OMG you are absolut right, I am the biggest idiot ever! The IPs that I have tried have a different default gateway an this is not pfSense, so yes its totaly clear why the LANO is working (because all devices have the pfSense as default GW) I have just tried a IP in LANH with pfSense as default GW and everything is fine... Yes sometimes the solution can be so easy and you don't see it. Many thanks for your support! zulasch

@Jeremy11one It's not a group you can modify. So there is no reason to display it there.

thank you, that helped!

@NOCling said in Teleworker fast VPN: Traffic Shaping thanks wasnt on my radar so far ... ~900Mbps routing and 50VPN Users is a pretty cool with the SG1100

If you needed static routes to make this work you did it wrong. You will experience occasional strange issues if you use static routes. Let OpenVPN install the routes using the Remote Networks fields.

@Rico Yes. It was always checked. EDIT: I just fixed the issue. Apparently when you duplicate a vpn client it copies all the settings except for the password (in the credentials part). I pretty sure I did the same thing in 2.4.4 release but never mind...If that's how pfSense should work and was designed to do so be it. Not something to be bothered by too much. Thank you anyway for your help :)

Perfect, thanks :-)

Thanks for the link, will be looking to try the phone thing as the remote site is several hundred miles away. I did solve the first issue. Seems the ISP can (and did) turn off bridge mode on my modem, without telling me of course. I have a couple of good vids on the setup and can vpn in with tablet if I need to change things remotely. So I am fairly confident I should be able to set the site2site now that I can actually connect to my box. If cables are not too expensive I might test before my next trip.

You are better off making a fresh set with unique subjects. Trying to use them when they overlap in that way is going to lead to nothing but confusion down the road.

@Rico f*';= /me toooo slow ;) thx ;)

Well, I haven't made any changes since I made the original post, however it all seems to be working quite well now. Perhaps something needed to propagate out or clear out of memory or something, but I don't see how since I restarted both machines and manually cleared the state tables multiple times before making that post. Since I doubt that I will be able to find the source of an issue that is currently absent I will simply make a note of what I have found in answer to the latest questions in the hopes that it might help someone in the future. I will keep an eye out for any suggestions that people make for future reference and come back with an update if things stop working again. Yes, all the states triggering on the LAN interface seem to be going to the WAN at least for now. The rules for the Rokus and the media PC do allow all ports including udp. I have not seem any traffic from any of these 3 devices going out to the VPN. I do not have any static routes set up for anything, however every LANside device on the network does have a static IP address if you think that might be a factor. (This is a home network, so only 25 devices currently connected) I have IPs 192.168.10.100-250 for transients like guest cellphones to be assigned as needed through DHCP. If the problems return I will try disabling other LAN rules as my next troubleshooting step, but I don't think it would be a productive diagnostic step while everything seems to be working. One last piece of information that might be useful for others who come across this: The last thing I did before making the original post (and so the most likely factor in things starting to work if it was in fact just something that needed time to propagate) was to switch the outbound NAT mode from manual to hybrid. It does not appear that PfSense made any changes when I did that, but perhaps I missed something there. Anyway, thanks for the help. Fingers crossed that it is actually fixed and not just temporarily working.

This is the result uploading data from my pfSense to the other: [image: 1592230053500-unbenannt5.jpg] The other direction (downloading from the other pfSense) the speed is fine. So it's just that one direction. But why?

You should see something in the logs why it's not starting. -Rico

Did you walk through the troubleshooting guide? https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html -Rico

i think its a probleme of that use his internal ip . but i dont have an idea how to fix it

I was able to solve it ... it was a problem with the Public IP. Greetings and thanks for the answers.

@bjk002 said in OpenVPN routing issue with LAN: tun mode. Under OpenVPN, Client Export Utility, Advanced, Additional Configuration Options, add a line as such: push "route 192.168.10.0 255.255.255.0" ,where 192.168.10.0 is the network you want to allow clients access.. Apologies if I used improper terminology but this was actually LAN hosts that were routed through the OpenVPN Client tunnel could not connect to other devices on the VLAN/LAN. My solution is posted above :)