Hello. Thank you very much. Let me see if I got it right.. The forum is blocked because i am redirecting all my traffic viabAirVPN and i should create a bypass rule? If that's the thing, how I do that? I was able to setup my system following guides butnI might lack a lot of theory... About advanced networking i am a newbie. Thank you

Glad you have it working now. -Rico

It works!! I think the error was the public IP, thank you !!!!

There is no limit for mesh or star. With lots of sites and traffic you just need beefy hardware. -Rico

Thank you very much for your help. I had to leave the office now...I will retry it on Monday and let you know. Thank you very, very much!

@johnpoz 1 - When I've tried in my LAN the latency is 1ms. In my land (switzerland) you have never ever more that 20ms. (if you have a fiber connection it's about 1 - 8ms). Now the thing is ... even if SMB is designed for LAN, I've a throughput of 8Mb... even when I'm streaming films from my server. So when I and a couple of friends are looking a stream at the very same moment.. that's fullfilled. I don't expect to have 1Gbps over VPN... but from 1Gbps to 8mb/s... it's a lot.

SOLVED thanks to another thread on this forum ..it was actually the VPN client configuration in that I had to check "Dont Pull Routes" which did the trick. Thank you!!

Ok, yeah. So if you add a pass all rule on the OpenVPN tab it will break traffic coming from location two across the load-balanced OpenVPN pair. You need to either assign the remote access OpenVPN server and add the rules on the new interface tab created. Or add rules on the OpenVPN tab that catch only the remote access users by specifying the source subnet. Steve

https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html -Rico

Assuming you have rules to allow it, login to the sever gui and check the OpenVPN tab in the firewall rules. Or the assigned interface tab if you have assigned the OpenVPN server as an interface. Steve

@trazom ???? The same way as you configured it. Fire up a browser and connect to pfSense. They're under Firewall > Rules.

@gertjan yes your onto it ;) yes its tun, "IPv4 Tunnel Network" ---> 10.10.77.0/24 Do you policy-route this 'call-in' network also ? ive tried to set it as follows.. Firewall / Aliases /IP Network or FQDN --->> 10.10.77.0/24 (OpenVPN) Firewall / Rules / LAN Interface (LAN) "also tried the openvpn here too" Source > Single host or alias "OpenVPN" Gateway is set the expresssvpn with that set like this, when the phone is connected, its works, but the internet connection is still show as my wan ip, and not the expressvpn ip

Yep, LAN net is double NAT'd - I'm now working with ISP for switching router to bridge. My net is: [image: 1551583408831-c15a2547-b459-4c5e-8722-b83f9f7cff6f-image.png] On VPS I have OpenVPN server + Zabbix (10.8.0.1). On pfSense I have Zabbix agent + proxy (10.8.0.2). Pfsense self-monitoring works fine (without proxy). I want to monitor some devices in LAN - 192.168.1.101. Now i've been stuck in settings - pinging LAN devices from OVPN interface is not work, but pinging pfsense LAN address works fine. UPD dev ovpnc1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-CBC auth SHA512 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 10.10.10.4 tls-client client lport 0 management /var/etc/openvpn/client1.sock unix remote <ip> 31194 ca /var/etc/openvpn/client1.ca cert /var/etc/openvpn/client1.cert key /var/etc/openvpn/client1.key tls-auth /var/etc/openvpn/client1.tls-auth 1 ncp-disable resolv-retry infinite route-nopull link-mtu 1601 remote-cert-tls server My goal is to set up Zabbix monitoring from VPS (IP 10.8.0.1) of devices on the LAN network (IP 192.168.1.101) through a proxy installed on pfSense router (IP 10.8.0.2). Now zabbix says "Timeout while connecting to "192.168.1.101:161"." In the diagnostics tab of the pfsense router in the ping section i can successfully ping pfsense itself: 192.168.1.1 from 10.8.0.2, but 192.168.1.101 from 10.8.0.2 fail: packages are lost somewhere

@eric-marshall I guess that was just way TL/DR. Sorry Guys.

Thanks for the info guys

@artware said in Only first IP connected have acces to network: Certificate are different In that case, you could switch to : [image: 1551452935790-3f385396-4483-40f0-a99b-7a9e484c020a-image.png] De-select Duplicate Connection. Firewall rules ?