If they are different interfaces and not switch ports - then no there is no way to put them on the same network without bridging them. But the only reason you need for them to be on the same network is broadcast traffic.. They could be on different networks and still access everything on the other network. Just create any any rules. Do these devices use some broadcast/multicast discovery or protocol that is required that they are required to be on the same network.. If want to leverage your ports for individual devices - ok... But why do you need to bridge them.. Just use 192.168.1/24 on 1 and 192.168.2/24 on 2.. And use an any any rule - there you go these devices can talk to each other for anything other than broadcast traffic. Bridge is only going to complex up the config, and more overhead for what? Are you doing something that requires broadcast to work? Then get a switch... Really the only time it makes sense to leverage a bridge is media conversion... Or I had something that required the devices to be in the same broadcast domain, ie the same L2 network.. But I also wanted to be able to firewall between them for some stuff. In that case you would use a bridge (transparent firewall) and be able to do such a thing. But just wanting to leverage the ports on your pfsense box.. I don't see the point of trying to bridge them?

@viragomann Thank you Sir. The redirect IPv4 Gateway option in PfSense OPENVPN did the trick.

@bp81 I'm distributing the "Client Export set of files" in a password protected zip file. /Bingo

@viragomann Thanks for replying. I created a new CA and generate new client configuration.

@stefan1 I hate to be the one replying to my own topic, but I discovered the problem was the firewall on Client Netgate Box: [image: 1628992549367-65308152-4aa0-434b-98dd-85894a86220d-image.png] The default firewall rule for the LAN assigned ports out-of-the-box is accept Source: LAN net. When bridging with layer 2, the client will receive an IP from the remote DHCP. The IP assigned to the client will be not known to this interface. I needed to change this to Source: any and now its working.

@kwriley87 said in Open VPN clients unable to connect to IPSec site-to-site resources: To be clear, if I look at my IPSec tunnels on Site A, there is only 1 Phase 1 tunnel set up, but 2 Phase 2 tunnels (one for Site A LAN to Site B LAN and one for OVPN LAN to Site B LAN): https://pasteboard.co/KfhG7AH.png Yes, this is ok. And at B you should have the same, but with inverted networks. The tunnel might go down if it's idle. You have to initiate traffic to get it up. If not, check the IPSec log for hints.

@sasa1 When you are running OpenVPN on pfSense itself, you have only to check "Redirect gateway" on the OpenVPN server settings and add an outbound NAT rule to WAN for the VPN tunnel network. You have to switch the outbound NAT into hybrid mode and save it. Then add a rule: interface: WAN source: <OpenVPN tunnel network> All other options may stay on default values. Save it.

@tman I started seeing the same issues myself, and I also can't find any obvious culprits. I would expect that the connection would attempt to restore itself, but that's not the case. When I remote in to the server side of the VPN, the OpenVPN daemon isn't running, which leads me to believe it crashed somehow, but I'm not seeing anything obvious in the logs. Does this match your findings, and did you find a solution for this?

@johnpoz Thanks Again. I'll play around with NAS firewall to see if that's the issue.

@pastic Of course you can control access by a VPN server. But consider that you can only control the traffic by source and destination IPs and ports. So if user A should not see the website of user B you have to put them on different IPs or at least different ports and you have to set up client specific overrides for all users to separate them on the VPN server. I think, it would be simpler to do that by a reverse proxy.

@viragomann to be clear , my issue is that when im connecting to my home VPN using oVPN connect from my PC -> DNS breaks down , and i cannot browse the internet . if i use oVPN GUI (downloaded from withing pfsense ) everything works . but i cannot use the GUI version , cos i have to have multiple profiles imported . (Home& work)

@david2121 montre nous les règles de pfS LAN / openVPN est-ce un VPN site2site ? avez-vous défini votre route xorrect paramètres de ? [image: 1628342897794-bbaf2ed3-8d78-4c17-82bc-7e376d2f04a5-grafik.png]

@viragomann I just tried it again with a different server-side and it worked flawlessly.

@nick-loenders Yes, this simply adds the proper route on the client to go over the VPN gateway.

Is it possible to open a feature request about?