@viragomann Hi , thanks but it was not a issue with Pfsense but rather I had not configured my vlans on my cisco switch properly.

@Bambos When stating an alternative hostname, pfSense generates a SAN certificate. There is no reasonable case for me to do this with a user certificate, however. The CSO check verifies only one value, either the common name of the client certificate or the username, not both. As mentioned, which one to use can be set in the server settings.

@ElaineNav I answer my self it could be usefull for others: After few try, i change the role of pfsense and set the server on the slower side, now the tunnel is stable. :)

@rajukarthik said in Openvpn on mac is not working: Would prefer OpenVPN connect. Any suggestions? Yes. Download and install it ?! Not hard to find. Type OpenVPN connect MacOS - it's the first link.

For clarity, I reset the client pfsense box to factory defaults.

@chpalmer That got me fixed up, thanks.

Hi to all so, little RECAP SITE A: Operator Router-> SWITCH -> ESXi with PFsense Public IP -> Internal Lan 192.168.1.0/24 -> PFSENSE wan 192.168.1.240 with GTW 192.168.1.1 and virtual Interface ovpn peer2peer SITE B: Operator Router-> Mikrotik -> Internal LAN Public IP -> wan 192.168.8.1 - LAN 192.168.88.1 -> Internal Lan 192.168.88.1/24 Peer to Peer tunnel 10.10.11.0/28 ( site A 10.10.11.1 / site B 10.10.11.2) Connection OK between site ping - other service from B to A -> OK ping - other service from A to B -> KO PFSENSE CONFIG: [image: 1732482146293-29216526-883e-4dcf-be61-40e878d39ca4-image.png] [image: 1732481526913-7512a6dc-e92b-4e3e-b89e-7c34e5d06f27-image.png] [image: 1732481658749-6c54caac-b910-4b03-ad33-d67d0fddbc9f-image.png] [image: 1732481695419-e4dd2f8a-3d7c-423c-bb16-400bbe6aae84-image.png] [image: 1732481734049-0d34858e-90ff-4c9a-80c5-82a955a1864f-image.png] [image: 1732481757283-a38cbe88-9c96-4f29-9d8d-863c109cc347-image.png] With and Without CSO tested, but nothing change. NAT [image: 1732481799864-925d14c9-775d-4135-99b7-05c7910ba1a2-image.png] Rules [image: 1732481826768-b0188b3d-c32f-4b06-96c4-c3e98b48c821-image.png] [image: 1732481847849-2e40e12b-3fc8-441c-8e79-1dcf651b606d-image.png] ROUTING [image: 1732481884196-69cb7bb0-c088-4e88-a8c3-619c3f95dce1-image.png] [image: 1732481904939-bbda0e24-58d8-484c-b538-dc7b43ad78ae-image.png] SITE B: MIKROTIK [image: 1732482053196-5d692e75-0ebe-4a90-a297-6944770da4e3-image.png] [image: 1732482077586-7bb9e00c-ba65-4c21-9bc2-48d1c9d75a53-image.png] Sorry for all the photos, but, it's to understand how the 2 devices were configured. Any help is welcome, I don't know what else to check or other configurations to try. Esxi has no rules on the internal switch. **thank you so much for all the advice already writed, and have a nice new week. ANDDD sorry for my English XD.** REGARDS

@peterzy thank you for your reply. In my case all the Mikrotik client devices are in the rural area, so maybe I can make the current VPN to work using UDP (this is the current config) and once I get access to the device I can change the config to TCP. If the device could get connected for a couple of hours for me that's enough. In this regards, could you please share the details about changing the PING settings so maybe I can get them connected temporaly. Thank you!

@PlanetToysUtah Is the CSO applied?? Please show the log.

I don't think I have misconfigured it, because the same configuration works fine on Ubuntu. So it should be a problem with pfsense. Does anyone have successful experience using DCO on pfsense?

@viragomann thanks buddy

@The-Party-of-Hell-No I tested its OK :-) thanks you!!!

@kprovost The speed difference is substantial with only having one enabled so much so I would say this would need a Redmine to only allow one to be selected at a time. Anyone else agree?

@rajukarthik So it's a question about the OpenVPN client app called "Tunnelblick " running on a device that not pfSense. Ask Tunnelblick ?! Or use the OpenVPN app, also available for MAC ?!