Did it work out for you with 2.3.4, or did you get another image to work?

Its late, so if I'm posting in error, forgive me. However, when VPNs are involved, its best to makes sure that the networks involved are different. Its also best if both are moved to private but not common numbers… Like 192.168.32.0/24 for the local network. Then 192.168.33.0/24 for the remote network. And move the VPN networks in pfsense to something sane but also unique and uncommon like 10.12.14.0/24 You really don't want your networks getting confused about where to send your packets. You never know what you might want to connect to this in the future, so why not make it idiot proof?

@viragomann: Maybe it's your ISP if he blocks the packets. Your server log shows a second server, listening to UDP 10445. Is it accessible? If it is the other server should be as well. yes on both sides are the openvpn opens to listen to each others. ISP is not blocking anything as it used to work untill the last update . its appear the firewall is blocking the traffic to leave and i beleive is a routing issue. just dont know where to start thank you

can OpenVPNServer and IPSEC be used on the same interface? That's what I'm trying to do on IF vmx0.500. I guess that could be the source of the problem

As far as I know one should use one line for every push option. That would be: push "dhcp-option first-domain.com" push "dhcp-option second-domain.com" You can check if your method works correct in the client log, should look something like: SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1) Fri Nov 24 13:58:10 2017 us=31484 PUSH: Received control message: 'PUSH_REPLY,..........,dhcp-option DOMAIN first-domain,dhcp-option DOMAIN second-domain,..........'

Post your NAT table and LAN firewall rules.  You probably have a setting wrong.

@ssbarnea: I need to generate OTP user/pass needed for auth-user-pass on OpenVPN client and I need to run a script that saves these to a file before the connection attempt is made. How can I do this on pfSense (2.4.1)? PS. This needs to run on reconnects too. I was able to do this on Linux and even on Viscosity MacOS clients but I don't know how to do it on pfsense…. preferably in such a way that these changes would not be lost on a system update. Update: as I was unable to find an answer, I ended I as raising a bug at https://redmine.pfsense.org/issues/8122 Have you tried using OpenVPN's auth-user-pass-verify parameter? From the manpage : –auth-user-pass-verify script method Require the client to provide a username/password (possibly in addition to a client certificate) for authentication. OpenVPN will execute script as a shell command to validate the username/password provided by the client. If method is set to "via-env", OpenVPN will call script with the environmental variables username and password set to the username/password strings provided by the client. Be aware that this method is insecure on some platforms which make the environment of a process publicly visible to other unprivileged processes. If method is set to "via-file", OpenVPN will write the username and password to the first two lines of a temporary file. The filename will be passed as an argument to script, and the file will be automatically deleted by OpenVPN after the script returns. The location of the temporary file is controlled by the --tmp-dir option, and will default to the current directory if unspecified. For security, consider setting --tmp-dir to a volatile storage medium such as /dev/shm (if available) to prevent the username/password file from touching the hard drive. The script should examine the username and password, returning a success exit code (0) if the client's authentication request is to be accepted, or a failure code (1) to reject the client. This directive is designed to enable a plugin-style interface for extending OpenVPN's authentication capabilities. To protect against a client passing a maliciously formed username or password string, the username string must consist only of these characters: alphanumeric, underbar (''), dash ('-'), dot ('.'), or at ('@'). The password string can consist of any printable characters except for CR or LF. Any illegal characters in either the username or password string will be converted to underbar (''). Care must be taken by any user-defined scripts to avoid creating a security vulnerability in the way that these strings are handled. Never use these strings in such a way that they might be escaped or evaluated by a shell interpreter. For a sample script that performs PAM authentication, see sample-scripts/auth-pam.pl in the OpenVPN source distribution.

finally latest test, i switch my pfsense 2.4.1 for a 2.3.3 and everthing is working as expected with OpenVPN and UDP. My openvpnclient acquire IP from DHCP. So there is something wrong with my 2.4.1 I'll reinstall a 2.3.5 on my pfsense 2.4.1 we'll see.

Ran into many other issues, but certainly not your one. :) Just as a note: you should see meaningful log messages at least on the pfsense side (dont know the other device) by the time the reconnect should happen. Both sides should attempt the reconnect if so configured and give some hint on what is happening - especially if messages are missing.

I have similiar config however I am using AirVPN instead of PIA and it is working as it should. A single LAN rule should be sufficient. Make sure Disable reply-to on WAN rules is UNCHECKED in Advanced->Firewall/NAT.

You dont need to use TAP, TUN will work. When you set the VPN server as default gateway (redirect gateway) your public IP will be the WAN IP of the VPN server. Can you ping all the remote networks you want to be able to reach from your Pfsense? Does the remote networks you want to reach use the Pfsense as default gateway? Depending on your setup, you may hit your remote networks OK but they do not have a route back to your VPN client range.

Thanks for the help. I figured out what was happening. I had another application (AntennaPod) on my phone that was registered to open .ovpn files. That was the application that was generating the error messages. I had to download the file, then import it from within OpenVPN Connect, instead of opening the file from my email.

I have the same issue and the same device from amazon that sheen73 has,  I have a Gigabit connection, with PIA defaults I only get 40Mbps :( In the UI I changed the Send/Receive Buffer to 512K and UDP Fast I/O to true. My speed increased to 130Mbps… all my NICs support Gigabit.

Solved by Self ! :( :) Each Interface by VM´s must have Promiscuous Mode !

@viragomann: Maybe not the best solution, but that one that will work in your case: Add a source NAT rule to pfSense to translate your VPN IP to the pfSense LAN address. To do so, go to NAT > Outbound. If the NAT mode is set to automatic rule generation set it to hybrid and save this settings. Then add a new rule: Interface: LAN Source: <the vpn="" tunnel="" network="">Destination: <transmission jail="" ip="">Translation: Interface address Enter a description and save it.</transmission></the> This solution works! Thanks! ;)

@viragomann: The source has to be 172.16.100.0/24 - LAN1 network. Ah yes, thank you for that. I can now ping 192.168.12.45 from LAN1 and it responds correctly. Now….How can I configure it so I can ping 172.168.1.45 from LAN1 or LAN2 and it routes to 192.168.12.45 in LAN2? I need this because I have more sites with 192.168.12.0/12 networks. Cheers, Mike.