No there were not. I have deleted everything related to the RoadWarrior Server now and recreated it with another cipher, but same settings/TunnelNetwork/Buffer/Rules. It seems to work now. Could it be that pfSense sometimes doesn't activate rules unless you recreate them? It felt like that, though I dont really know why it didn't work and now works.

changed my working split tunnel... turned on "Force all client-generated IPv4 traffic through the tunnel." and no web traffic traffic to LAN works but nothing webwise

@marvosa said in Side effect of OpenVPN: Per the "redirect-gateway def1" option in your config, all of your traffic is being routed over the tunnel when it's enabled. It appears that you are right, many thanks! After replacing "redirect-gateway def1" with "route-nopull" the games stopped misbehaving while VPN-enabling rules (based on IP) still work. I'll do a bit more testing but it looks like your advice was spot on. Thanks a million! It appears that IRC "redirect-gateway def1" option changes the default gateway to VPN while pfSense still reports non-VPN gateway as default - this is quite confusing.

Here's the CA config: [image: 1552493751078-e723bfb8-e9c0-455c-b3f2-942ac30cbce9-image-resized.png] Here's the certs: [image: 1552493855358-cd999b63-9e85-42db-a14d-f155fc22a745-image-resized.png] OpenVPN config: [image: 1552493956713-a5e29c1c-0640-48a7-8874-ca2fd4c6e2c5-image-resized.png] [image: 1552493985854-7f24c244-8bd3-4323-a500-6c0f5b254e1a-image-resized.png] [image: 1552494016489-7ed90863-b4a5-4516-875f-93e93ef73ff7-image-resized.png] [image: 1552494045078-88cce4ac-b899-44d2-8e47-7dd7bcbe02de-image-resized.png] [image: 1552494073960-4bd514f7-62ee-44b7-9652-7b60bac57014-image-resized.png] [image: 1552494107068-1ba37b41-5a6d-4dac-9264-25713bf576fb-image-resized.png] Interface assignment: [image: 1552494377283-d1724e7c-e13d-4605-89ab-a87cb53f3958-image-resized.png] Gateway config: [image: 1552494448317-69bb04c3-c843-4da1-b2d8-4b3da3a73a76-image-resized.png] Firewall rules for RW_VPN: [image: 1552494510672-b15e4d2f-5a59-491d-ad31-5f888e56020a-image-resized.png] Even added this for the OpenVPN just in case: [image: 1552494546555-79c2b5fa-f6f7-4b75-a74b-eaab0eac7601-image-resized.png] Firewall rules for WAN: [image: 1552494654870-6b8c3780-63e9-4646-b2be-ab778336fc30-image-resized.png] Added the RW_VPN interface to DNS resolver: [image: 1552494748902-569abb4c-ae5a-4199-91a1-33590902ac89-image-resized.png] Added outbound NAT for the new VLAN: [image: 1552494882670-82fe6e41-9301-4c3d-855d-0f81161919dc-image-resized.png] Updated my aliases: [image: 1552495004938-0d745260-6d3e-44f8-93c7-6b6c89a09fc7-image-resized.png] Client Export Config: [image: 1552495080963-fac4b5ef-81fa-4216-9d4a-59ab4308f8ef-image-resized.png] [image: 1552495123399-9c5770e1-1bad-46b1-8b36-65ac0e93f61a-image-resized.png] The OpenVPN client log shows: [image: 1552495341773-52ae1f7a-2645-4728-9763-92fc7c2ae833-image-resized.png] The logs in the pfSense GUI show: [image: 1552495410910-94aa4c2d-c508-4f30-9d90-8e6b8d52f4f0-image-resized.png] The log file shows the same thing: Mar 13 12:40:12 pfSense openvpn[5481]: 205.128.239.51:20640 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 13 12:40:12 pfSense openvpn[5481]: 205.128.239.51:20640 TLS Error: TLS handshake failed Mar 13 12:41:16 pfSense openvpn[5481]: 205.128.239.51:25518 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mar 13 12:41:16 pfSense openvpn[5481]: 205.128.239.51:25518 TLS Error: TLS handshake failed I'm going to guess to get some more verbose logs I need to change the Verbosity level to 5 or higher?

Cool, glad you got it working. Steve

Hello. Thank you very much. Let me see if I got it right.. The forum is blocked because i am redirecting all my traffic viabAirVPN and i should create a bypass rule? If that's the thing, how I do that? I was able to setup my system following guides butnI might lack a lot of theory... About advanced networking i am a newbie. Thank you

Glad you have it working now. -Rico

It works!! I think the error was the public IP, thank you !!!!

There is no limit for mesh or star. With lots of sites and traffic you just need beefy hardware. -Rico

Thank you very much for your help. I had to leave the office now...I will retry it on Monday and let you know. Thank you very, very much!

@johnpoz 1 - When I've tried in my LAN the latency is 1ms. In my land (switzerland) you have never ever more that 20ms. (if you have a fiber connection it's about 1 - 8ms). Now the thing is ... even if SMB is designed for LAN, I've a throughput of 8Mb... even when I'm streaming films from my server. So when I and a couple of friends are looking a stream at the very same moment.. that's fullfilled. I don't expect to have 1Gbps over VPN... but from 1Gbps to 8mb/s... it's a lot.

SOLVED thanks to another thread on this forum ..it was actually the VPN client configuration in that I had to check "Dont Pull Routes" which did the trick. Thank you!!

Ok, yeah. So if you add a pass all rule on the OpenVPN tab it will break traffic coming from location two across the load-balanced OpenVPN pair. You need to either assign the remote access OpenVPN server and add the rules on the new interface tab created. Or add rules on the OpenVPN tab that catch only the remote access users by specifying the source subnet. Steve

https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html -Rico

Assuming you have rules to allow it, login to the sever gui and check the OpenVPN tab in the firewall rules. Or the assigned interface tab if you have assigned the OpenVPN server as an interface. Steve

@trazom ???? The same way as you configured it. Fire up a browser and connect to pfSense. They're under Firewall > Rules.