If pfSense is the default gateway response packets should correctly be routed back. Check if the server block the access by their own firewall. To ensure what's going on, you can sniff the traffic on pfSense in Dignostics > Packet capture. Select the interface which the servers are connected to, set other filters if you want and start the capture. Try to access the server from the vpn client and stop it to see the packets. You should at least see the requests, since pfSense should pass it, cause the wizard sets an allow any to any rule.

I solved the problem. The gateway setting on the CMC and iDRAC was misconfigured with the wrong IP address. They were all configured with 10.0.0.254 as the gateway, I corrected it to 10.0.0.1 and everything started working properly.

What did you change in the new config? Your certs, port numbers, ip addr/ddns must be the same. - if the old exports still work. Check log files for OpenVPN, increase verbosity if necessary. What do you see & how does it relate to your changes?

I use windows client pretty much every day all day from work to my house… Never have any issues... RDP to my home boxes all the time, etc etc.. This really is clickity clickity through the wizard done.. I would change your compression to adative - you seem to be hard setting it with this "compress lz4"

hi,i resolved the problem,its the modem who has blocked the cnx on the vpn server ,now its work. bue another question please,should i change the encryption to ssl or even with shared key its securised a lot .

To dynamically route like that you need some kind of routing protocol on both ends, such as OSPF or BGP.

The OP has already enabled that. There is no bug. "WebCfg - Status:Services" is required since you are accessing a Service from a Status page.

Well if you set yours to AES-256-CBC and the remote wants blowfish, I don't know what adding the exact same configuration option manually is going to change. But if it works for you, great.

Did you use the wizard to setup OpenVPN? Are the rules in right order? Do you have a static or dynamic ip from your ISP ? Are you hitting the right IP?

I got the Inline config to export by unchecking the MS certificate storage option. I then ran openvpn –config pfSense-blah-blah.ovpn from the command line as root, and it worked. I was afraid I'd kill my Windows clients' ability to connect by unchecking the MS cert option, but at least one still appears to be functioning. My remaining difficulty involves configuring the Fedora 27 VPN GUI. Using it from the command line works, but requires a few extra steps and a root password to complete the connection. I've tried configuring the GUI several ways, but none of them seem to work. Probably need to post in a Fedora or OpenVPN forum, but if anyone here knows I'd appreciate your input.

@viragomann: You have to set up a client specific override for each client. This only works with SSL Auth. At "Common Name" enter the common name you've set in the clients certificate. At "IPv4 Local Network/s" enter the LAN network behind the server and the LAN behind the respective other client, in the "IPv4 Remote Network/s" box enter the LAN network behind the meant client. All networks in CIDR notation and comma separated. YOU ARE A LIFE SAVER!!  All I did was change to peer to peer SSL/TLS, added net info into remote nets, and the client specific entries.  And it worked!  A to B, B to C, and A to C.  3 Way VPN!  Thanks brother!!

For what it is worth, you seem to have the same problem as me: https://forum.pfsense.org/index.php?topic=142389.0 My main concern is that there is no 'local network' entry in the server setup, could that be the key to a solution?

Thanks so much.

That's pretty unlucky. Yes, but the NAT has to be done at that location. For them to talk to each other it has to be done at both locations.