@hrx The problem was solvable after quite a bit of research and testing. Most things stemmed from either the older versions of DCO in previous pfSense Plus version, but a few remained and were able to be debugged to being a problem in the implementation of OpenVPN, DCO and pf in FreeBSD itself. The quintessence is that OpenVPN multihome CAN'T work properly with DCO and PF in FreeBSD right now. Switching that to UDP on localhost and working with inbound redirection rules made it work in no time. It's not as elegant as we need to redirect v6 traffic, too , it's resulting in 2 OpenVPN servers instead of just 1 for my case, but at least it's working that way and doesn't have a problem. Cheers

@viragomann Thanks, the problem was the OpenVPN cert had expired, but I could not get to the box to connect. We have a few different firewalls that are supposed to have a tunnel between each of them, but none of them were working. Even had someone onsite at the physical location of the Firewall connect to the Firewall directly via Ethernet and they couldn't connect. Tried to use the Console connection, but couldn't see what port in the Device Manager, tried guessing a few but was still not able to connect via PuTTY. Fortunately today at a different site the tunnel there was working and I was able to connect and refresh the certificate.

@viragomann Disregard -- I was using the wrong option. Enabling the "Use only for resources on this connection" checkbox corrected the behavior. Thanks!

@soul222 try using their wireguard method. it is a lot easier to setup and faster from my own experience.

@bigbmn unfortunately I found this one. There was a bug in the code where it incorrectly defaulted to removing the settings unless the page had specifically been saved. https://forum.netgate.com/topic/181594/restore-missing-freeradius-config/

@senselessnewb Diagnostics > States > States You can filter the list for a specific IP (TV) and flush only these.

@jimp I tried but unfortunately it didn't work, because the User Certificate that I use for export the OpenVPN Client have the same CA that the server certificate (I think). The final solution was to reinstall all OpenVPN clients on all devices, hard work but at least all users continue to work! Thanks for the support

@massimope this is a really old thread, and not about internet access.. But about policy routing where was forcing traffic out a specific gateway, ie the vpn.. https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing If your trying to get multiple vlans to use your vpn client connection.. That would be most likely related to your outbound nat, not including your vlans networks.. Vs jumping on a 3 year old thread.. I would suggest you start your own with your own details of what exactly your wanting to accomplish.. Are you policy routing out specific to your vpn client connection, are you wanting to default route everything out the vpn? What is your outbound nat settings? etc..

@viragomann Yes the same local database for all users. I guess this can be chalked up to "gremlins" in the system. All the other accounts using the openvpn are still working after the host name resolution change. I even considered the fat finger syndrome - :) - but that was eliminated with repeated copy/pastes. Still scratching my head on the cause? However, it in now not as critical, since I have a work around. I appreciate your help!!

@viragomann Hmm, not sure I already did that. But let's see. Thanks.