Post a screenshot of your rules so we can see what you've done.

It might be best for you to leave them at their defaults unless you have a specific reason for changing them. Some say that compression isn't required at all. This was an interesting read that talks a lot about compression and its effects:

https://hamy.io/post/0003/optimizing-openvpn-throughput/

Yes, of course !

That's normal. Those routes are internal to OpenVPN (iroutes) which is explained in the text on the fields in the overrides.

If you want the subnets to be routed into OpenVPN in the routing table you need to enter them as IPv4/IPv6 Remote Network(s) entries on the server, not in overrides.

In Peer to Peer ( SSL/TLS ) mode i have tried add "keepalive 2 5" in Custom options on Server side (if type high values, it did not help in client reconnection, but on client reboot higher values works, it's important that keepalive was lower, than client reconnection time take), and seems that it helps shows correct link state on Server side.
Seems that client make "reconnection" very fast, that Server status did not catch new connect in default pfSense's "keepalive 10 120" or something look like this.

This is a pfSense forum. I have no idea about OpenWRT's ipchains rules or whatever they are, sorry.

This is the solution that worked

Get the username under: System > User Manager. It's the common name. VPN > OpenVPN > Client Specific Overrides Click Green plus Under Advanced enter the static IP: ifconfig-push 192.168.2.99 255.255.255.0; Firewall -> Rules -> OpenVPN Add rule with Action "Pass" on Interface "OpenVPN" Enter "Source" as the IP address 192.168.2.99 Enter "Destination" as the IP to grant access, such as 192.168.1.53 Set Port to MS RDP 3389 Save Add another rule with Action "Block" and Interface "OpenVPN" Set source to the VPN static IP: 192.168.2.99 Destination is set to "any" Save Make sure the "Pass" rule you added is above the "Block" rule

Yeah I'm aware, I'm only asking if you guys know about it. :)

I managed to solve this but the mobiles still don't connect through the tunnel, does anyone have a good idea?

You need to go to the Certificate Manager and add your VPN's CA certificate authority cert there first. Make sure you set the Method to Import an existing Certificate Authority. Paste your CA cert under Certificate Data then Save. The cert includes the starting and ending dashes so make sure to include those.

Now you can run the wizard under VPN - OpenVPN - Clients. Most fields are self-explanatory. Go through it and see what happens. Come back if you have questions or problems.

Sure, come back when you've got a config you can reproduce the problem with.

Just some hints to tie things down a little.. You can easily make your tunnel network a /30 or (/29 if more than one remote address is needed) for just one laptop doing a roadwarrior setup such as that.

Then on your OpenVPN firewall rule make "source" the same as your tunnel. 10.0.0.0/30 /29 ect..
Make destination your local LAN if you only have one local subnet to worry about.

It is most likely absolutely safe to leave it as is but if your inclined to worry or just want to tinker more.. this is an option for you. ✌

Good luck!

correct, you put the ip of your preferred dns resolver, aka ip of the pfsense in your case
don't forget to press thumb up if it was useful

It appears that was the issue having only one NIC, a box with 2 NICs on different submets connects and pings fine but now I've ran into the problem that it doesn't have a great throughput tried both OpenVPN and IPSec but packets over 50kb fail on pings.

@jakes said in BUG: OpenVPN client configs being overwritten:

loading with the correct information initially, but then flash quickly gets repopulated/overwritten from values from the 1st

That has to be the browser doing it then. Maybe an add-on/extension which is active in both regular and incognito mode.