The documentation seems to be pointing out that it doesnt really matter if it is chosen or not openVPN will automatically detect AES-NI and use it, if available, right? Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine. https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerator-support.html

Ok, found another post on Google that pointed out the issue. Had to choose Remote SSL and note Site To Site... My next question: How can I advertise Client’s LAN to the server? So I can ping devices from the server-side. According this this website, I need to add this to the servers config: https://medium.com/@bjammal/site-to-site-vpn-on-a-single-host-using-openvpn-e9c5cdb22f92 cd /etc/openvpn mkdir ccd cd ccd touch client echo “iroute 192.168.40.128 255.255.255.248” > client client-config-dir ccd route 192.168.40.128 255.255.255.248

@johnpoz I really don't know why some companies do certain things and sometimes I wonder if they do. However, as I said, Rogers is not alone in this, but it is a good idea. I recall people I know complaining how their ADSL address would change, right in the middle of them doing something. I get the impression some ISPs are nasty. I discovered this feature at least 15 years ago. Of course, when I change hardware, I have to update the DNS alias. I'm not certain what will happen with my IPv6 host names, as I haven't changed any hardware in the 4 years I've been getting IPv6 from my ISP. I'm assuming the DUID will keep the prefix from changing.

Hi! Issue was resolved now. OpenVPN Client Export package 1.4.23 has been release: [image: 1589000836111-ae8f39e5-de52-4ae0-8fb4-0754b45b0e8d-image.png] Already updated on my pfSense box. UDP4 no more, its just UDP now: [image: 1589000814348-34b392dc-632e-4220-8b03-1667d9a4b54d-image.png] Thank you so much to those who work-out the fix on this bug. Cheers!

OK, I see the logic. Thanks.

Yeah that is just gibberish..

@Gertjan I managed to talk the client into agreeing to remove the router. So everything is working fine. Thank you again for all your help.

Yes, the log should show what's happening there. OpenVPN is not running so it's probably got some setting that prevents it starting. A subnet conflict of somekind would be my first guess. Steve

Anyone knows about this?

@marvosa I have currently got a bt smart hub with complete wifi discs. The modem/router gives me the option of 192.168.x.x or 172.16.x.x as ip addresses and for 172.16.x.x gives the router up as 172.16.0.1.it has dhcp which has already assigned devices 172.16.x.x addresses. I will be turning the firewall and dhcp off on this and switching it out for a DM200 modem and adding wireless access points. I just want to make sure now before I implement the pfsense into the live network that it will work OK. I am planning but am not 100% sure if I'm planning the right things. I hope so! I need to get it working and for it to not bugger up the WiFi on our mobiles and other WiFi devices or I'll get it in the neck from the wife if pfsense starts blocking everything ‍️

@nirmalts said in pfSense becomes sluggish at times: for a window of 2-3 hrs everyday. Your check list is quiet complete. Even the most smallest pfSense capable devices like these can crank out several tens of megabits per second, nearly always limited by what happens upstream. The solution is easy : don't use VPN suppliers during that observed windows. Remember : they all work with the "best effort" methods. And it seems that legal video streaming services ran out of 'not seen' content so the less legal providers are even more used. Which explains the massive "VPN" usage and it's consequences.

Of course mark also don't add/remove routes or don't pull routes. Otherwise you will kill the lan connection (don't understand why but it does).

That custom option was something that was leftover from trying on my own, I suspected the Local Networks box was the proper place where it supposed to be anywhere. I didn't set the 10.0.8.0/24 as a remote network in the branch office but upon taking your suggestion it now works. Thank you so much!

bump

@Rico said in No internet Access with OpenVPN after upgrading to pfsense 2.4.5 release: erver/Clien thanks!! all good now

We finally found the problem! It was a previously misconfigured remote network subnet mask (/4 instead of /24 - probably a typo because this was done rapidly during a night) on the pfsense client that remained in the routing table. Somebody corrected the client's configuration afterward but probably forgot to restart the tunnel to update the routes. And it explains very well why some destinations were treated differently than others.