@thenarc Thanks for trying anyway. Yeah, watching the CPU usage was one of the first things I tried and it definitely isn't a problem as far as I can see, not even close. I'll keep trying different configurations, but if you or anyone else thinks of something then do let me know and I'll owe you a beer :-)

Sorry, it was an idiotic error on my part. I was using the wrong .ovpn file. Problem solved!

No, iroutes are not needed in that mode.

@bcruze said in Connecting to AirVPN with OpenVPN and Gateway issue: https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ i learned ALOT by reading and following this guide. there are still things to uncheck but you have to read the entire thread. my connection has been 100% stable if i just stop tinkering. good luck Airvpn is a great provider (tunnel settings uncheck BOTH that you have checked) you can also type IFCONFIG at the diag > command prompt and your tunnel interface gateway will be listed towards the bottom.. Alright, ill check this out thanks. @rico said in Connecting to AirVPN with OpenVPN and Gateway issue: With 0.1ms RTT I don't think you are Monitoring the other Tunnel Side (VPN Provider). -Rico I thought this was strange also, considering my local ISP gateway was 8.9ms and 2.2ms

Firewall rules - lan- add each of your devices (assign a static up to then from dhcp lease page). Anyways add them again to the above then change the gateway to your vpn gateway If you don’t have another gateway your vpn isn’t setup properly... my setup like this has been working for years! Pfsense is an amazing firewall

I have found some more. This is apparently a known issue that is caused by changing the Monitor IP on an OpenVPN-Interface. Here is the bug report: https://redmine.pfsense.org/issues/8142 And here the discussion linked in the report: https://forum.pfsense.org/index.php?topic=138608.msg764734#msg764734 The issue is still present in 2.4.3-RELEASE (amd64). The only workaround I have found without resetting the system was to change the subnet of the Ubuntu OpenVPN-server to something different than x.x.x.0/24. x.x.x.0/24 seems to be forever blocked by the non removable route. If anyone has any updates in that regard, I would be highly interested, so please let me know! Kind regards, Holger

In the OpenVPN client settings check "Don't pull routes" to avoid to get pushed the default route by the VPN servers. Assign interfaces to each client instance and enable the interfaces. Edit the firewall rules on your LANs which are allowing the upstream traffic, expand the advanced options, go down to Gateway and select the appropriate gateway. In System > Advanced > Miscellaneous check "Skip rules when gateway is down". Consider that firewall rules with stated gateway allow traffic passing that gateway solely. So you will need separate rule to permit internal access it you need, for instance DNS to the pfSense interface.

@derelict Thanks Derelict. I will have a further look into it. It seems I cannot replicate this issue anymore, but not much has changed. I will return if I manage to figure it out. Thanks

There is usually no reason to use push route commands any more. Put the network in the Local Networks field instead.

@derelict I will try to post the network diagram. We are using two Devices at the Remote sites: An Intel NUC running custom data acquisition software which periodically publishes messages to the MQTT Broker at the central site . It initiates the OpenVPN channel to the central site via the 4G cellular wireless router. There is a power controlling/monitoring device at the site which has a web and SNMP interface. We need to occasionally check or reconfigure that from the central site. We would like to SSH into that device from the central site across the OpenVPN tunnel. All of this palava comes about because of the "carrier grade NAT" at these Remote sites, which means we don't have static IP addresses and DynDNS doesn't work so we need to open the comms channel from that end.

Hi Folks I tore the entire system down and redid it from scratch from the actual manual. This time it worked . So not sure what I missed but all is good now. Thanks for your input.

RESOLVED! The problem was the MTU of VPN! I had MTU 1500 but max of my openvpn machine was 1472. I add mssfix 1420 fragment 1472 mtu-test to openvpn client config and all works! Thanks!

@jimp said in OpenVPN - Connected Since time is wrong: What time zone did you select? Looks like you used one of the GMT offset zones which really shouldn't be used. Pick a geographically named zone and restart things again. Thanks I changed to Europe/London and it seems to be working well for now :)

@johnpoz Are you sure it is secure ? :) You mean register from DHCP ? Yes I do

Anyone have an ideas? I think it might be a route issue, but I'm not sure since sometimes the connections go though and sometimes they time out.

ok firewall rules created by openvpn wizard vpn server settings created with vpn wizard vpn client vpn file created by export wizard

I will follow the instructions and let u know, thanks for your help.