ciphers = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  show_digests = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  show_engines = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  genkey = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  key_pass_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  show_tls_ciphers = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]: Connection profiles [default]: Sep 12 15:59:41 firewall-a openvpn[14335]:  proto = tcp-server Sep 12 15:59:41 firewall-a openvpn[14335]:  local = '1.2.3.165' Sep 12 15:59:41 firewall-a openvpn[14335]:  local_port = 9999 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_port = 1194 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_float = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  bind_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  bind_local = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  connect_retry_seconds = 5 Sep 12 15:59:41 firewall-a openvpn[14335]:  connect_timeout = 10 Sep 12 15:59:41 firewall-a openvpn[14335]:  connect_retry_max = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  socks_proxy_server = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  socks_proxy_port = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  socks_proxy_retry = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tun_mtu = 1500 Sep 12 15:59:41 firewall-a openvpn[14335]:  tun_mtu_defined = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  link_mtu = 1500 Sep 12 15:59:41 firewall-a openvpn[14335]:  link_mtu_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tun_mtu_extra = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  tun_mtu_extra_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  mtu_discover_type = -1 Sep 12 15:59:41 firewall-a openvpn[14335]:  fragment = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  mssfix = 1450 Sep 12 15:59:41 firewall-a openvpn[14335]:  explicit_exit_notification = 0 Sep 12 15:59:41 firewall-a openvpn[14335]: Connection profiles END Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_random = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ipchange = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  dev = 'ovpns6' Sep 12 15:59:41 firewall-a openvpn[14335]:  dev_type = 'tun' Sep 12 15:59:41 firewall-a openvpn[14335]:  dev_node = '/dev/tun6' Sep 12 15:59:41 firewall-a openvpn[14335]:  lladdr = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  topology = 1 Sep 12 15:59:41 firewall-a openvpn[14335]:  tun_ipv6 = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_local = '1.2.6.1' Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_remote_netmask = '1.2.6.2' Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_noexec = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_nowarn = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_ipv6_local = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_ipv6_netbits = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_ipv6_remote = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  shaper = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  mtu_test = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  mlock = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  keepalive_ping = 10 Sep 12 15:59:41 firewall-a openvpn[14335]:  keepalive_timeout = 60 Sep 12 15:59:41 firewall-a openvpn[14335]:  inactivity_timeout = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ping_send_timeout = 10 Sep 12 15:59:41 firewall-a openvpn[14335]:  ping_rec_timeout = 60 Sep 12 15:59:41 firewall-a openvpn[14335]:  ping_rec_timeout_action = 2 Sep 12 15:59:41 firewall-a openvpn[14335]:  ping_timer_remote = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  remap_sigusr1 = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  persist_tun = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  persist_local_ip = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  persist_remote_ip = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  persist_key = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  passtos = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  resolve_retry_seconds = 1000000000 Sep 12 15:59:41 firewall-a openvpn[14335]:  username = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  groupname = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  chroot_dir = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  cd_dir = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  writepid = '/var/run/openvpn_server6.pid' Sep 12 15:59:41 firewall-a openvpn[14335]:  up_script = '/usr/local/sbin/ovpn-linkup' Sep 12 15:59:41 firewall-a openvpn[14335]:  down_script = '/usr/local/sbin/ovpn-linkdown' Sep 12 15:59:41 firewall-a openvpn[14335]:  down_pre = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  up_restart = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  up_delay = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  daemon = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  inetd = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  log = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  suppress_timestamps = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  nice = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  verbosity = 11 Sep 12 15:59:41 firewall-a openvpn[14335]:  mute = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  gremlin = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  status_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  status_file_version = 1 Sep 12 15:59:41 firewall-a openvpn[14335]:  status_file_update_freq = 60 Sep 12 15:59:41 firewall-a openvpn[14335]:  occ = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  rcvbuf = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  sndbuf = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  sockflags = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  fast_io = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  lzo = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  route_script = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  route_default_gateway = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  route_default_metric = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  route_noexec = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  route_delay = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  route_delay_window = 30 Sep 12 15:59:41 firewall-a openvpn[14335]:  route_delay_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  route_nopull = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  route_gateway_via_dhcp = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  max_routes = 100 Sep 12 15:59:41 firewall-a openvpn[14335]:  allow_pull_fqdn = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  route 1.2.100.0/255.255.255.0/default (not set)/default (not set) Sep 12 15:59:41 firewall-a openvpn[14335]:  route 1.2.150.0/255.255.255.0/default (not set)/default (not set) Sep 12 15:59:41 firewall-a openvpn[14335]:  management_addr = '/var/etc/openvpn/server6.sock' Sep 12 15:59:41 firewall-a openvpn[14335]:  management_port = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  management_user_pass = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  management_log_history_cache = 250 Sep 12 15:59:41 firewall-a openvpn[14335]:  management_echo_buffer_size = 100 Sep 12 15:59:41 firewall-a openvpn[14335]:  management_write_peer_info_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  management_client_user = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  management_client_group = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  management_flags = 256 Sep 12 15:59:41 firewall-a openvpn[14335]:  shared_secret_file = '/var/etc/openvpn/server6.secret' Sep 12 15:59:41 firewall-a openvpn[14335]:  key_direction = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ciphername_defined = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ciphername = 'AES-128-CBC' Sep 12 15:59:41 firewall-a openvpn[14335]:  authname_defined = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  authname = 'SHA1' Sep 12 15:59:41 firewall-a openvpn[14335]:  prng_hash = 'SHA1' Sep 12 15:59:41 firewall-a openvpn[14335]:  prng_nonce_secret_len = 16 Sep 12 15:59:41 firewall-a openvpn[14335]:  keysize = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  engine = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  replay = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  mute_replay_warnings = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  replay_window = 64 Sep 12 15:59:41 firewall-a openvpn[14335]:  replay_time = 15 Sep 12 15:59:41 firewall-a openvpn[14335]:  packet_id_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  use_iv = ENABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  test_crypto = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_server = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_client = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  key_method = 2 Sep 12 15:59:41 firewall-a openvpn[14335]:  ca_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  ca_path = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  dh_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  cert_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  extra_certs_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  priv_key_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  pkcs12_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  cipher_list = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_verify = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_export_cert = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  verify_x509_type = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  verify_x509_name = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  crl_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  ns_cert_type = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_ku[i] = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  remote_cert_eku = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  ssl_flags = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_timeout = 2 Sep 12 15:59:41 firewall-a openvpn[14335]:  renegotiate_bytes = -1 Sep 12 15:59:41 firewall-a openvpn[14335]:  renegotiate_packets = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  renegotiate_seconds = 3600 Sep 12 15:59:41 firewall-a openvpn[14335]:  handshake_window = 60 Sep 12 15:59:41 firewall-a openvpn[14335]:  transition_window = 3600 Sep 12 15:59:41 firewall-a openvpn[14335]:  single_session = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  push_peer_info = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_exit = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tls_auth_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  server_network = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  server_netmask = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  server_network_ipv6 = :: Sep 12 15:59:41 firewall-a openvpn[14335]:  server_netbits_ipv6 = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  server_bridge_ip = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  server_bridge_netmask = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  server_bridge_pool_start = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  server_bridge_pool_end = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_pool_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_pool_start = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_pool_end = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_pool_netmask = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_pool_persist_filename = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_pool_persist_refresh_freq = 600 Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_ipv6_pool_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_ipv6_pool_base = :: Sep 12 15:59:41 firewall-a openvpn[14335]:  ifconfig_ipv6_pool_netbits = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  n_bcast_buf = 256 Sep 12 15:59:41 firewall-a openvpn[14335]:  tcp_queue_limit = 64 Sep 12 15:59:41 firewall-a openvpn[14335]:  real_hash_size = 256 Sep 12 15:59:41 firewall-a openvpn[14335]:  virtual_hash_size = 256 Sep 12 15:59:41 firewall-a openvpn[14335]:  client_connect_script = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  learn_address_script = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  client_disconnect_script = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  client_config_dir = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  ccd_exclusive = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  tmp_dir = '/tmp' Sep 12 15:59:41 firewall-a openvpn[14335]:  push_ifconfig_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  push_ifconfig_local = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  push_ifconfig_remote_netmask = 0.0.0.0 Sep 12 15:59:41 firewall-a openvpn[14335]:  push_ifconfig_ipv6_defined = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  push_ifconfig_ipv6_local = ::/0 Sep 12 15:59:41 firewall-a openvpn[14335]:  push_ifconfig_ipv6_remote = :: Sep 12 15:59:41 firewall-a openvpn[14335]:  enable_c2c = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  duplicate_cn = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  cf_max = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  cf_per = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  max_clients = 1024 Sep 12 15:59:41 firewall-a openvpn[14335]:  max_routes_per_client = 256 Sep 12 15:59:41 firewall-a openvpn[14335]:  auth_user_pass_verify_script = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  auth_user_pass_verify_script_via_file = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  port_share_host = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]:  port_share_port = 0 Sep 12 15:59:41 firewall-a openvpn[14335]:  client = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  pull = DISABLED Sep 12 15:59:41 firewall-a openvpn[14335]:  auth_user_pass_file = '[UNDEF]' Sep 12 15:59:41 firewall-a openvpn[14335]: OpenVPN 2.3.17 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jun 26 2017 Sep 12 15:59:41 firewall-a openvpn[14335]: library versions: OpenSSL 1.0.1s-freebsd  1 Mar 2016, LZO 2.10 Sep 12 15:59:41 firewall-a openvpn[14455]: PO_INIT maxevents=1 flags=0x00000002 Sep 12 15:59:41 firewall-a openvpn[14455]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server6.sock Sep 12 15:59:41 firewall-a openvpn[14455]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 12 15:59:41 firewall-a openvpn[14455]: PO_INIT maxevents=4 flags=0x00000002 Sep 12 15:59:41 firewall-a openvpn[14455]: PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15 Sep 12 15:59:41 firewall-a openvpn[14455]: CRYPTO INFO: n_DES_cblocks=0 Sep 12 15:59:41 firewall-a openvpn[14455]: CRYPTO INFO: n_DES_cblocks=0 Sep 12 15:59:41 firewall-a openvpn[14455]: CRYPTO INFO: n_DES_cblocks=0 Sep 12 15:59:41 firewall-a openvpn[14455]: CRYPTO INFO: n_DES_cblocks=0 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Sep 12 15:59:41 firewall-a openvpn[14455]: Static Encrypt: CIPHER KEY: e420d656 378d6b84 65176453 86d540a2 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Encrypt: CIPHER block_size=16 iv_size=16 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 12 15:59:41 firewall-a openvpn[14455]: Static Encrypt: HMAC KEY: 78119039 173f93af 241760be 83b36c1d 6b97e4e5 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Encrypt: HMAC size=20 block_size=20 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Sep 12 15:59:41 firewall-a openvpn[14455]: Static Decrypt: CIPHER KEY: e420d656 378d6b84 65176453 86d540a2 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Decrypt: CIPHER block_size=16 iv_size=16 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sep 12 15:59:41 firewall-a openvpn[14455]: Static Decrypt: HMAC KEY: 78119039 173f93af 241760be 83b36c1d 6b97e4e5 Sep 12 15:59:41 firewall-a openvpn[14455]: Static Decrypt: HMAC size=20 block_size=20 Sep 12 15:59:41 firewall-a openvpn[14455]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 60 bytes Sep 12 15:59:41 firewall-a openvpn[14455]: MTU DYNAMIC mtu=1450, flags=2, 1562 -> 1450 Sep 12 15:59:41 firewall-a openvpn[14455]: Socket Buffers: R=[65228->65228] S=[65228->65228] Sep 12 15:59:41 firewall-a openvpn[14455]: ROUTE_GATEWAY 1.2.3.161 Sep 12 15:59:41 firewall-a openvpn[14455]: TUN/TAP device ovpns6 exists previously, keep at program end Sep 12 15:59:41 firewall-a openvpn[14455]: TUN/TAP device /dev/tun6 opened Sep 12 15:59:41 firewall-a openvpn[14455]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Sep 12 15:59:41 firewall-a openvpn[14455]: /sbin/ifconfig ovpns6 1.2.6.1 1.2.6.2 mtu 1500 netmask 255.255.255.255 up Sep 12 15:59:41 firewall-a openvpn[14455]: /usr/local/sbin/ovpn-linkup ovpns6 1500 1562 1.2.6.1 1.2.6.2 init Sep 12 15:59:41 firewall-a openvpn[14455]: /sbin/route add -net 1.2.100.0 1.2.6.2 255.255.255.0 Sep 12 15:59:41 firewall-a openvpn[14455]: /sbin/route add -net 1.2.150.0 1.2.6.2 255.255.255.0 Sep 12 15:59:41 firewall-a openvpn[14455]: Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:12 ET:0 EL:3 ] Sep 12 15:59:41 firewall-a openvpn[14455]: Local Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto TCPv4_SERVER,ifconfig 1.2.6.2 1.2.6.1,cipher AES-128-CBC,auth SHA1,keysize 128,secret' Sep 12 15:59:41 firewall-a openvpn[14455]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto TCPv4_CLIENT,ifconfig 1.2.6.1 1.2.6.2,cipher AES-128-CBC,auth SHA1,keysize 128,secret' Sep 12 15:59:41 firewall-a openvpn[14455]: Local Options hash (VER=V4): '2f3bf1f5' Sep 12 15:59:41 firewall-a openvpn[14455]: Expected Remote Options hash (VER=V4): '83d4ce6c' Sep 12 15:59:41 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:41 firewall-a openvpn[14455]: STREAM: INIT maxlen=1565 Sep 12 15:59:41 firewall-a openvpn[14455]: Listening for incoming TCP connection on [AF_INET]1.2.3.165:9999 Sep 12 15:59:41 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00000000 Sep 12 15:59:42 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00000000 Sep 12 15:59:43 firewall-a openvpn[14455]: TCP connection established with [AF_INET]1.2.29.39:1385 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER link local (bound): [AF_INET]1.2.3.165:9999 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER link remote: [AF_INET]1.2.29.39:1385 Sep 12 15:59:43 firewall-a openvpn[14455]: ENCRYPT IV: 0b7c4592 2e1f4e37 ee5a8030 00ff43f4 Sep 12 15:59:43 firewall-a openvpn[14455]: ENCRYPT FROM: 00000001 59b7e84f 2a187bf3 641eb4cb 07ed2d0a 981fc748 Sep 12 15:59:43 firewall-a openvpn[14455]: ENCRYPT TO: 0b7c4592 2e1f4e37 ee5a8030 00ff43f4 91a9f80c 2649c1de ef40f284 15a1132[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: SENT PING Sep 12 15:59:43 firewall-a openvpn[14455]: TIMER: coarse timer wakeup 1 seconds Sep 12 15:59:43 firewall-a openvpn[14455]: RANDOM USEC=41414 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0003 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT Tr|Tw|SR|SW [1/41414] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_WAIT[0,0] fd=12 rev=0x00000004 rwflags=0x0002 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0002 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER WRITE [68] to [AF_INET]1.2.29.39:1385:  DATA f5814407 74d10a5f 5ccef705 7ab3bba6 f50567ad 0b7c4592 2e1f4e37 ee5a803[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: WRITE 68 offset=44 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER write returned 70 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [1/41414] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_WAIT[0,0] fd=12 rev=0x00000001 rwflags=0x0001 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0001 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: GET NEXT len=1565 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD length_added=70 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD returned TRUE, buf_len=68, residual_len=0 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: GET FINAL len=68 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER read returned 68 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER READ [68] from [AF_INET]1.2.29.39:1385:  DATA 7622899a 9e8cfbb0 84337fd2 aba9f10b 1d538274 3de23459 87db2d50 0f750be[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT IV: 3de23459 87db2d50 0f750be6 a44de136 Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT TO: 00000001 59b7e84f 2a187bf3 641eb4cb 07ed2d0a 981fc748 Sep 12 15:59:43 firewall-a openvpn[14455]: PID_TEST [0] [STATIC-0] [] 0:0 1505224783:1 t=1505224783[0] r=[0,0,0,0,1] Sep 12 15:59:43 firewall-a openvpn[14455]: Peer Connection Initiated with [AF_INET]1.2.29.39:1385 Sep 12 15:59:43 firewall-a openvpn[14455]: RECEIVED PING PACKET Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [1/41414] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_WAIT[0,0] fd=12 rev=0x00000001 rwflags=0x0001 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0001 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: GET NEXT len=1565 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD length_added=418 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD returned TRUE, buf_len=148, residual_len=268 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: GET FINAL len=148 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER read returned 148 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER READ [148] from [AF_INET]1.2.29.39:1385:  DATA e2b8b2b9 84ec9653 77241d65 7a65ad39 df6b986b 2a65c5c5 1fc346e9 1a061c2[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT IV: 2a65c5c5 1fc346e9 1a061c27 37350e4f Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT TO: 00000002 59b7e84f 60000000 00380001 00000000 00000000 00000000 0000000[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: PID_TEST [0] [STATIC-0] [] 1505224783:1 1505224783:2 t=1505224783[0] r=[0,0,0,0,1] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0003 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT TR|TW|Sr|Sw [1/41414] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_WAIT[1,0] fd=9 rev=0x00000004 rwflags=0x0002 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0008 Sep 12 15:59:43 firewall-a openvpn[14455]: TUN WRITE [96] Sep 12 15:59:43 firewall-a openvpn[14455]:  write to TUN/TAP returned 96 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD length_added=0 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD returned TRUE, buf_len=132, residual_len=134 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: RESIDUAL FULLY FORMED [YES], len=134 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0001 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: GET FINAL len=132 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER read returned 132 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER READ [132] from [AF_INET]1.2.29.39:1385:  DATA 2b5aaa94 6cd2016d 1caac234 2e9df4bc 80e7250d 87f8781b 2d1448dc d7777c0[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT IV: 87f8781b 2d1448dc d7777c03 55798b08 Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT TO: 00000003 59b7e84f 60000000 00240001 00000000 00000000 00000000 0000000[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: PID_TEST [0] [STATIC-0] [] 1505224783:2 1505224783:3 t=1505224783[0] r=[0,0,0,0,1] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0003 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT TR|TW|Sr|Sw [1/41414] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_WAIT[1,0] fd=9 rev=0x00000004 rwflags=0x0002 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0008 Sep 12 15:59:43 firewall-a openvpn[14455]: TUN WRITE [76] Sep 12 15:59:43 firewall-a openvpn[14455]:  write to TUN/TAP returned 76 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD length_added=0 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: ADD returned TRUE, buf_len=132, residual_len=0 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: RESIDUAL FULLY FORMED [YES], len=0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0001 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: GET FINAL len=132 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER read returned 132 Sep 12 15:59:43 firewall-a openvpn[14455]: TCPv4_SERVER READ [132] from [AF_INET]1.2.29.39:1385:  DATA 4720e8a9 88804174 ebdab9af d2a97645 7a32f116 75033846 3d65e6e2 be768e7[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT IV: 75033846 3d65e6e2 be768e78 7120e868 Sep 12 15:59:43 firewall-a openvpn[14455]: DECRYPT TO: 00000004 59b7e84f 60000000 00203aff 00000000 00000000 00000000 0000000[more...] Sep 12 15:59:43 firewall-a openvpn[14455]: PID_TEST [0] [STATIC-0] [] 1505224783:3 1505224783:4 t=1505224783[0] r=[0,0,0,0,1] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0003 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT TR|TW|Sr|Sw [1/41414] Sep 12 15:59:43 firewall-a openvpn[14455]: PO_WAIT[1,0] fd=9 rev=0x00000004 rwflags=0x0002 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT status=0x0008 Sep 12 15:59:43 firewall-a openvpn[14455]: TUN WRITE [72] Sep 12 15:59:43 firewall-a openvpn[14455]:  write to TUN/TAP returned 72 Sep 12 15:59:43 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:43 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:43 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [1/41414] Sep 12 15:59:44 firewall-a openvpn[14455]: PO_WAIT[0,0] fd=12 rev=0x00000001 rwflags=0x0001 arg=0x00694dd0 Sep 12 15:59:44 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:44 firewall-a openvpn[14455]: I/O WAIT status=0x0001 Sep 12 15:59:44 firewall-a openvpn[14455]: STREAM: GET NEXT len=1565 Sep 12 15:59:44 firewall-a openvpn[14455]: STREAM: ADD length_added=134 Sep 12 15:59:44 firewall-a openvpn[14455]: STREAM: ADD returned TRUE, buf_len=132, residual_len=0 Sep 12 15:59:44 firewall-a openvpn[14455]: STREAM: GET FINAL len=132 Sep 12 15:59:44 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:44 firewall-a openvpn[14455]: TCPv4_SERVER read returned 132 Sep 12 15:59:44 firewall-a openvpn[14455]: TCPv4_SERVER READ [132] from [AF_INET]1.2.29.39:1385:  DATA b61e9648 50d57e18 4f47f110 d47f23f7 3834263d 8e941fa8 7e3db4cc f88b939[more...] Sep 12 15:59:44 firewall-a openvpn[14455]: DECRYPT IV: 8e941fa8 7e3db4cc f88b9393 e33d0a76 Sep 12 15:59:44 firewall-a openvpn[14455]: DECRYPT TO: 00000005 59b7e84f 60000000 00240001 00000000 00000000 00000000 0000000[more...] Sep 12 15:59:44 firewall-a openvpn[14455]: PID_TEST [0] [STATIC-0] [] 1505224783:4 1505224783:5 t=1505224784[0] r=[-1,0,0,0,1] Sep 12 15:59:44 firewall-a openvpn[14455]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sep 12 15:59:44 firewall-a openvpn[14455]: Initialization Sequence Completed Sep 12 15:59:44 firewall-a openvpn[14455]: TIMER: coarse timer wakeup 1 seconds Sep 12 15:59:44 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:44 firewall-a openvpn[14455]: PO_CTL rwflags=0x0003 ev=9 arg=0x00693c34 Sep 12 15:59:44 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:44 firewall-a openvpn[14455]: I/O WAIT TR|TW|Sr|Sw [1/41414] Sep 12 15:59:44 firewall-a openvpn[14455]: PO_WAIT[1,0] fd=9 rev=0x00000004 rwflags=0x0002 arg=0x00693c34 Sep 12 15:59:44 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:44 firewall-a openvpn[14455]: I/O WAIT status=0x0008 Sep 12 15:59:44 firewall-a openvpn[14455]: TUN WRITE [76] Sep 12 15:59:44 firewall-a openvpn[14455]:  write to TUN/TAP returned 76 Sep 12 15:59:44 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:44 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:44 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:44 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:44 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [1/41414] Sep 12 15:59:45 firewall-a openvpn[14455]:  event_wait returned 0 Sep 12 15:59:45 firewall-a openvpn[14455]: I/O WAIT status=0x0020 Sep 12 15:59:45 firewall-a openvpn[14455]: TIMER: coarse timer wakeup 8 seconds Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:45 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [8/41414] Sep 12 15:59:45 firewall-a openvpn[14455]: PO_WAIT[0,0] fd=12 rev=0x00000001 rwflags=0x0001 arg=0x00694dd0 Sep 12 15:59:45 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:45 firewall-a openvpn[14455]: I/O WAIT status=0x0001 Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: GET NEXT len=1565 Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: ADD length_added=150 Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: ADD returned TRUE, buf_len=148, residual_len=0 Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: GET FINAL len=148 Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: RESET Sep 12 15:59:45 firewall-a openvpn[14455]: TCPv4_SERVER read returned 148 Sep 12 15:59:45 firewall-a openvpn[14455]: TCPv4_SERVER READ [148] from [AF_INET]1.2.29.39:1385:  DATA 4cf153e5 f8241dfd f478aef7 e9021550 888d8fd8 32741c66 e6886c97 98f156b[more...] Sep 12 15:59:45 firewall-a openvpn[14455]: DECRYPT IV: 32741c66 e6886c97 98f156b5 eb44ec96 Sep 12 15:59:45 firewall-a openvpn[14455]: DECRYPT TO: 00000006 59b7e84f 60000000 00380001 fe800000 00000000 023018ff fec7399[more...] Sep 12 15:59:45 firewall-a openvpn[14455]: PID_TEST [0] [STATIC-0] [] 1505224783:5 1505224783:6 t=1505224785[0] r=[-2,0,0,0,1] Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0000 ev=12 arg=0x00694dd0 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0003 ev=9 arg=0x00693c34 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:45 firewall-a openvpn[14455]: I/O WAIT TR|TW|Sr|Sw [8/41414] Sep 12 15:59:45 firewall-a openvpn[14455]: PO_WAIT[1,0] fd=9 rev=0x00000004 rwflags=0x0002 arg=0x00693c34 Sep 12 15:59:45 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:45 firewall-a openvpn[14455]: I/O WAIT status=0x0008 Sep 12 15:59:45 firewall-a openvpn[14455]: TUN WRITE [96] Sep 12 15:59:45 firewall-a openvpn[14455]:  write to TUN/TAP returned 96 Sep 12 15:59:45 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:45 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:45 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [8/41414] Sep 12 15:59:46 firewall-a openvpn[14455]: PO_WAIT[2,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT status=0x0040 Sep 12 15:59:46 firewall-a openvpn[14455]: MANAGEMENT: Client connected from /var/etc/openvpn/server6.sock Sep 12 15:59:46 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=8 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [7/41414] Sep 12 15:59:46 firewall-a openvpn[14455]: PO_WAIT[2,0] fd=8 rev=0x00000001 rwflags=0x0001 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT status=0x0040 Sep 12 15:59:46 firewall-a openvpn[14455]: MANAGEMENT: CMD 'state 1' Sep 12 15:59:46 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=8 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [7/41414] Sep 12 15:59:46 firewall-a openvpn[14455]: PO_WAIT[2,0] fd=8 rev=0x00000001 rwflags=0x0001 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT status=0x0040 Sep 12 15:59:46 firewall-a openvpn[14455]: MANAGEMENT: CMD 'status 2' Sep 12 15:59:46 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=8 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [7/41414] Sep 12 15:59:46 firewall-a openvpn[14455]: PO_WAIT[2,0] fd=8 rev=0x00000011 rwflags=0x0001 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]:  event_wait returned 1 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT status=0x0040 Sep 12 15:59:46 firewall-a openvpn[14455]: MANAGEMENT: Client disconnected Sep 12 15:59:46 firewall-a openvpn[14455]: STREAM: SET NEXT, buf=[80,0] next=[80,1565] len=-1 maxlen=1565 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=12 arg=0x00694dd0 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=9 arg=0x00693c34 Sep 12 15:59:46 firewall-a openvpn[14455]: PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Sep 12 15:59:46 firewall-a openvpn[14455]: I/O WAIT TR|Tw|SR|Sw [7/41414][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]

@pilot007: when im in server side, i can access pfsense in browser but i cannot ping any devices in cliente side. Because your cliente side devices doesn't know how or where to return packets from your server network (10.36.1.0/24). OR give them static route to server network through your ''client'' device (and make sure it will route them) OR make pfsense at client side as default router for your client devices

Tried with no remote networks in remote site field, tunnel came up but nothing being pushed.  Changed mode from TUN to TAP on both ends, that did not work either.  Tried multiple entries with the help of the OpenVPN documentation, which causes pfSense to generate an error if metric is entered in remote networks field.  Also tried setting metric in Custom Options based on the same documentation. Apparently, from the OVPN docs, you can do what I am trying to achieve, it just seems that pfSense is preventing me from making those settings: _–route network/IP [netmask] [gateway] [metric] Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close. This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space. netmask default – 255.255.255.255 gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified. metric default -- taken from --route-metric otherwise 0._

The attached indicates he has no concept of what the firewall rules on an OpenVPN interface actually do. What he is telling you to do is pass any connection that ARRIVES into that OpenVPN circuit into your firewall. The exact opposite should be done. An OpenVPN client to a provider such as PIA should be treated as a WAN, with only specific traffic passed inbound. If you can receive port-forwarded connections at all. Nice of him to promote my NO_WAN_EGRESS technique, though. It's the only way to be sure.  

I got it sorted. I setup the wrong vpn type (SSL instead of shared key). Now it works fine

Looks like several balls were dropped during the setup. This is helpful, guys. I appreciate your responses. The customer is obviously due for a pfSense/OpenVPN upgrade so I can get it set up correctly while I'm in there. Thanks again for your help!

The VPN tunnel network must not be a part of another network assigned to pfSense. Yours is a part of LAN! So change your tunnel subnet to an unused network.