@derelict I forgot to add an user certificate Because I authenticate users from radius I had to add an certificate for the user Thank you

Glad that looks like a viable option for you. FYI the proper channel for feature requests is to open a feature request at https://redmine.pfsense.org/

@johnpoz I needed to reboot the pfSense box today for another reason, and it seems that Unbound now no longer restarts if an OpenVPN connections is established. So I guess that was only a temporary issue. Thanks for your help!

@arthurg94 De rien ))

@trazom Il n'y a pas de quoi

Glad you have it working now. -Rico

You have to add an additional phase 2 to the IPSec configs for the access server tunnel network. Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks". For instance: site A: LAN: 10.0.10.0/24 access server tunnel: 192.168.21.0/24 site B: LAN: 10.0.20.0/24 access server tunnel: 192.168.22.0/24 site C: LAN: 10.0.30.0/24 access server tunnel: 192.168.23.0/24 So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network. at site B local: 192.168.22.0/24 at site C local: 192.168.23.0/24 Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course. Access server "Local Network/s": A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24

I don’t know how to use the results from Google... :(

Yes, 3 boxes, but no, not connecting them together with OpenVPN (using IPSEC VTI for that). It's just that each site has different users, and if there's a snow day the'd need to work from home. With 2 of the boxes (one netgate, one white box) OpenVPN has been problem free. Just one has issues. I'm thinking it might be a bad install, and that I need to re-do the installation. This particular office had a netgate box fail when I upgraded to 2.4.4 (no anything on the serial terminal no matter what I did with the reset button) so I swapped in a spare 3-NIC PC, installed pfSense on that - and OpenVPN was working fine there, too. But I needed more NICs, so I bought another white box, installed pfSense - and everything is working except OpenVPN. I guess I know what I'm doing this weekend. Sigh...

I am having troubles with iOS as well. In my case, disabling compression on the server was the only fix. With LZ4 or LZO, I could connect and ping, but RDP would not work.

thanks i see i needed to add(enable) the interface even though it was auto created.

Add a CSO: VPN > OpenVPN > Client Specific Overrides Enter the common name that matches to the users certificate. Enter an "IPv4 Tunnel Network" by considering the stated hints.

Guys any update???? Your help will be appreciated

How do you know the Server side is working properly? When your Client side pfSense Internet access is working and you don't see anything else in the Logs, you have used a wrong IP/Port or the Problem is the Server side. Can you for example make Update checks for your pfSense to make sure the connectivity is working in general? -Rico

I think this is more of a OpenVPN problem rather than PFSense problem. Apparently, it isn't possible for OpenVPN server to listen on both IPv4 and IPv6 addresses. It can listen to ALL (meaning all IPv4 and IPv6 interfaces on server) OR a single IP address (IPv4 or IPv6). https://sourceforge.net/p/openvpn/mailman/message/34193818/ "AFAIK this is currently not possible - openvpn can either bind to ALL addresses (IPv4 and IPv6) or it can bind to a single address - either IPv4 or IPv6. " https://community.openvpn.net/openvpn/ticket/937?cversion=0&cnum_hist=5

create static addresses for the devices you want outside the tunnel. then create a Rule so those device travel over WAN instead of the PIA tunnel... this is how i operate my "smart" TV so i can stream