Only traffic able to pass through it is ping, and that's from the road warrior to the gateway. Is there a way to allow any traffic to go through it without redirecting gateway? Just so I can selectively choose programs to go through?
Thank you

Sorry if I’m all over the place in my explanation, aside my setup I’ll just explain the issue I had.
Pfsense LAN 192.168.102.x connected to switch.
Switch connect to NAS and PC, worked perfect.
If I made the PC part of the PrivateInternetAccess alias I would lose the ability to connect to the NAS even though it was on the same network.
If I made the NAS Part of the PIA alias it would work but now the rest of my devices couldn’t connect to NAS.

I did, I also later on stated I've tried my LAN v6 but it never worked. Afterwards I got it to work recreating it using identical configuration.

Thank you both @jimp and @JKnott for the help. My issue has been resolved by itself.

Why did you delete the whole Config only to change the encryption settings? You can just Edit all the settings...
Do you have your Firewall Rules in place in the OpenVPN Tab? For testing just do some any any Rule.

-Rico

I was able to finally figure out my issue. While we have multiple public IP addresses, only one is dedicated to the VPN. While both servers were configured to the WAN interface, one was listening on the correct IP and one was not. After setting both servers to listen on the correct interface, it started working. Odd that it breaks now.

Thank you for the response, all of which makes sense. I must do some reading on iroutes.

The examples would benefit from the inclusion of a "last edited" date as its not evident otherwise just how current they are.

Consider that there is also a static route for 192.168.32.0/24 needed on router A.
However, the interface on B facing to router A a is a DHCP configured. It should have a static IP.

Just edit the subject of the thread and put in solved at the beginning {solved]

Okay guys,

I updated to the latest 2.4.4. and now OpenVPN does not work. Nothing changed but the upgrade. After chasing my tail some, I thought I would see if anyone else is having the same issue.

I could upgraded another unit and see if the problem follows, but it is an hour drive away and I really don't want to lose control of it.

I thought I was onto something by testing in Diagnostics/Authentication, but apparently I've forgotten the proper way to test. So I have to go back to basics and step by step it. Hope someone figures this out.

Set the destination of the NAT translation to OVPN_VPN address.

Be sure the rules passing the traffic do not match on the OpenVPN Group tab, but do match on the OVPN_VPN tab. The easiest way to be sure is to not have any rules on the OpenVPN tab. Care will have to be taken if you have other OpenVPN servers or clients defined.

Be sure the default gateway of the 192.168.0.233 host is pfSense.

Be sure the firewall on 192.168.0.233, if any, passes traffic from arbitrary sources.

https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

If you take more packet captures, please do them on the 192.168.0.0/24 interface the server is on. If you don't see any traffic there, check all of the above again.

Thank you very much, I configured the modem bridge and pfsense PPPoE and all is ok !!!
Thanks

Hi DotDash,
Thanks for your speedy reply.
This is a shame, i must have missed that part during the googling sessions.

I guess I'll look into getting a higher clocked speed AES-NI Intel Chip instead :)

Cheers,
AlienX

I talked with the cloud provider and we used their VPN solution (I think it's Fortinet based) and everything went ok in all cases, including tan IPSEC tunnel between another pfSense and the provider endpoint. Any idea on where to check?

@rico said in Improve OpenVPN throughput:

@gsmornot
I don't think GCM use multiple cores...
With my SG-3100 the max in real world tests is around 83 MBit/s OpenVPN AES-256-GCM.
But you can share your config if you want. :-)

-Rico

Nothing special in the config, just offering to reply with any detail asked for in my current settings.

Looking, I thought it was multicore but I think what I want to say is capable of parallel processing. I am a bit more basic in my understanding. I tested the performance versus CBC and found it to be much better, maybe double, so I stuck with it. IPSec was much faster but I kept reading people say they would always pick OpenVPN first so I stuck with it. So far no issues. My main use is access through my firewall while mobile so I can make use of public wifi at times and even bigger for me block ad's with pfBlocker.

@chedxb Please try to isolate the issue and be more specific.
And a net diagram of what you are trying to do would also help
azure, ubuntu and containers are nice trendy technologies, but don't really add any usable information on the situation.

After upgrading the router and creating a new VPN server with the wizard all the needed settings were there. The VPN is now working and connecting correctly. Thanks very much for the help on this!

With IPsec, yes. With OpenVPN, no. OpenVPN shared key mode isn't compatible with GCM (IIRC it requires SSL/TLS)