Don't do that. Set the assigned interface to "None" for IPv4 and IPv6. OpenVPN will manage the address internally, setting it there is messing it up.

please can you send YealinkOpenVPNGuide file one more time. thanks :-[

Don't believe the iPhone environment will allow that. There might be something that allows transfers but it has nothing to do with pfSense. Maybe someone else knows.

To all other readers: https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting  (Check (really check) everything there!!!!!) No, it is not possible. That host's routing table prevails. If that host happens to have some reply-to magic like pfSense does, then maybe. But that would be a subject for that host's support forum.

Hi gentlemen, not able to figure out so far… However my route table seems fine doesn't it ?  ??? Sure I'm not far from the end, seems so simple, did I miss something ? Thanks. [image: routes.png] [image: routes.png_thumb]

@joelones: EDIT: I just realized that there's a "IPv4 Local network" allowable networks field in the server configuration. Is that it? Yes, you have to enter the VLAN 10 network, 192.168.10.0/24 into the "IPv4 Local network" box. However, this field is not for allowing access, its just for pushing routes for network entered to the client. To block access from VPN clients to other networks you should restrict the firewall rule on OpenVPN interface to only allow access only to VLAN10.

I also see that the 'Connected since' time is ahead of the PFsense time. The time show correctly for the OpenVPN servers that are setup as 'remote access' Does anyone have a clue?

So just add 99.99.99.0/24 as a remote network on the OpenVPN at site 1. See also all the stuff above about reply-to and assigned interfaces at site 2. Pass the traffic on site 1 WAN that you want to pass such as tcp source any dest 99.99.99.1 ports 80 and 443 Make sure that traffic DOES NOT MATCH on the OpenVPN tab at site 2. It has to NOT MATCH there and match on the assigned interface tab.

Well this was fixed in the latest OpenVPN connect client on iOS (1.2.7) so we can start our bad habits again

I have a simillar issue on an x86 which I have posted about in the forum before. For me the issue is only certificate depth checking… have this issue on 3 VMs. Anyone taking notice of this? Best regards, V

I fixed the issue. From memory I had to create a BRIDGE interface between my MGMT VLAN interface and OpenVPN TAP interface and remove the assigned IP from the MGMT VLAN interface and assign it to the BRIDGE interface. I now use a tun routed setup though.

Amazing what a little "light" reading can do for you, that and stepping away from it all when your eyes feel like they have sand in them. Opted to restore my pfsense install from a period before I started trying to hide my traffic. Worked great. Then I followed a more recent DIY to install openvpn and PIA, and what do you know, it freaking worked. I even went to a bunch of dns leak test sites, and voila, NO MORE DNS LEAKS! My traffic is protected from prying eyes, and my children can't see things that they won't forget by using pfblockerng However, this leaves me without the ability to remote into my pfsense box from work. Another project for another day!

Does this help ?  https://openmaniak.com/openvpn_static.php