I’ve got it working, I’m not really sure how. I changed the ncp settings on the server for a different reason, redonloaded the client file, and it connected. The options in the client file look the same as the old file.

Yeah I don't see any connections or attempts even.. I saw this thread and moved on because of 5.. Poster doesn't seem to even know what connection attempt is. <grin>Something hitting your port would look something like this. Jan 19 11:39:18 openvpn 17272 196.52.43.117:6666 Connection reset, restarting Jan 19 11:39:18 openvpn 17272 196.52.43.117:6666 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 – please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart…] Jan 19 11:39:16 openvpn 17272 TCP connection established with [AF_INET]196.52.43.117:6666 I would post up something hitting my UDP instance - but don't see anything going back to Jan 10th.. Would have to look through the syslog for something.  But see hits to my 443 all the time… I run an instance on tcp 443 because almost guaranteed if there is internet at the place that 443 will be open tcp.    But it does generate some noise in your logs.  While tcp not the preferred connection method - nice because makes it easy to bounce off a http proxy when your behind one like I am at work ;)</grin>

where is this 192.168.2 network in that drawing? 192.168.2 is your openvpn tunnel network – how would that create an outbound nat on your LAN?? See my attachment the 10.0.8 and 10.0.200 are my 2 vpn tunnel networks... The outbound nat is on the WAN.. [image: openvpnnat.png] [image: openvpnnat.png_thumb]

i will try it jimp, thanks

Also keepalive directive should be configurable :)

Ok…  I gave you the "loud applause".  Nothing a shot can't cure.

Hi Derelict and viragomann, Thank you for your responses. Yes I am testing from outside. Just tried using do not pull routes. Disabled interfaces and re-enabled interface and it seems to be working now. Really appreciate your help!! Regards, mdahal

Frustrating that no one took a stab at it…  But, I'm glad no one wasted their time too.  ;D Turned out that it was a number of items from settings that don't work like they did before, security changes due to MAC and Windows OS updates, AD GPO policy updates, new hardware not in the correct AD OU groups, and ISP security changes that caused some homes networks to reverting to a subnet we use at work... Literally ended up that each employee had 3-4 of the problems but none of them had the same combination of problems... Anyway. pfSense rocks!  Keep it up.

@Derelict: https://www.infotechwerx.com/blog/Creating-pfSense-Connection-VPNBook Make a second connection just like that and policy route what you want out of the different gateways, either vpn1, vpn2, or no gateway for the WAN (default gateway) Thankyou Derelict that was a great help. Really appreciate it. I have everything working now as i want.  :)

Can you ping hosts by IP address at all? No i can not ping my hosts at all Inter-client communication Yes I do have it enable But what i do find strange is am able to ping all my hosts when i connect with my Android phone. But that's not the case when i try to connect with my laptop. Additional info: IPv4 Tunnel Network 10.0.0.0/29 IPv4 Local network 172.16.0.1/22

@jelter: Just wondering if you ever got this working.  I have been struggling and have tried much of the same. I actually did get this working, as far as the VPN interface getting an IP address (if you need these settings, PM me), but I can not route anything through it to the outside. My goal is to define specific LAN traffic to go out the interface. Current setup: WAN (Comcast): 73.82.XX.XX LAN: 10.0.0.0/24 VPN IP: 100.97.0.40  Remote IP: 162.250.2.18 Note the VPN IP changes very often, maybe once every 5 mins. Probably normal but I figured I would mention. I've looked over several guides on how to set up routing (created manual NAT rules, etc), but when I tell it to route all LAN traffic through the VPN interface, nothing goes out. When I do ping tests from withing pfSense (Diagnostics/Ping): WAN->VPN IP success LAN->VPN IP success VPN->WAN IP success VPN->LAN gateway success VPN->any internet IP fails VPN->Remote IP fails (Should the above two lines work?) Rules: Tiger_VPN Protocol: IPv4 Source: * Port: * Destination: * Port: * Gateway: * OpenVPN: Same as above except: Source: LAN net Gateway: TIGER_VPN_VPNV4 WAN/LAN rules: Currently nothing involving VPN Pending rule added to top of the list (which doesn't work - no net traffic goes out the VPN interface): LAN Protocol: IPv4 TCP Source: * Port: * Destination: * Port: * Gateway: TIGER_VPN_VPNV4 It seems a lot of people are getting stuck at this point where nothing routes through the VPN interface to the internet. Just seeing if I'm missing any rules here.

It's all on the ticket. It's enabled by default now in OpenVPN and has been forced on in pfSense for years, so we removed the option from the GUI since it was meaningless.

It's not that bad.  Only a few specific resources need to communicate branch to branch.  The latency of going through HQ is not a big deal.  I'm hoping to find out from you and the pfsense community if I have misconfigured something when using a /24 tunnel or if their is a bug somewhere.

Not a real network manager user in linux…  But I do recall there is a plugin you have to add I would suggest you do a simple google - but I could fire up a ubuntu vm and walk thru this if still having problems.. Did you add the openvpn network manager plugin? user@ubuntu:~$ apt-cache search network-manager-openvpn network-manager-openvpn - network management framework (OpenVPN plugin core) network-manager-openvpn-gnome - network management framework (OpenVPN plugin GNOME GUI) You might have to call out the specifics for the tls key - simple google finds multiple examples of this.. Worse case is I could fire up a network manager gui on ubuntu vm and walk through it.