Sorry, yes they do. The pfsense at the house is virtualized on a hyper-v box. Pfsense at condo is an Alix board.

Were you able to figure this out? I am battling this issue as well

Hi, I think you need to add option 66 to your home DHCP Server. So when your IP Phone boot he can find the PBX IP / hostname via option 66. Regards

Phil, Thanks for the reply. I found something in the meantime that worked. I was able to SFTP in using root for the username, and just copy the 2 files to /etc I needed to get OpenVPN working again.

If you use the HMA software what speed can you achieve ? I am interested in this myself as I will be upgrading to fibre soon and I use HMA myself.

You might want to look at this. https://forum.pfsense.org/index.php?topic=32429.0 Could look at implementing this myself soon. Ricky

Thanks for replying Phil. You where right about the Failover being the problem. I raised a support ticket and Jim advised adding the following rule before the failover. [image: rupo.png] I also changed my Tunnel network to /30 on advice. Ricky

@KOM: You're using the 2.1 release? Yes I am. Here's just a screenshot before I edit the settings (Please note that I can connect, but my traffic doesn't get routed to my LAN and thus I can't browse the web) And a screenshot after I edit it without changing anything. And the screenshots of the actual script, which works when I enter it manually… [image: before.png] [image: before.png_thumb]     [image: after.png] [image: after.png_thumb]

That's a good point.  I left that out.  I am setting up DDNS as well.  =)

You need your LAN rules the other way around. Rules are matched from the top down, first match wins, so all your traffic will be matched by the "Default allow LAN to any rule". None of it will get to "LAN thru ExpressVPN" - put "LAN thru ExpressVPN" above "Default allow LAN to any rule". On WAN and EXPRESSVPN rule tabs you should not need any pass rules - unless you have a public server or similar, you do not want to allow incoming connections from the big wide internet. Traffic initiated from you (on LAN) is passed by your LAN rules and pfSense recognizes and passes the data flowing back in the reverse direction for that.

The private LAN that the client happens to be on needs to have a different subnet from the remote LANs it needs to reach. Because the client does need to talk locally to at least its default gateway to actually send the encrypted OpenVPN packets through real networks from itself to the server on pfSense. Yes, change your LAN to some more obscure private subnet.

Did you get this working? With what you describe, this sort of road warrior config "just works". "Default allow LAN to any rule" is fine. If you have any policy-routing rules on LAN that push traffic into a particular gateway then that can interfere with the ordinary routing back to the OpenVPN client. Do packet captures on OpenVPN and LAN to see where packets actually get to.

Hi kallii. I am not sure I fully understand what you are asking me to do… But it sounds like you are saying to setup a route FROM the VPN interface to the server... So, example would be... Site A:     External IP: 60.50.40.30 & 60.50.40.31 & 60.50.40.32 (Have 3 External IP Addresses)     Internal IP: 10.40.163.XXX     Tunnel Network: 192.168.2.0 Site B:     External IP: 80.70.60.40     Internal IP: 10.40.162.XXX     Tunnel Network: 192.168.2.0 Then I would create a forward from 162.168.2.XX to 10.40.162.XXX right? But, lets say I want 2 servers on the VPN Client side...     If you go to http://60.50.40.30 I want it to point to 10.40.162.10     If you go to http://60.50.40.31 I want it to point to 10.40.162.11 Is this possible? Thanks!