@wmcneil Ok then, the important thing is to have a pf working dns.
Just remember not to block access to dns with rules.

[SOLVED]
I'm going to resume the steps to help others:

Clean installation of PfSense

Add OpenVPN server in manual mode, not Wizard

Try to connect a client and take a look at inbounds connections at firewall, select the rule to the 1194 port and Permit it.

Modify the rule to allow any host to connect to the server

That's all, at least for me. I have the OpenVPN server working and clients can ping a host through a second router behind PfSense.
I hope it helps!

Thank you very very much! special thanks to netblues without whom this wouldn't have been possible.

Thanks!

@powerextreme

Filtering with OpenVPN

When the OpenVPN interface is assigned, a tab is present under Firewall > Rules dedicated to only this single VPN. These rules govern traffic coming in from the remote side of the VPN and they even get the pf reply-to keyword which ensures traffic entering this VPN interface will exit back out the same interface. This can help with some more advanced NAT and configuration scenarios.

Note

Rules added here are processed after the OpenVPN tab rules, which are checked first. In order to match the rules on an assigned VPN tab, the traffic must not match any rules on the OpenVPN tab. Remove any “Allow All” style rules from the OpenVPN tab and craft more specific rules instead.

Hello everyone, i think i found the solution for this. I will try to use the Mikrotik as the loadbalancer of the 3 Wan connections and pfsense as the lease handler as my initial setup is. Although i am going to physically Bypass the Mikrotik router, connect the second Wan interface of my pfsense directly to my service provider main router. This second Wan would act as the link for Openvpn only and not a gateway to the Lan clients on the pfsense box

@bomburly Even my plex server is capping video quality at 712kbps.. And this is through the PLEX app without the openVPN server active.

It seems like a pfsense issue or maybe even a unraid issue?

@pwnell You are welcome.

@pfStew

Just think of the VLAN and VPN as 2 separate interfaces and set up routing and rules accordingly. The fact that they're a VLAN and VPN is irrelevant. as they both provide an IP connection.

What type of OpenVPN are you running exactly with pfSense? S2S, RAS, Client?
Maybe you can share some bit of your configuration.

-Rico

A server configured that way (non default) will be hard to "import" into pfSense.

Yes, you can use them like you would do with Multi WAN.
https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html
https://www.netgate.com/resources/videos/multi-wan-on-pfsense-23.html

-Rico

Already done this on the SITE2 (VPN Client) but still no working

Capture1.PNG

Addendum: you could try running your script with the up, up-restart etc hooks. Perhaps that also needs script-security 2 to be enabled, I'm a bit vague on that :) But if it does, it will say so in the logs.

The up trigger keyword in your client config should run your script with info like

You don't have the same sort of variables at your disposal as on the server side though. Check

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4

for the exact ones :) (search for bytes_received for examples)

Got it, thanks for all the help!

@JKnott @netblues - thank you so much for jumping in

The issue I had was basically that I was able to connect from the internet over the vpn to my home network but I was not able to reach any LAN devices by using their hostname, only IP.

I basically removed the entire OpenVPN setup and started from scratch (also since I in the meantime moved to a dual WAN setup). I also updated the firmware of my SG-3100. Now everything works as expected - perhaps something was wrong in my config (I reconfigured using the Wizard) or perhaps the reboot of the pfSense box did the trick... I truly don’t know... But I’m happy it works now!

@JeGr yes my goal was if PIA goes down no traffic leaves my network. I used the settings pia gave me and it works, I have tested it a few times. Also I have added it port 1194 not to be block so pia can reconnect and I blocked any rougue DNS service from running.

@ThreeEyedFish said in Can't connect Ipad Pro to OpenVPN. How do I troubleshoot?:

Hi, your iPad (actually, the VPN App) is telling you that XXX.XXX.XXX:1396 doesn't reply.
Your OpenVPN server on pfSense tells you : no one is connecting right now.

Do you have a firewall rule on your WAN that permits incoming connections "from everywhere" to port 1139, using protocol UDP ?
Do you have a router in front of your pfSense ? In that case, the same firewall rule (NAT rule this time) should be placed on this router.

Btw : the OpenVPN server log lines you showed are traces of the GUI questioning the OpenVPN server for connections every 60 seconds.

@robpur There is no reason for the one export method not to work versus the other. Most probably some typo.. Anyway if it works...