@nirmalts the monitor ip is the VPN_WAN gateway of each VPN client but when I didn't check "Don't pull routes" I was suffering packet-loss. VPN2_WAN without the "Don't pull routes" RTT is 8.1ms and I use it as the default route (0.0.0.0), using it for dns over vpn with the internal vpn dns ip.

@striker-pl said in Why am I seeing OpenVPN twice?: Interesting. I don't see it listed under "Interface Groups". No, it's not displayed there. However, it is an interface group. So also consider that rules on the OpenVPN tab are applied as well if any and the group rules have priority over these on the interface tab according to the Firewall Rule Processing Order.

Just another quick funny thing that's happening ... now when I connect to the tun server on 1194, I get a stream of "packet rejected" messages from 1195. It still works though.

I just tried your suggestions and I'm still having the same issue with getting traffic to go through PIA. To troubleshoot I stopped the VPN service from running, set up the NAT rules and then started the service after enabling forwarding under DNS resolver. No luck was had on my end.

@jontabaco dont know why but the supposed fix only worked for one day and nothing ive tried has resolved my remote ip from showing

The documentation seems to be pointing out that it doesnt really matter if it is chosen or not openVPN will automatically detect AES-NI and use it, if available, right? Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine. https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerator-support.html

Ok, found another post on Google that pointed out the issue. Had to choose Remote SSL and note Site To Site... My next question: How can I advertise Client’s LAN to the server? So I can ping devices from the server-side. According this this website, I need to add this to the servers config: https://medium.com/@bjammal/site-to-site-vpn-on-a-single-host-using-openvpn-e9c5cdb22f92 cd /etc/openvpn mkdir ccd cd ccd touch client echo “iroute 192.168.40.128 255.255.255.248” > client client-config-dir ccd route 192.168.40.128 255.255.255.248

@johnpoz I really don't know why some companies do certain things and sometimes I wonder if they do. However, as I said, Rogers is not alone in this, but it is a good idea. I recall people I know complaining how their ADSL address would change, right in the middle of them doing something. I get the impression some ISPs are nasty. I discovered this feature at least 15 years ago. Of course, when I change hardware, I have to update the DNS alias. I'm not certain what will happen with my IPv6 host names, as I haven't changed any hardware in the 4 years I've been getting IPv6 from my ISP. I'm assuming the DUID will keep the prefix from changing.

Hi! Issue was resolved now. OpenVPN Client Export package 1.4.23 has been release: [image: 1589000836111-ae8f39e5-de52-4ae0-8fb4-0754b45b0e8d-image.png] Already updated on my pfSense box. UDP4 no more, its just UDP now: [image: 1589000814348-34b392dc-632e-4220-8b03-1667d9a4b54d-image.png] Thank you so much to those who work-out the fix on this bug. Cheers!

OK, I see the logic. Thanks.

Yeah that is just gibberish..

@Gertjan I managed to talk the client into agreeing to remove the router. So everything is working fine. Thank you again for all your help.

Yes, the log should show what's happening there. OpenVPN is not running so it's probably got some setting that prevents it starting. A subnet conflict of somekind would be my first guess. Steve

Anyone knows about this?

@marvosa I have currently got a bt smart hub with complete wifi discs. The modem/router gives me the option of 192.168.x.x or 172.16.x.x as ip addresses and for 172.16.x.x gives the router up as 172.16.0.1.it has dhcp which has already assigned devices 172.16.x.x addresses. I will be turning the firewall and dhcp off on this and switching it out for a DM200 modem and adding wireless access points. I just want to make sure now before I implement the pfsense into the live network that it will work OK. I am planning but am not 100% sure if I'm planning the right things. I hope so! I need to get it working and for it to not bugger up the WiFi on our mobiles and other WiFi devices or I'll get it in the neck from the wife if pfsense starts blocking everything ‍️