Anyone have an ideas? I think it might be a route issue, but I'm not sure since sometimes the connections go though and sometimes they time out.

ok firewall rules created by openvpn wizard vpn server settings created with vpn wizard vpn client vpn file created by export wizard

I will follow the instructions and let u know, thanks for your help.

@johnpoz I suppose in the final setup it wont be needed as this will be the only gateway, but at the moment I need it as it is not our primary gateway just yet. Thanks for your help on this anyway John.

Check out the following guide which explains quite well how to set up multiple OpenVPN client connections in pfSense: https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

glad to hear. sometimes the small details make the difference

You cannot route the servers public IP through the tunnel. That would mean the vpn tunnel would be routed through the tunnel itself. How should that work? Access the web server by its internal IP. Also you can setup a split DNS and provide it to the vpn clients. So the client get the internal IP when they try to access the web server.

im sure im done this wrong.. and not trying to get you mad.. just learning as i go and ok ill check out that stuff reason i put the block on is.. its below the NordVPN and doesnt that mean yes when NordVPN service is working it does that rule.. but if the NordVPN is offline it would skip that rule right ..or does it still keep that rule... as thats the reason i put that block below nordvpn incase the service would shut off then the rule gets skipped and goes to allow it.. because the last line is your Default Lan so when the NordVPN goes down.. i still can use the internet im just not behind it anymore... so thats how i thought it worked NordVPN up -----> all computers are behind vpn NordVPN goes down -----> blocks the 1 computer... ---->runs last rule that allows rest of the computers to access the internet... thought thats how those rules worked i have set.... as for the block of the tunnell here is the image but im sure i did it wrong.. but im trying and ill google the info you mentioned thanks so far[image: 1536417062747-openvpn5-resized.jpg]

This fixed my speed issues. In your open vpn client settings I added this to my custom options. My speeds went from 40Mbps, to 90Mbps. My ping times also went from 27ms to 20ms This was recommended from this thread. https://forum.netgate.com/topic/114212/aes-ni-cryptodev-openvpn-help-a-n00b-understand/23 fast-io sndbuf 524288 rcvbuf 524288

What are addresses VPN net and VPN address If you assigned an interface to the OpenVPN instance then set addresses and gateways on that interface you did it wrong. Why port forward at all? Why not just directly route to 192.168.0.5?

Hello okay i got it working now :)

If you have only a "private" RFC 1918 address, then you're out of luck. To set up a VPN, you need an address that you can reach from elsewhere. Those private address won't work for that.

Assign an interface to the OpenVPN instance in Interfaces > Assign. Then edit all you LAN firewall rules which allow upstream traffic, open the advanced options, go down to Gateway and select the gateway of the corresponding OpenVPN instance. Consider that rules with stated gateway only allow traffic passing that gateway. So if you also need access to other destinations like DNS on pfSense itself you have to add additional rules to permit that and put them to the top of the rule set.

Hi, LAN rules aren't important, as initial traffic goes out the LAN, not coming in. "VPN"(or, if absent, "OpenVPN" tab rules) rules are important : [image: 1536296684708-ef132e19-b33e-4ea1-8446-ed0be1b97912-image-resized.png] do you see the state counters going up ? And, as you didn't mention : some other little details, like the local LAN from where you run your Mac with Viscosity must be different as the remote LAN on pfSense with OpenVPN.

@viragomann Worked like a charm - thanks!

100+ users. Probably time to think about an alternate authentication scheme like LDAP or RADIUS.