Frustrating that no one took a stab at it…  But, I'm glad no one wasted their time too.  ;D

Turned out that it was a number of items from settings that don't work like they did before, security changes due to MAC and Windows OS updates, AD GPO policy updates, new hardware not in the correct AD OU groups, and ISP security changes that caused some homes networks to reverting to a subnet we use at work...

Literally ended up that each employee had 3-4 of the problems but none of them had the same combination of problems...

Anyway.

pfSense rocks!  Keep it up.

@Derelict:

https://www.infotechwerx.com/blog/Creating-pfSense-Connection-VPNBook

Make a second connection just like that and policy route what you want out of the different gateways, either vpn1, vpn2, or no gateway for the WAN (default gateway)

Thankyou Derelict that was a great help. Really appreciate it. I have everything working now as i want.  :)

Can you ping hosts by IP address at all?

No i can not ping my hosts at all

Inter-client communication

Yes I do have it enable

But what i do find strange is am able to ping all my hosts when i connect with my Android phone. But that's not the case when i try to connect with my laptop.

Additional info:
IPv4 Tunnel Network
10.0.0.0/29

IPv4 Local network
172.16.0.1/22

@jelter:

Just wondering if you ever got this working.  I have been struggling and have tried much of the same.

I actually did get this working, as far as the VPN interface getting an IP address (if you need these settings, PM me), but I can not route anything through it to the outside.

My goal is to define specific LAN traffic to go out the interface.

Current setup:

WAN (Comcast): 73.82.XX.XX

LAN: 10.0.0.0/24

VPN IP: 100.97.0.40  Remote IP: 162.250.2.18
Note the VPN IP changes very often, maybe once every 5 mins. Probably normal but I figured I would mention.

I've looked over several guides on how to set up routing (created manual NAT rules, etc), but when I tell it to route all LAN traffic through the VPN interface, nothing goes out.

When I do ping tests from withing pfSense (Diagnostics/Ping):

WAN->VPN IP success
LAN->VPN IP success
VPN->WAN IP success
VPN->LAN gateway success

VPN->any internet IP fails
VPN->Remote IP fails

(Should the above two lines work?)

Rules:

Tiger_VPN
Protocol: IPv4
Source: *
Port: *
Destination: *
Port: *
Gateway: *

OpenVPN:
Same as above except:
Source: LAN net
Gateway: TIGER_VPN_VPNV4

WAN/LAN rules: Currently nothing involving VPN

Pending rule added to top of the list (which doesn't work - no net traffic goes out the VPN interface):

LAN
Protocol: IPv4 TCP
Source: *
Port: *
Destination: *
Port: *
Gateway: TIGER_VPN_VPNV4

It seems a lot of people are getting stuck at this point where nothing routes through the VPN interface to the internet. Just seeing if I'm missing any rules here.

It's all on the ticket. It's enabled by default now in OpenVPN and has been forced on in pfSense for years, so we removed the option from the GUI since it was meaningless.

It's not that bad.  Only a few specific resources need to communicate branch to branch.  The latency of going through HQ is not a big deal.  I'm hoping to find out from you and the pfsense community if I have misconfigured something when using a /24 tunnel or if their is a bug somewhere.

Not a real network manager user in linux…  But I do recall there is a plugin you have to add

I would suggest you do a simple google - but I could fire up a ubuntu vm and walk thru this if still having problems..

Did you add the openvpn network manager plugin?

user@ubuntu:~$ apt-cache search network-manager-openvpn
network-manager-openvpn - network management framework (OpenVPN plugin core)
network-manager-openvpn-gnome - network management framework (OpenVPN plugin GNOME GUI)

You might have to call out the specifics for the tls key - simple google finds multiple examples of this..

Worse case is I could fire up a network manager gui on ubuntu vm and walk through it.

If pfSense is the default gateway response packets should correctly be routed back.

Check if the server block the access by their own firewall.

To ensure what's going on, you can sniff the traffic on pfSense in Dignostics > Packet capture.
Select the interface which the servers are connected to, set other filters if you want and start the capture. Try to access the server from the vpn client and stop it to see the packets.
You should at least see the requests, since pfSense should pass it, cause the wizard sets an allow any to any rule.

I solved the problem. The gateway setting on the CMC and iDRAC was misconfigured with the wrong IP address. They were all configured with 10.0.0.254 as the gateway, I corrected it to 10.0.0.1 and everything started working properly.

What did you change in the new config?
Your certs, port numbers, ip addr/ddns must be the same. - if the old exports still work.
Check log files for OpenVPN, increase verbosity if necessary. What do you see & how does it relate to your changes?

I use windows client pretty much every day all day from work to my house… Never have any issues... RDP to my home boxes all the time, etc etc..

This really is clickity clickity through the wizard done..

I would change your compression to adative - you seem to be hard setting it with this

"compress lz4"

hi,i resolved the problem,its the modem who has blocked the cnx on the vpn server ,now its work.
bue another question please,should i change the encryption to ssl or even with shared key its securised a lot .

To dynamically route like that you need some kind of routing protocol on both ends, such as OSPF or BGP.

The OP has already enabled that. There is no bug.

"WebCfg - Status:Services" is required since you are accessing a Service from a Status page.

Well if you set yours to AES-256-CBC and the remote wants blowfish, I don't know what adding the exact same configuration option manually is going to change.

But if it works for you, great.