Nothing? No one is wanting to be paid for work either. Is it even possible?

Many thanks! I have already noticed that pfSense and FreePBX (Asterisk) don't go together too well. Somehow, certain states are not handled correctly, especially when starting the internet connection through PPPoE from within pfSense. Also, the NAT settings are a nightmare - I finally got best results by switching everything off (in Asterisk). As for the Grandstream: yes - I wanted to avoid hat effort. But I somehow got it to work - also, with a configuration I thought I had tried before already. Looks like both DH 1024 and 2048 are supported (did not try any more) as well as Blowfish (BF-CBC) and AED-256 (AES-256-CBC). After first managing with certificates of only 1024 bits, it now also works with 2048 bits, so security should be ok. Only the SHA1 (did not try any others) seems a little bit weak. Also, OpenVPN is configured for "Remote Access (SSL/TLS)" and when enabling access to just the one IP of the Asterisk, everything is working fine, to reduce the security risk a little. No username/password is needed. Also.. in case someone else has similar problems: I had to enable symmetrical RTP in both the phone and Asterisk, otherwise I often had the problem of audio being one-way and that one person thus could not be hear. I am hoping that the real use will prove stable.. setup certainly was a challenge. Also, my next task is to enable the redundant internet connection.. so now I wonder if that is goin to introduce any more issues..

So I take it 10.0.8 is your tunnel network. But you say you force this machine out some vpn (on it) to go to remote networks, which 10.0.8 would be.. Just create a route so that it knows 10.0.8 is local and to not go out its vpn to get to it.. Ie point a route on it to your pfsense IP on its network. Or you could source nat the traffic on pfsense so this box thinks the traffic from your vpn is on its local network.

If you have a rule that sends traffic down your vpn connection, and that vpn connection is down and you did not checkmark do not create rule when gateway down in the gateway monitoring section of advanced misc.  Then the rule when gateway is down will be same rule just without gateway set so yeah traffic can route out the normal gateway. Another way to do it set it so the rule is not created.  Then if your vpn is down the rest of your rules are evaluated, so if you have a rule below that allows the traffic they could get it out your normal wan.  If you don't have a rule that allows them then they wouldn't All comes down to how you want to do it.  Depending on on how many networks you have, how many wan interfaces this way might be simpler to cover all the bases with.. There are multiple threads about this all over the forum.  What you do exactly depends on many factors of how you want to skin the cat, and what sort of cat it is - is it a Bobtail or a Siamese or maybe Chartreux, etc. etc.

pfSense is in transparent bridge mode. I think the reason why this works today (through windows-server) is that I have a management computer inside the network more or less directly connected to the RV325 on eth2 of the server. On this management-computer, one port has the RV325 as gw. When I use VPN client in Windows against this computer, it fill find the path all ways. That explains why it works? So I would need to do something similar with pfSense basically.

so, you are actually wanting to use tap mode? Why do you need that if I may ask?  It is fairly uncommon and a bit trickier to make work, will not work for mobile devices and has several other caveats etc. Much better to stick with tun unless you really need broadcast traffic to traverse the tunnel for some reason…

@viragomann: Check the outbound NAT. Firewall > NAT > Outbound. There has to be a mapping for the WAN interface and the VPN tunnel as source. If you change the tunnel, you have also to change that NAT rule. THANKS, THAT DID IT!  I changed the: "Source network for the outbound NAT mapping." address to match my OpenVPN in Firewall > NAT > Outbound and it still was not working so I rebooted pfSense and it worked!  I guess I was under the assumption that pfSense updated everything kind of like when you disable a NAT Port Forward and it will disable the Firewall rule as well.  Now, in the Outbound NAT it says: "Auto created rule" next to the OpenVPN rule I just changed but at the top I have marked: "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)" which I believe I marked sometime after setting up my OpenVPN, is that why the rule did not update?

I have no idea what VPN you have. The one on OPT1.

Welcome Steve & congats on your first post. What DNS servers are you pushing to clients (on your server config)? There are 4 fields (at least on mine) that you can specify.  I haven't tried it as I don't have a need for this but, I expect that if you filled out the 2nd field, the DNS server will be pushed to your client.  It's still up to the client device (Mac, PC, whatever) how it uses that info. Some may react differently than others. I know Macs are particularly beastly when it comes to DNS as they have abstracted away many of the standard mechanisms in favor of proprietary mDNSResponder-type sorcery. Maybe if you describe your issue in more detail we can help.

Thank for the reply. In short, it won't work for me  ;D

OK thank you.

I went ahead and created a PR#3844 for this alternate method Again, "works for me" but would apprecaite comments If you want to give it a try, use System Patches and add commit 4f62b7c0bd7e7a1845cded171fbd918c04e73738

If you have only one client who connects to the server, he gets the same IP on each connection anyway and you can also control access by the whole tunnel subnet. If you have multiple clients take a look at Client Specific Overrides. https://doc.pfsense.org/index.php/OpenVPN_Settings https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server#OpenVPN_Client_specific_overrides

It seems to work no so I guess it not a problem anymore.

Should have been more patient/persistent, and kept working on it before I posted here. Eventually sorted this out myself. For anyone referencing this article later, here's what the issue was: I messed around with DNS settings just after getting the VPN online, because I want all internal DNS resolution to go to the server-side PFsense box (it's acting as DNS resolver). I had put an entry in the general setup, specifying my server-side pfsense box as a DNS server, with my client-side ISP IP as the gateway. This was causing a static route to be entered into the table, and was the root of the issues. I still have some things to figure out with DNS, but the original issue I was posting about is now resolved.

So all 3 of your servers are on some public /? they are behind a firewall, so  not accessible on internet. dhcp provide on my lan (file server, vpn …)  routable ip adress 194.48.50 .../24, (that different of traditionnal "private use" 192.168... adress) PS: i can change my mind and put an another NIC , but it will be in same subnet.