@jingles
You just want to review that section and verify that traffic matched on that rule is being routed thru the default gateway instead of the VPN gateway.

@skilledinept

https://forum.netgate.com/topic/131539/how-to-restart-openvpn-in-a-script/5?_=1610913942448

I finally get it to work!!

It was a problem with a configuration of an IPSec tunnel that I had previously on one end.

It turns out that although it was disabled, it has configured the subnet 10.0.18.0/24

So I assume that this configuration is not supported and having the same subnet on these different services could cause the issue.

Thanks @viragomann for your help :) I really appreciate mate

a2bf89a8-7362-47b3-b3d2-742cc7070184-image.png

@netblues That would be the issue. It is strange that the entire config worked without the semicolons until I added those lines. Nevertheless, it appears to be working normally now. Thanks.

@viragomann Tnx for your help in trying to get this sorted. There was an additional layer to this problem which was as @NogBadTheBad stated the pfsense server is a VM.

Long story short once we had rolled out a new OPENvpn server and chosen Automated NAT rules the connection is working and as we wanted all traffic is being routed via the VPN tunnel :)

Unknown adapter OpenVPN TAP-Windows6:

Connection-specific DNS Suffix . : paacvpn
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-A3-2E-4B-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::419:140e:1684:a44b%17(Preferred)
IPv4 Address. . . . . . . . . . . : 10.3.200.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 15 January 2021 16:43:21
Lease Expires . . . . . . . . . . : 15 January 2022 16:43:21
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.3.200.254
DHCPv6 IAID . . . . . . . . . . . : 285278115
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-52-C3-D6-1C-1A-DF-B0-ED-33
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\WINDOWS\system32>ping google.com

Pinging google.com [216.58.198.174] with 32 bytes of data:
Reply from 216.58.198.174: bytes=32 time=25ms TTL=117
Reply from 216.58.198.174: bytes=32 time=24ms TTL=117
Reply from 216.58.198.174: bytes=32 time=27ms TTL=117
Reply from 216.58.198.174: bytes=32 time=25ms TTL=117

Ping statistics for 216.58.198.174:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 27ms, Average = 25ms

C:\WINDOWS\system32>tracert google.com

Tracing route to google.com [216.58.198.174]
over a maximum of 30 hops:

1 25 ms 24 ms 26 ms 10.3.200.1
2 22 ms * 24 ms 95.154.192.1
3 25 ms 23 ms 26 ms 109.169.17.190
4 25 ms 24 ms 22 ms po201.net2.north.dc5.as20860.net [84.22.173.154]
5 26 ms 24 ms 23 ms be256.asr02.dc5.as20860.net [130.180.203.7]
6 40 ms 25 ms 22 ms be256.asr01.ld5.as20860.net [130.180.202.46]
7 26 ms 25 ms 24 ms 72.14.219.214
8 24 ms 24 ms 24 ms 108.170.246.129
9 38 ms 34 ms 23 ms 108.170.232.97
10 25 ms 23 ms 25 ms lhr25s10-in-f14.1e100.net [216.58.198.174]

Trace complete.

So thanks for your patience in trying to guide me to a solution.

All the best!

@viragomann I can access the destination when I use other OpenVPN client machines (including windows and android), so it is not a permissions things.

@pfsenseuser2020 Edit your OpenVPN server and scroll down to the Advanced Configuration section. You add reneg-sec 36000 to the Custom Options field.

@pfsenser_ca said in OpenVPN client fatal error:

Our OpenVPN client is set to use "BSD cryptodev engine" currently

This is definitely not a problem, at least I never met that (we have 100 - 120 OpenVPN clients- with BSD crypto)

Try even these steps:

NCP disabling (if it is checked)

cipher change AES-256-GCM (GCM is faster and safer anyway, in principle)

a2491c83-bc56-4fbe-86bc-87945afd831b-image.png

@aperez said in Slow certificate-related pages:

200 certificates and 20 revoked certificates

Yeah, that one is known. Admins start to become red if certs have to be revoked. This is just another reason.
Glad you know why now.

If your trying to use ovpn file with openvpn on centos.. That is not the way you do it ;) So yeah your going to have problems..

Something like this would be more like it
openvpn --config client.ovpn

Let the user get the latest OpenVPN version:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos

@leonardo-fernandes You are my hero. Thank you very much. My OpenVPN with AWS works perfectly now

@viragomann
That works as expected! Thanks a lot!
Now I have another problem -> new thread.

It's a UDP tunnel fyi, not TCP

@johnpoz Wow...I was staring right at it. Regardless, thanks for the fast reply...will simplify the needed editing.

Thanks again!