It wasn't a pfSense problem but a FreeNAS one. I was run the OpenVPN client on a jail. Once I use the OpenVPN build in FreeNAS the problem has disappeared.

bump

No. I am getting same IP results with whatismyip.host and other  websites such as whatismyip.live I am using PureVPN and visited both websites. Here are the results: http://whatismyip.live  IP results: [image: Screen_Shot_04_19_18_at_03_27_PM.png] http://whatismyip.host results: [image: Screen_Shot_04_19_18_at_03_27_PM_001.png]

You need to: add all of the remote networks each site should be able to access to the Remote Networks at those sites be sure the OpenVPN firewall rules pass the necessary traffic into each firewall

U have show me that this setup must work and doesn't have any conflict, different instances. jimp I will jump into the setups, 1 site is not under our management only. I will go deep into the setup and let u know our progress. Thanks. :)

You can't use AirVPN gateway to monitor with dpinger. You need to use an external gateway. It used to work, but something has changed either from AirVPN side or from Pfsense since 2.3.x

Yeah I think I did it like that already but tried exactly like that and still doesn't work.

It's fixed on 2.4.4 snapshots. If you see that error, edit the firewall rule in question, pick the right protocol, then save/apply.

Sure , i will try that. Thanks a lot for your time..

@johnpoz: T-mobile went ipv6 only on their cells awhile back.. And there was a bit of a learning curve for their gateway from ipv6 to ipv4…  For a short time I had enabled a ipv6 instance of vpn so I could get in with my phone..  But they corrected their problem and I can now vpn in via ipv6 phone connection to my IPv4 IP on pfsense. Please can you elaborate what did you have to do on the pfsense side to get it working with tmobile ipv6. If I use my vpn server the phone shows my vpn ip for IPv4 but shows tmobile ipv6 address. Is it possible to change pfsense vpn server so that it offers ipv6 address too? What should be the ipv6 server address akin to 10.8.0.4 in IPv4?

Probably a host name. The provider needs to be free to change IP addresses without breaking everyone.

@viragomann: There's a bug in the wizard of the last stable version: https://redmine.pfsense.org/issues/8391 Edit the OpenVPN TardisHomeVPN rule on WAN and set the address family to IPv4 and select UDP protocol and save it. I edited the rule but same error. I just deleted it and made a new one from scratch. Now it works. Thanks

I am still fighting with StrongVPN. I have managed to get the tunnel up, inasmuch as I received the message: "Initialization Sequence Completed". I have read that this means that the handshake between VPN server and client is  OK. Immediately thereafter, however, the VPN bombs. Here is a log transcript. Might a good soul tell me what I am doing that is wrong? Thanks in advance! (Note that the newest entry is on the top.) Apr 14 20:07:01 openvpn 56391 SIGTERM[soft,exit-with-notification] received, process exiting Apr 14 20:07:01 openvpn 56391 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1546 10.8.0.86 10.8.0.85 init Apr 14 20:07:01 openvpn 56391 Closing TUN/TAP interface Apr 14 20:07:01 openvpn 56391 /sbin/route delete -net 10.8.0.81 10.8.0.85 255.255.255.255 Apr 14 20:07:01 openvpn 56391 TCP/UDP: Closing socket Apr 14 20:06:59 openvpn 56391 SIGTERM received, sending exit notification to peer Apr 14 20:06:59 openvpn 56391 event_wait : Interrupted system call (code=4) Apr 14 20:06:56 openvpn 56391 Authenticate/Decrypt packet error: cipher final failed Apr 14 20:06:47 openvpn 56391 Authenticate/Decrypt packet error: cipher final failed Apr 14 20:06:37 openvpn 56391 Authenticate/Decrypt packet error: cipher final failed Apr 14 20:06:36 openvpn 56391 Initialization Sequence Completed

Thank you … that solved it. I kept looking on the client export tab not the servers tab.

Another issue I found, could not connect for the life of me, following PureVPN steps and tips here, then spoke to support, turns out dedicated IP hosts dont work with OVPN, only PPTP / L2TP. As soon as I changed to one of PureVPNs "normal" public hosts it connected instantly.  Im using PF 2.4.3 with custom options in VPN client settings as below: verb 5; auth-nocache; remote-cert-tls server; comp-lzo a handy list of PureVPN servers –>>  https://support.purevpn.com/vpn-servers

Do these window servers use a different gateway? Or not set at all?  So they don't know how to answer. Screams firewall on them to be sure. What I would do to validate traffic is leaving pfsense towards the servers is sniff on this interface, assume its your lan where 192.168.20 network is.  And then say ping the server from remote client.  Do you see pfsense send the ping in the sniff.  If not figure out why not.. If is sending, and correct mac of the server - and your not seeing an answer then firewall on the server or for whatever other reason it does not want to answer.