Well I made a mistake when i add the local network subnet (10.0.0.1/24 instead of 10.0.0.0/24) … but at least I can thank to this guy that have made the same mistake lool https://forum.pfsense.org/index.php?topic=123677.0

Thanks for your input. I am using UDP 443 for both openvpn clients. The double openvpn client setup connects and ping works consistently. Other protocols like RDP, VNC and HTTP is a hit or miss. Don't know what has changed when they do work. It is a bit of a puzzle. I have it tested in a lab environment before going on the road and never had a problem. Only difference is my connection speed in lab was 1Gbps and on the road it is only 5Mbps. The single openvpn client works like a charm.

Hi, which firewall rules do you have for your openvpn network? Perhaps this side helps you  https://blogs.technet.microsoft.com/networking/2010/12/06/disabling-network-discoverynetwork-resources/

Well after googling the past hour Im no closer to finding out the correct syntax to making sure OpenSSL can talk correctly to one of the few cipher OpenVPN supports.  And as far as more detailed logs, I cant find anything else in granular detail.

I got it working with these options on the client side: auth-nocache inactive 900 ping 10 ping-exit 60 Seems that auth-nocache is the key. After it times out it tries to connect but because the creds aren't cached, the dialog box appears asking for them again. Since no one is there to enter the password and click OK, it times out and loses the connection. It's not the best way to handle it but it seems the only way currently.

Is this still an issue? I'm having dns resolver issues through my openvpn. I removed the file and restart dnsmasq with no help. I also just upgraded to 2.3.3 from 2.3.2_1 but no difference.

I don't know how this HW performs. Ask at dd-wrt forums for observed OpenVPN throughput. Also, you may need to adjust settings on tunnel if you observe low performance, search for "valdikss openvpn fragment"

well, country, province, city org and email are identical (most of these CAs where created well before we started using pfsense, all of them where created using easy rsa) so yes, if pfsense tries to look at the subject to find out if they are related this could indeed be the reason. while using the same email address might not have been ideal, i don't think it's possible to change it afterwards, so i'm stuck with it… regards, albert dengg

One tunnel per LAN interface to a switch is the easiest to do. I will go for it. Never mind about the other configuration.

Hello, Well I finally found a solution for the web configuration page load problem. I found on google a suggestion which finally worked for me. What I did was decrease the MTU under General Configuration on the WAN interface which is by default blank (1500) down to 1380. This was the trick for me.

No, that is not viable if you wish to use overrides and perform strict user/cn matching.

You need a better grasp regarding what firewall rules should go where: https://doc.pfsense.org/index.php/Firewall_Rule_Basics https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Thank You Derelict for responding. Yes, I am  now running two instances of Openvpn server –- one for the road warrior and other for connecting all the sites. Although it turned out to be quite simple, in case any one wants a step by step guide please let me know. Thank you, Ashima

@firegood: @jimp: What auth settings do you have on the tunnel? Local? Remote (RADIUS/LDAP)? Does authentication still work for that user under Diag > Authentication? There were a couple of changes in that area but nothing that I've seen fail now that was working before. I am seeing the same thing as well. I have a site i VPN into once or twice a week. Nothing changed on the client side, upgraded to 2.3.3 from 2.3.2 and now i cant get in. I have the VPN tunnel setup to use a radius authentication server that goes back to MS Server 2012 via Network Policy Server hooked to AD. Test authentication works just fine under diags I am getting these error logs: TLS Auth Error: Auth Username/Password verification failed for peer WARNING: Failed running command (–auth-user-pass-verify): external program exited with error status: 1 user 'XXXX' could not authenticate. i would love to get with you and see how you have the radius setup tied back into AD!

Crap! I just lost the second post because the software logged me out before I hit post, Now I'm pissed off so I'll continue this later… JayArr