@Ip: By "their" I suppose you are referring to the subnets … I'm refering to  Services > DNS Resolver  and  Services > DNS Forwarder You have to pick the interfaces they serve.

@haarweg: @jimp: https://forum.pfsense.org/index.php?board=69.0 ah, board more in a forum sense than in a hardware sense :). thank you. Were you able to test with a recent build of 2.4?  Looking for updated numbers on the apu2c4 if available. Looks like current OpenVPN throughput is ~ 71mbps from your tests using iperf which gives a more real-world number than just local raw benchmarks.  Has anyone seen higher on this hardware?

That's a very clear error message. Fix your network policy on the Windows server. It's a problem there, not a problem with pfSense.

I do not agree that ExpressVPN is an absolutely awesome service. I've been surprised when found it as one of the top rated VPNs. As for me, ExpressVPN is nothing more than a well-thought-out business plan for boosting their rating. I’ve tried to use it, but it did not impress me. There are many other services that provide multiple features and even discounts for their users. The site https://www.bestvpnrating.com helpes me to be informed.

@bienicc: LinxS, Just make sure you put IP subnet of both sites into "IPv4 Remote network" fields (on both site), that I think you are done already. What you need is to pay attention to firewall rule at both sites, whether it allow to ping each other or not. That resolved my issue, (after making sure I restarted my VPN service), Thank you for your help  :D Next I am going to implement SSL/TLS as it is more secure than shared key  :)

Thank you!

There should be an option for "inter-client communication" you can select in the server preferences.

Mine is working now too.. thanks a lot.  ;D @killmasta93: Thanks for the reply so i finally solved the issue while reading how OpenVPN works, OpenVPN uses this table [  1,  2] [  5,  6] [  9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118] Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2 so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6 ifconfig-push 192.168.90.5 192.168.90.6 iroute 192.168.1.0 255.255.255.0 Felt so silly after one week Now pfSense can ping DDWRT so at the end it was not  DDWRT issue Hope this helps someone else

Many thanks, jimp.  That works perfectly.  ;D

@jimp: A /30 makes no sense for remote access. OpenVPN's internal behavior changes significantly when using a /30 tunnel network, it's intended only for site-to-site VPNs. When using a /30 the server cannot push settings and it has several other limitations. Understood.  Thanks for the clarification.  I'll just use a /29.

https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses

Common Name - Interface Name -        Network    -        IP         LAN        -      PCILAN      - 192.168.1.0/24 - 192.168.1.1     VPN Clients  -        Dorm        - 192.168.0.0/24 - 192.168.0.1         WAN        -  OnboardWAN  -  10.90.13.0/24  - 10.90.13.224 (assigned to me not by choice)       PIA VPN    -          PIA          -  10.38.12.0/24? -  10.38.12.6    (assigned to me not by choice) Now that I typed that out I tried what you said and changed all the outbound OpenVPN rules to PIA and that fixed it. Thanks

anyone have a solution for this? I've got the same problem but I'm using Asus Merlin router instead of dd-wrt. I do have the IPv4 remote network setup right (include local and remote LAN IP).

@johnpoz: "UDP link remote: [AF_INET]10.10.2.1:1194" How and the F could you connect to a rfc1918 address?  Is your pfsense behind a NAT?  If so you can create firewall rules on its wan til doomsday and nothing will happen..  Is that your lan IP.. Why would you have pfsense openvpn listen on the lan interface? Current client of openvpn is 24.1 – what client are you using that is 11.5 ??? thank you John, i dont know what happens but after i rebooted the firewall and everything starts working. Thank you so much for your support

I think I already tried that… Oh well, I'll try it again. Actually, I've found an easier way. I've just moved something else to the IP I was trying to get the  VPN to work on, and moved the VPN back to the primary, all works now. :) Told you it was a blonde moment!

Much better. I am online now. Thank you. I removed the port forwarding and add the suggested IP monitor of 8.8.8.8 and 8.8.4.4 I did the the hybrid nat. See below. In firewall/nat/outbound, do I still need those four OpenVpn interfaces? [image: pf4.JPG] [image: pf4.JPG_thumb] [image: pf5.JPG] [image: pf5.JPG_thumb] [image: pf6.JPG] [image: pf6.JPG_thumb]