I have similiar config however I am using AirVPN instead of PIA and it is working as it should. A single LAN rule should be sufficient. Make sure Disable reply-to on WAN rules is UNCHECKED in Advanced->Firewall/NAT.

You dont need to use TAP, TUN will work. When you set the VPN server as default gateway (redirect gateway) your public IP will be the WAN IP of the VPN server. Can you ping all the remote networks you want to be able to reach from your Pfsense? Does the remote networks you want to reach use the Pfsense as default gateway? Depending on your setup, you may hit your remote networks OK but they do not have a route back to your VPN client range.

Thanks for the help. I figured out what was happening. I had another application (AntennaPod) on my phone that was registered to open .ovpn files. That was the application that was generating the error messages. I had to download the file, then import it from within OpenVPN Connect, instead of opening the file from my email.

I have the same issue and the same device from amazon that sheen73 has,  I have a Gigabit connection, with PIA defaults I only get 40Mbps :( In the UI I changed the Send/Receive Buffer to 512K and UDP Fast I/O to true. My speed increased to 130Mbps… all my NICs support Gigabit.

Solved by Self ! :( :) Each Interface by VM´s must have Promiscuous Mode !

@viragomann: Maybe not the best solution, but that one that will work in your case: Add a source NAT rule to pfSense to translate your VPN IP to the pfSense LAN address. To do so, go to NAT > Outbound. If the NAT mode is set to automatic rule generation set it to hybrid and save this settings. Then add a new rule: Interface: LAN Source: <the vpn="" tunnel="" network="">Destination: <transmission jail="" ip="">Translation: Interface address Enter a description and save it.</transmission></the> This solution works! Thanks! ;)

@viragomann: The source has to be 172.16.100.0/24 - LAN1 network. Ah yes, thank you for that. I can now ping 192.168.12.45 from LAN1 and it responds correctly. Now….How can I configure it so I can ping 172.168.1.45 from LAN1 or LAN2 and it routes to 192.168.12.45 in LAN2? I need this because I have more sites with 192.168.12.0/12 networks. Cheers, Mike.

bump Any thoughts?

Yesterday it was not working. But now Openvpn as connect to my pfsene. I afraid I do not learn how is this work?  >:( it is working by miracle. I do not remember what do i change in pfsense? Thanks everyone. Now try to access my local pc from Outeside home. Please see the openvpn log in pfsense and another question where do i find (link-mtu : 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542')? Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.14) Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.14) Nov 18 10:07:33 openvpn 38877 Options error: option 'route-metric' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.14) Nov 18 10:07:33 openvpn 38877 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.14) Nov 18 10:07:33 openvpn 38877 TUN/TAP device ovpnc3 exists previously, keep at program end Nov 18 10:07:33 openvpn 38877 TUN/TAP device /dev/tun3 opened Nov 18 10:07:33 openvpn 38877 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) Nov 18 10:07:33 openvpn 38877 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Nov 18 10:07:33 openvpn 38877 /sbin/ifconfig ovpnc3 10.128.0.3 10.128.0.1 mtu 1500 netmask 255.192.0.0 up Nov 18 10:07:33 openvpn 38877 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1542 10.128.0.3 255.192.0.0 init Nov 18 10:07:38 openvpn 38877 Initialization Sequence Completed

The local networks option is still there in 2.4. No need to do it with overrides. The only time the local networks option is hidden with that kind of setup is if you have set the option to redirect all traffic over the tunnel ("Force all client-generated  traffic through the tunnel.") and in that case, local networks are redundant because all of the user's traffic is already going over the tunnel so sending a specific route for your other subnets is unnecessary.

that is what "don't pull routes" do. You then have to set up rules on LAN to push devices and ports you want out the VPN interface.

yep - the official OpenVPN connect clients are solid …ugly, but solid!

If it doesn't it is because it actually reconnects. I have never seen ssh do that.

So I fired up a VM of pfsense.. running 2.4.1 I created a client connection, big bang zoom connected.. I then created a server connection.. Running just fine.. This took all of 5 minutes to setup.. Your going to have to give us some details if you want us to help you other than saying its not working.. Like the openvpn log of client connetion.. The log of the server starting, etc.. Attached you can client connected and server running.. [image: workingjustfine.png] [image: workingjustfine.png_thumb]

Try this NAT outbound rule: Interface: NordVPN Client Protocol: Any Source: Network (OpenVPN Server Subnet) Destination: Any

Gotcha - I figured as much. We run rds connections via wyse thin clients through our broker and 1-2 drops disconnects their session. CSR's complain but it doesnt kill them as a simple click back in, but production may not be at their machine. We run live monitoring on our plant machines and this is where the issue comes into play as if they do not reconnect quickly, the RPM data is lost. Anywho thats an issue in itself so with that being said, I will test this package and see how it goes. Thanks!

Sounds like what people reported in this thread, see what, if any, of these things apply: https://forum.pfsense.org/index.php?topic=138608.msg764734#msg764734

Narrowed down the issue to PFBlockerNG, disable that service and I can access the internal LAN via OpenVPN Server…Will need to read up on PFBlockerNG.