Some results with the 4690K. After a while of repeatedly switching servers, I started having problems running the test.

edit Results updated and sorted by number of servers (smallest to largest), then download speed (largest to smallest).

b5536258-f69f-4a59-99a5-faecde971092-image.png

So a option could be to use one machine for your regular stuff, working, steam, netflix, ... and another machine for anything you want to exit out the VPN by source IP, torrent and websites you browse with this machine.
This second machine could be either physical or virtual.

-Rico

Firewall (think windows firewall) on the client blocking the traffic?

Pretty much everyone who uses a Mac and wants OpenVPN to work buys a copy of Viscosity.

Probably a good time to run a 30-day trial.

Just sayin'.

@mare said in Connection reset when using OpenVPN:

(which is a primitive embedded device and can not use OpenVPN).

So... What does that have to do with natting and port forwarding?

If this 10.0.8.2 device is running openvpn.. You do not have to NAT you would route..

Check the OpenVPN Routing table in Status > OpenVPN
And give it a try with CSOs.

-Rico

For the record: I neglected to include this:

OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 22 2019

2019-05-26 20:02:35.129809 library versions: OpenSSL 1.0.2r 26 Feb 2019, LZO 2.10

Tunnelblick: macOS 10.14.5; Tunnelblick 3.7.9 (build 5320)

That is just you killing the process when reconfiguring which terminates and restarts the client process. You are interrupting the system call that is listening for traffic when you give it the SIGTERM signal.

The more-telling log entries are the Inactivity-timeout entries. I'd be sure that 171.25.221.131 is actually receiving your traffic on UDP/1194, the TLS keys match, etc..

Checking OpenVPN staus, I get Bad compression stub (swap) decompression header byte: 42. My settings are right.

https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configuring-a-site-to-site-pki-ssl-openvpn-instance.html
https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-ssl-tls.html
https://www.netgate.com/resources/videos/site-to-site-vpns-on-pfsense.html

And you need a Port Forward on OpenVPN Server side B on Mikrotik (OpenVPN server Port to pfSense).

-Rico

@viragomann said in Remote Client VPN can't traverse site-to-site VPN:

Additionally add the access servers tunnel network to the "Remote network/s" in the s2s settings on site2.

That was it. Whoops. Adding 192.168.3.0/24 to Site2's site-to-site "Remote Networks" did the trick. Feeling a tad silly that I missed that .. multiple times. Appreciate the help!

@WereCatf Hi! What did you do?

Hi zwierzu85 and joao.eduardo
Me too ! how are you resolved this problem ?? Please help me !?

I am having a very similar issue, I remeber not setting the link-mtu. Hope this works for me too.
--edit--
my issue was the internal service was blocking with its firewall rules.

@curtisgrice thanks again!