[image: 1571140985899-port_forwards_pfsense_openvpn_clients.jpg] [image: 1571141153637-port_forwards_pfsense_openvpn_clients_wanewe.jpg] Hi Viragomann, thats already done. See screenshot. Port Forward was created for every singline wan interface.

@Derelict If you could also answer my other (new) question here: https://forum.netgate.com/topic/147323/openvpn-the-clash-of-gateways Thank you very much,

Thanks

Thanks again. I did it like that. No clue if it works as I cannot drop a line currently (off-site), but I see packets going to the server quite happily. So, the last rule in client's OpenVPN set is a pass rule that uses the gateway group (which has both ovpn IFs). On the server side I will reduce to one OpenVPN server only, bind this one to the localhost and create one NAT on WAN 1 and another on WAN 2 both pointing to the localhost:ovpn-port. I will do the same for road warriors and on the clients I will add the "remote ..." line.

Oct 14 10:01:52 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/182176] Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:52 openvpn 30979 TLS: tls_process: timeout set to 29 Oct 14 10:01:52 openvpn 30979 ACK reliable_send_timeout 32 [1] 0 Oct 14 10:01:52 openvpn 30979 ACK reliable_can_send active=1 current=0 : [1] 0 Oct 14 10:01:52 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53 Oct 14 10:01:52 openvpn 30979 UDPv4 write returned 42 pid=0 DATA Oct 14 10:01:52 openvpn 30979 I/O WAIT status=0x0002 Oct 14 10:01:52 openvpn 30979 event_wait returned 1 Oct 14 10:01:52 openvpn 30979 PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a2710 Oct 14 10:01:52 openvpn 30979 I/O WAIT T?|T?|SR|SW [1/182176] Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:52 openvpn 30979 PO_CTL rwflags=0x0003 ev=5 arg=0x006a2710 Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:52 openvpn 30979 TLS: tls_process: timeout set to 29 Oct 14 10:01:52 openvpn 30979 ACK reliable_send_timeout 32 [1] 0 Oct 14 10:01:52 openvpn 30979 Reliable -> TCP/UDP Oct 14 10:01:52 openvpn 30979 ENCRYPT TO: 278fa682 9edc8f08 026fc28e 4882d4aa c26a90da 00000005 5da47fb1 38c6a29[more...] Oct 14 10:01:52 openvpn 30979 ENCRYPT HMAC: 278fa682 9edc8f08 026fc28e 4882d4aa c26a90da Oct 14 10:01:52 openvpn 30979 ACK reliable_send ID 0 (size=4 to=32) Oct 14 10:01:52 openvpn 30979 ACK reliable_can_send active=1 current=1 : [1] 0 Oct 14 10:01:52 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 14 10:01:52 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53 Oct 14 10:01:52 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:52 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:52 openvpn 30979 event_wait returned 0 Oct 14 10:01:51 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/182176] Oct 14 10:01:51 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:51 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:51 openvpn 30979 RANDOM USEC=182176 Oct 14 10:01:51 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:51 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:51 openvpn 30979 event_wait returned 0 Oct 14 10:01:50 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:50 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:50 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:50 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:50 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:50 openvpn 30979 event_wait returned 0 Oct 14 10:01:49 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:49 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:49 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:49 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:49 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:49 openvpn 30979 event_wait returned 0 Oct 14 10:01:48 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:48 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:48 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:48 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:48 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:48 openvpn 30979 event_wait returned 0 Oct 14 10:01:47 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:47 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:47 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:47 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:47 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:47 openvpn 30979 event_wait returned 0 Oct 14 10:01:46 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:46 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:46 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:46 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:46 openvpn 30979 SENT PING Oct 14 10:01:46 openvpn 30979 TLS Warning: no data channel send key available: [key#0 state=S_PRE_START id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] Oct 14 10:01:46 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:46 openvpn 30979 event_wait returned 0 Oct 14 10:01:44 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:44 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:44 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:44 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:44 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:44 openvpn 30979 event_wait returned 0 Oct 14 10:01:43 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:43 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:43 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:43 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:43 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:43 openvpn 30979 event_wait returned 0 Oct 14 10:01:42 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:42 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:42 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:42 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:42 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:42 openvpn 30979 event_wait returned 0 Oct 14 10:01:41 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/54866] Oct 14 10:01:41 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:41 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:41 openvpn 30979 RANDOM USEC=54866 Oct 14 10:01:41 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:41 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:41 openvpn 30979 event_wait returned 0 Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:40 openvpn 30979 MANAGEMENT: Client disconnected Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0040 Oct 14 10:01:40 openvpn 30979 event_wait returned 1 Oct 14 10:01:40 openvpn 30979 PO_WAIT[1,0] fd=6 rev=0x00000011 rwflags=0x0001 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=6 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:40 openvpn 30979 MANAGEMENT: CMD 'state 1' Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0040 Oct 14 10:01:40 openvpn 30979 event_wait returned 1 Oct 14 10:01:40 openvpn 30979 PO_WAIT[1,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=6 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:40 openvpn 30979 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0040 Oct 14 10:01:40 openvpn 30979 event_wait returned 1 Oct 14 10:01:40 openvpn 30979 PO_WAIT[1,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:40 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:40 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:40 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:40 openvpn 30979 event_wait returned 0 Oct 14 10:01:39 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:39 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:39 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:39 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:39 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:39 openvpn 30979 event_wait returned 0 Oct 14 10:01:38 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:38 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:38 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:38 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:38 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:38 openvpn 30979 event_wait returned 0 Oct 14 10:01:37 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:37 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:37 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:37 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:37 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:37 openvpn 30979 TLS: tls_process: timeout set to 15 Oct 14 10:01:37 openvpn 30979 ACK reliable_send_timeout 15 [1] 0 Oct 14 10:01:37 openvpn 30979 ACK reliable_can_send active=1 current=0 : [1] 0 Oct 14 10:01:37 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 14 10:01:37 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53 Oct 14 10:01:37 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:37 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:37 openvpn 30979 event_wait returned 0 Oct 14 10:01:36 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:36 openvpn 30979 TLS: tls_process: timeout set to 16 Oct 14 10:01:36 openvpn 30979 ACK reliable_send_timeout 16 [1] 0 Oct 14 10:01:36 openvpn 30979 ACK reliable_can_send active=1 current=0 : [1] 0 Oct 14 10:01:36 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53 Oct 14 10:01:36 openvpn 30979 UDPv4 write returned 42 pid=0 DATA Oct 14 10:01:36 openvpn 30979 I/O WAIT status=0x0002 Oct 14 10:01:36 openvpn 30979 event_wait returned 1 Oct 14 10:01:36 openvpn 30979 PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a2710 Oct 14 10:01:36 openvpn 30979 I/O WAIT T?|T?|SR|SW [1/44554] Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:36 openvpn 30979 PO_CTL rwflags=0x0003 ev=5 arg=0x006a2710 Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=a971a731 2b3e83cf, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Oct 14 10:01:36 openvpn 30979 TLS: tls_process: timeout set to 16 Oct 14 10:01:36 openvpn 30979 ACK reliable_send_timeout 16 [1] 0 Oct 14 10:01:36 openvpn 30979 Reliable -> TCP/UDP Oct 14 10:01:36 openvpn 30979 ENCRYPT TO: 11167a31 f2051088 ad09eca3 67be345f 8a5759f6 00000004 5da47fb1 38c6a29[more...] Oct 14 10:01:36 openvpn 30979 ENCRYPT HMAC: 11167a31 f2051088 ad09eca3 67be345f 8a5759f6 Oct 14 10:01:36 openvpn 30979 ACK reliable_send ID 0 (size=4 to=16) Oct 14 10:01:36 openvpn 30979 ACK reliable_can_send active=1 current=1 : [1] 0 Oct 14 10:01:36 openvpn 30979 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 14 10:01:36 openvpn 30979 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c6a2969e 7023d331, stored-sid=00000000 00000000, stored-ip=[AF_INET]172.94.7.2:53 Oct 14 10:01:36 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:36 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:36 openvpn 30979 event_wait returned 0 Oct 14 10:01:35 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:35 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:35 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:35 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:35 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:35 openvpn 30979 event_wait returned 0 Oct 14 10:01:33 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:33 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:33 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:33 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:33 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:33 openvpn 30979 event_wait returned 0 Oct 14 10:01:32 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:32 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578 Oct 14 10:01:32 openvpn 30979 PO_CTL rwflags=0x0001 ev=5 arg=0x006a2710 Oct 14 10:01:32 openvpn 30979 TIMER: coarse timer wakeup 1 seconds Oct 14 10:01:32 openvpn 30979 I/O WAIT status=0x0020 Oct 14 10:01:32 openvpn 30979 event_wait returned 0 Oct 14 10:01:31 openvpn 30979 I/O WAIT T?|T?|SR|Sw [1/44554] Oct 14 10:01:31 openvpn 30979 PO_CTL rwflags=0x0001 ev=4 arg=0x006a1578

Thank you! That definitely pushes me in the right direction. I'm going to rebuild today!

Dear pfSense friends, Unfortunately I found this https://github.com/davidemyers/algo-pfsense saying "pfSense does not officially support the ECDSA certs created by Algo, but they do work when you choose Mutual RSA when creating the Phase 1. You may not be able to install ECDSA certs on pfSense versions older than 2.4." which relates to IKEv2, but not to OpenVPN. I read controversial stuff ECDSA vs RSA about security and speed. Shall I stay with RSA ? If yes, why is ECDHE anyway used whatever I enter in the DH parameter ? Many thanks ! and cheers chulio.

@viragomann got it and now my issue is resolved thanks.

I can push routes and other config parameters via the server, frustrating that this isn't one of them;/ My remote user base is about 40, if I had 100's I'd be very unpopular.

@johnpoz Yeah, I noticed. Originally I didn't save it directly on the forum because of the 2MB limit. But I tell you, I fixed it on the server adding a white background and flattening the PNG. Maybe you weren't getting it because Cloudflare caches things requested frequently--or maybe the browser, Chromium-based browsers in my case are always seem to be ignoring stuff, for instance: I cannot log in with smart cards to vCenter because it wouldn't kill the session while other browsers do. It would've eventually updated itself. I was already getting it with the white background. Thanks anyway, I won't post transparencies again, lesson learned.

Got it sorted out. As I thought it was a simple fix to a major headache, in the client config all that is needed is to add the "Float" line to the end of the configuration. Now it shows as routing traffic through the server and no more errors in the status log.

No access to pfS at the moment but on client side add float to the config. Could be a checkbox too in CSO. See --float in manual 2.4: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

Add a REJECT Rule on your LAN Interface with Destination "This Firewall" and your OpenVPN Port. Place the Rule on top of your LAN - allow any Rule. -Rico

@viragomann said in Access LAN via OpenVPN Server and pfSense OpenVPN Client: So I assume, pfSense is the default gateway on the LAB network. Yes right, all network traffic of the LAB pass throught the pfSense. Thanks very much for the answer @viragomann !! I'll try all that asap and tell you if it worked or if I've other questions !

You have to forward OpenVPN packets on your ISP router to the pfSense WAN IP. The pfSenes WAN address should be static. Configuring an OpenVPN Remote Access Server If your public IP from your ISP isn't static, you will have to use a dynamic DNS service to have a static FQDN, which you are able to connect to from outside. The DDNS update should be done by the ISP router if possible. If it doesn't support that you may do it on pfSense, you can run a cron job with a short interval for that.

@Derelict said in OpenVPN Site to Site with 3 locations: Sort of. They would need to each be on the proper server going to that site. I did misspeak that... The A-B link would be "remote networks" 192.168.2.0/24 on the A side and The A-C link would be "remote networks" 192.168.5.0/24 on the A side. But since I apparently need new glasses I missed the part where the OP said he had those links working... DOH!

@jeff3820 said in Optimize OpenVPN connection: set to BSD Cryptodev engine. In the Pfsense Advanced/Misc settings the cryptographic hardware is set to AES-NI and BSD Crypto Device Disable both. Try playing with different values for snd/rcvbuf. Also, can play with --txqueuelen n See manual 2.4: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Above settings apply to server and client separately.

So you may already have assigned interfaces to the OpenVPN instances on both sides. Deactivate all firewall rules on the OpenVPN tabs if you don't need them for other purposes and add rules to your VPN interfaces with limited access. Remember that the OpenVPN tab is handled as an interface group including all OpenVPN instances running on pfSense. For the IP range 172.16.0.200 - 172.16.0.210 in your example you can add an alias and use this in the filter rule as source.