how has nobody dealt with this issue before? Nobody has nat traversal on and using a vpn?

start by providing info…. "ive tried everything" is fairly useless to start debugging this issue so: diagram of your intended network (include subnets/ip's) screenshots of configuration related to vpn logs

Yeah often when someone suggest changing from default port someone else usually retorts with a speech about security through obscurity being worthless… Security through obscurity vs "true" security is an imperfect analogy to cover vs concealment. Concealment can't physically protect you but it serves a purpose. The most commonly cited purpose is to clean up your log files, and that is certainly a valid purpose.

Agreed that would be the best option to be sure!

@Pippin: See here: https://forum.pfsense.org/index.php?topic=132534.msg728642#msg728642 ah, thanks and sorry for doubleposting! Greets Stephan

@Derelict: It turns out that Block private networks and loopback addresses on the WAN address was blocking access to the WAN from the VPN.  Is it a problem to disable this option? No it wasn't. That blocks connections into WAN from outside WAN from RFC1918 source addresses. You can run without those checked. Your correct it only loaded the one web page and then it wouldn't work anymore. I have no idea what else to look for.

Working for 8 hours without issues on UDP port 1197 with AES-256-CBC and SHA256. Seems it was an issue on the PIA side. Update: No issues since

As it happens, I just had to reboot because the cable ISP was doing planned maintenance. Yes, the routes are completely unaffected on the client.  Though I've never experienced the problem you're seeing. I noticed that the OpenVPN Client Export package allows separation of push statements by either a linefeed or a semicolon.  Whereas the OpenVPN Server settings only seem to permit the semicolon.  Should probably be consistent.

That error is from the client, not pfSense. Something else is already using the address/port it wants. Also your Windows OpenVPN client is very out of date and vulnerable. Uninstall that and install the latest version. If you installed it from the client export package, update your export package and then export a new installer. Use the 2.4 installer if you can.