So all 3 of your servers are on some public /? they are behind a firewall, so  not accessible on internet. dhcp provide on my lan (file server, vpn …)  routable ip adress 194.48.50 .../24, (that different of traditionnal "private use" 192.168... adress) PS: i can change my mind and put an another NIC , but it will be in same subnet.

@Cyber-Wizard: but it creeps me out that this impacts the OpenVPN service so dramatically. Not a solution but with regards to OpenVPN "locking up", it is known it happens during the authentication. Normally this goes unnoticed. There is a way around it, maybe it can be applied/integrated to pfSense… http://engineering.freeagent.com/2017/05/22/external-authentication-scripts-in-openvpn-the-right-way/

"it pushes CN and IP to a bind/named and works like a charm" Yeah bind can do that ;)  There is not such functionality in unbound that I am aware of.

Hello, thanks for your reply.  I basically wanted to add another wireless router just as a bridge connection so that if my son and his friends connect to that wireless bridge they won't get the lag they are experiencing going thru the VPN. I know I can achieve this with aliases specifying which hosts use what, but I just wanted to see if i could set it up so I can tell the kids if they want to do gaming connect to this gaming AP. I can't seem to find out how I can add a NIC card and anything connected to the 3rd NIC will go straight out using WAN.

When I experienced that problem I moved my network to 172.16.0.0, as I'd never seen any commercial gear in that range, but I had in 192.168. & 10..

I don't see that happening. While technically it may be possible, that would increase the complexity quite a lot for very little benefit to most users.

What worked: It was the DNS suffix: On a computer on a domain, I needed to ipconfig /all, and under "Connection-specific DNS Suffix" it showed local.domainname.com Thats what needs to be under "DNS Default Domain" under VPN -> OpenVPN -> Servers -> edit

What port are you using for vpn, you say not standard so not 1194 UDP?  But still UDP? There are many a wifi network that block ports other than 80/443.. This is why I run an instance of openvpn on tcp 443.  This way you are pretty much SURE you can get to it from anywhere.  Since not allowing 443 tcp would make the internet not viable..  And when running in tcp mode on 443 this also pretty much makes sure you can even make the vpn connection over a proxy. So just run a another instance of openvpn on 443 tcp and if you have problems from a location just use that configuration.. As to your domain?  I assume you mean some dyndns you have setup - is that resolving.  Its possible where your at is blocking that domain?  Does it resolve?  Test with some tool like HE tools for ios or android it has a dns testing feature, etc.

I am interested in something similar to this and was thinking that integrating pfBlockerNG would facilitate creating an access list to be used for routing purposes.  In this case I would think that adding the domain to pfb would resolve all of the ip's for that site/domain and adding them to an access list, then setting a routing statement using that access list as the destination to route through the vpn instead of the WAN. What I am wanting to test is using pfblocker to create an access list for the .onion domain, then routing the traffic destined to that domain through a vpn.  For instance, there are ubuntu repos on tor, and when updating packages from that repo, I would like that traffic to automatically route through the vpn connection instead of attempting through my wan.

That won't ever work properly. You must configure it using the GUI. If you post the details of your configuration (without anything private included), we can help you determine how it will be setup in the GUI but running it in the background like you are doing is not viable.

Is the pfSense LAN IP the default gateway on the LAN machines? Please post your vpn settings.

You are correct he mentioned that… I must of been thinking of another thread.. Thee was another thread asking about using using multiple vpn connections.  Much longer than this one though.. I was thinking of this one. https://forum.pfsense.org/index.php?topic=135283.0 Different poster.

Thanks! Attached is a screenshot of the logs page. Do I need to do something to turn them on? I can't find any settings. It seems really odd that there are no logs of anything. The client seems to have gone down the tunnel and found the network, because it received the 192.168.4.x address, and the pfsense is there too. But the rest of the transaction isn't happening. I have a laptop that successfully connects through OpenVPN and PfSense to a different network. The configuration files seem pretty much alike. [image: pfsense-logs.jpg] [image: pfsense-logs.jpg_thumb]

If the server pushes the default route to you and you did something wrong that's normal. You may aviod to get the default route pushed by checking "Don't pull routes" in the client settings for testing. Maybe you're missing the outbound NAT rule for the vpn. So enable the interface and set the outbound NAT rule. The outbound NAT must be set to hybrid or manual mode. Then add a new rule: Interface: <the vpn="" client="" interface="">Source: any Dest: any Translation: Interface address</the>

Ah, good info. I'll give that a try, thanks. I'm just doing the prep work at the moment before I add any rules to the firewall. All I've done is Create the CA, for OpenVPN client Create the OpenVPN client (showing as UP) Create the interface OPT1 and set it to port ovpnc1 the problem i have is, as soon as i enable OPT1 interface and reboot, all my internet traffic stops nothing has been configured by me to use OPT1, so why is this?