Perhaps a gentle reminder to the OP: Some might find it helpful if you were to update the original message title to include "[Solved]". I know this gets missed, often the OP never comes back to check the forum (all their problems are solved after all) but I find it worth repeating from time to time.

Well then he should be using 10/8 ;)

well from that trace looks like pfsense is sending it out its wan vs going down the tunnel. Hmmmmmm OP: Can you post your OpenVPN configs for the Server and the Client?

Amazingly, reading the docs helps… https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory#On_the_Active_Directory_domain_controller

:) will do…get stuck in this more is better frame of mind..will drive me crazy

https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

Hello, I apologize for interfere with this topic. I have a similar problem, just that I'm on a PPoE connection. I found an workaround to reconnect the connection automatically, but OpenVPN it's not detecting my connection and try to reconnect. Do you know any workarounds for PPoE connections? Thank you in advance!

I allow to set up the "defalut" routes by OpenVPN and polls a.e. 8.8.8.8 to check, if the tunnel is up. So, I don't need the gateway IP to monitor. Thomas

OP, first, you don't need to black out reserved addresses, they're not routed anyway. I'm glad you got it working, but if you have access to the server end, adding a route your LAN subnet would've solved your issue also. With your current setup, while it works, the server end loses the ability to isolate connections coming from your network.  If that's not a concern from either side, then I guess you're good.

OP, can you share with us why you went with a bridged solution to begin with?

Thank you. I just didn't quite understand it, and that's exactly what I was looking for. Very much appreciated.

Hi jimp, these steps aren't working for me. I have a very tiny change to the above problem in that I have an SG-2220, so only 1 LAN port. I made a new interface for a VLAN and set that vlan as the mirror interface for the VPN, but I'm not seeing any traffic. Do you think maybe something is simply dropping the VLAN packets because they have no destination? Or are there any extra steps to span to a vlan? EDIT: Some people might want to see https://forum.pfsense.org/index.php?topic=49930.0 - this solved my issue with VPN suddenly not working anymore after assigning the interface. Another day saver by jimp! I think maybe there is an issue with the bridging. When I run tcpdump -nAi ovpns1 host 192.168.40.60 I see all my phone's traffic. When I run tcpdump -nAi igb1_vlan8 host 192.168.40.60 I see nothing. Would this indicate I totally broke something? I have: VPN -> ovpns1 (VPN Name) as an enabled interface, VPNSPAN -> VLAN8 on igb1 (VPN Span) as an enabled interface, and BRIDGE0 (Members: VPN)

Yeah you usually have to do some work to NAT OpenVPN clients.  Especially if they're not going out a WAN port. You want to look in Firewall > NAT, Outbound tab for any entries with LAN as the interface.

The Log on client is just saying, restarting process. The Log on the firewall says CMD Status and Client disconnected.. Had it setup this way before and didn't change anything to the port 443 so don't know what else should now use it after upgrade?! Also already tried another port 4433, isn't working either. I didn't do anything just upgrading to 2.2.4 and after reboot no more connections were possible. best regards.

Thank you very much, for your answers. I have to open a new post though, as my windwos firewall is turned off (details in new post), VPN connection seems stable, allow all rule is set under OpenVPN, but i cannot ping or otherwise reach a client in my target network. Best regards, Mister IX.

Could someone please provide any information as to what they think I am missing?  I do think it's a very simple mistake and I am missing something trivial.

Hi jimp, You where right. I issued the client certificate while it had to be the server certificate. It is working now. Many thanks, Sebastiaan.