As a matter of feedback, removing and reinstall the package worked for me too.  Soooo nice to have the functionality back.

Hi Screenshot attached. When the second rule is enabled there is no internet access from the IP specified in Alias Blockpc. When the rule is disabled internet access is available. [image: Firewall_Rule.png] [image: Firewall_Rule.png_thumb]

Yep, that'll do it too :) Plus, I was mistaken, there is a route to your tunnel network (10.25.2.0/29).  However, I was surprised to see it at only a /29… you're only going to get 5 users out of that, but... maybe that's all you need.

Dude your NOT going to change the SOURCE ports of traffic to the same thing.. It DOESN"T WORK THAT WAY!!! You are completely misunderstanding what they are doing with their 10 port, or your explaining it WRONG!! If you have some application that randomly listens on some port between 1000 and 2000?  And the firewall in front of you will only forward 10 ports then your screwed.. Never going to work..

Hi! I have default gateway switching enabled but seems it doesn't work. In failover mode I don't see default route in the routing table. Squid also doesn't work with dual WAN (it use the default gateway). I had it working until recently, but for some time this configuration does not work too. Maybe these two problems have the same reason. I'm not sure. Best!

I recently setup openvpn and found similar issues, I decided to check whats my ip and some of the sites are showing my real ip where as others are showing my vpn ip which should not happen in my eyes.

I'm sorry. You probably need to ask your question in the forum for your native language in your native language.

Hi My script is correctly editing config.xml and client1.conf OpenVPN is restarted and it appears to connect to the new server, but the GUI still shows the old host address and after a minute or so the VPN appears to be connected back to the old host. Can this be done? Thanks

Just use a pfSense instance somewhere on your network to manage your certs ;-) Though it's not perfectly suited to being a general purpose CA, it sure beats having to mess with EasyRSA. And on 2.4 you can sign CSRs as well as create certificates.

Current is 2.3.4_p1 I would assume it would be using the the same version as 2.4 betas [2.4.0-BETA][root@pfsense.local.lan]/root: openvpn –version OpenVPN 2.4.3 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 21 2017 library versions: OpenSSL 1.0.2k-freebsd  26 Jan 2017, LZO 2.10

You've to tell the site-to-site vpn to route the responses to the vpn clients back over the site-to-site. To do this, add the clients tunnel network to the "remote networks" in the site B settings.

here are more logs. those two clients are nat behind ISP Router which ports are still open Aug 18 16:13:52 openvpn[18274]: MANAGEMENT: Client disconnected Aug 18 16:13:52 openvpn[18274]: MANAGEMENT: CMD 'quit' Aug 18 16:13:52 openvpn[18274]: MANAGEMENT: CMD 'status 2' Aug 18 16:13:52 openvpn[18274]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock i see them on the server Firewall on the block side.

The problem was solved by rebooting the client.. so I would guess the OpenVPN client is bad. Or could it be some issue on the server side? I mean, the client IP stays the same.. I don't know if anything would survive on the server side, in this case I rebooted the server, and it reconnected on the same IP and opened VPN access again.