That is because you already have that route in the routing table from your other connection. #notabug Diagnostics > Routes

I was able to resolve the problem! There was some weirdness going on because I had set up the machine on an internal network. johnpoz was right, in that the problem was in the routing table of the internal machine. Once I fixed the internal machine to use the firewall as a gateway, I was able to VPN to it from the external machine.

You don't have to use the OpenVPN installer that comes from the export package if you don't trust it. You can instead download the installer directly from the OpenVPN site: https://openvpn.net/index.php/download/community-downloads.html

@viragomann: Ping uses the ICMP protocol, so you have to add an additional rule where you allow that. Thank you was a NAT issue which we got resolved now. thank you for your answer

I am experiencing the same problem. I have my pfSense box connected to StrongVPN and I see this in the logs: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1562' WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic' When I put tun-mtu 1500 in the Custom Options, like you the warning changes.

So these new devices are pointing to pfsense as their gateway? Do they have host firewalls on them that could be blocking your tunnel network.. Why you should think its pfsense preventing access to devices on a network it allows access to seems a grasping at straws sort of thing without even basic troubleshooting.  Do you filter your vpn traffic to allow only access to specific IPs?  If not pfsense has nothing to do with the problem. Does pfsense have the mac address of these new devices in its arp table.  Can pfsense ping these devices from its interface in the 10.1.0.0/24 network?

@kip: I just need a new OS on the system. ??? Whatever you mean by that.

Are you pulling default routes from your vpn server your running.. Then yeah it would route all traffic through your vpn.. If you want your dmz machines to use the tunnel and your other machines to use your that is basic policy routing.. Just send the dmz or any IP you want out your gateway you created for the vpn connection.  Let your other clients just the normal routing of pfsense which should send it out your wan, etc.

A quick update on this. I disabled my new config and created a new one from scratch. This time it works the way i want to. I have no idee what happend with the old one…

Maybe it's a Client Config error. Double check TLS Key is correct on your Desktop.

If you want to do multiple sites on the same server there are additional considerations that usually require CSOs. And you must use SSL/TLS mode with a tunnel network larget than /30.

Just to follow up, I was able to get rid of this error, but disabling the 1:1 NAT mapping.

Sty make sure you don't have "redirect-gateway def1" in your advanced configuration for the PIA VPN.  That will override all of your policy based routing and send all traffic through the VPN by setting your default gateway to the VPN.

Figured I'd post my results from tonight… SG-4860 w/ 4 tunnels in a load-balanced gw group spread across 2 WANs. NordVPN. 256k buffer, comp-lzo, fast-io + RDRAND. Was able to sustain 250Mbit/s with CPU load between 9-12% Pretty happy with this, but will continue striving for higher highs. [image: UJ0hCf7.png]

Dude a mask of 255.0.0.0 means that 10.anything is the same network.. 10.13.11.100 is the same network as 10.12.10 So a client on 10.13.11.100 that gets traffic from something say 10.12.10.14 would just say oh hey buddy nice to talk to you.. Here is my answer.. it would NOT send it to its gateway because its the same network…  Fix your mask to be 24 bit and your problem will go away.

Thanks! Windows firewall…  Should have guessed.. Now ping and Windows remote desktop from VPN client to LAN is working  :)