i can upload at 120mb so why cant my brother with his 100mb nearly max my line out.  i get 30/40 tops Mat

You're probably right. I may make it even simpler and just install the client directly onto a dedicated VM, that way the VMPC itself will just tunnel out and I don't have to deal with getting it all working in PFSense, routing, etc. Thanks for the suggestions.

" i've managed to solve my problem by upgrading from the stable branch to the development release" That sure and the hell was not the issue… Not sure what you did, but upgrading to a nonstable dev release would not be what I would suggest.. So while the process of doing the upgrade - maybe you did a clean install and didn't try and nat your inbound connections.  No idea but running dev your more than likely going to run into other odd issues.

That was it, thank you!

Good that it works. On that note - is your system clock sane? Cannot imagine why'd something say it's uptodate when it's ages behind.

You have to enter the server sides local subnet or the particular hosts you want to access in "IPv4 Local network(s)". Try to access the file share by its IP, e.g. \192.168.1.25\share Bear in mind that Windows firewall blocks access from other network. So allow the access in the Windows firewall or disable it.

Thanks jimp, that did it. Didn't occur to me since I didn't need to do that for my LAN subnets, but now that I've added an allow for the VPN subnet they can resolve.

Hi, Answering to myself ;) There is no need of "local network" option anymore and my problem was a switching issue !!!

I made a firewall rule to allow 10.8.0.0/24 in windows firewall. That works, but it would be better If I could get it to show private, and not have all traffic go through the vpn.

Publicly signed certs have no business being on OpenVPN and no client would have problems because of that. You're making things much more difficult for no benefit.

Closing comment: My initial testing was done using Windows 7 clients. However, the laptop clients in use are actually Windows 10. When I tested the W10 clients, everything worked out of the box - browsing and sharing, as if they were on the same physical network. So yes, a Peer to Peer (shared key) connection is a viable setup for me.

aha!  Got it!  In addition to those two links in my initial post, getting OpenVPN to start and connect at CentOS 7 system start was nigh impossible, but for this! https://ask.fedoraproject.org/en/question/23085/how-to-start-openvpn-service-at-boot-time/ "It seems this is a known bug/limitation in the design of the Systemd framework in combination with OpenVPN. " Once again, without derailing this topic, thanks for nothing Systemd!  And, I've figured it out.  Whew!  Hope these links are helpful to someone else.

There is no automated way to accomplish that, you'd have to create the certificates individually. You could create the certificates using OpenSSL outside of pfSense, but to use the export package you'd still have to import them to pfSense.