If you made two servers, one for each WAN, ensure they have unique tunnel network settings but have the same certs/TLS keys/etc.

It's easier to make one server, bind it to Localhost, and then port forward from each WAN to localhost. That way the same server can handle both WANs.

I have found the problem! When I use hmac OpenVPN stops/crashes. When I do not use it everything runs smooth. Also tried using hmac without hardware encryption but didn't work also. I'm a bit disappointed that OpenVPN crashes when using hmac :( Does anyone have an idea on how to solve this?

killing two birds with one stone?

Smart…

Glad its working.

Don't know but you can contact with Astrill support team hope they can help you

Just realized how to fix this, when i saw the Proxy server's Interface list.

i added another interface for openvpn changed openvpn's listening interface from WAN to any multiselect the interfaces in squid proxy server set to transparent mode changed HAVP server to transparent mode.

Initially my VPN broke but that was due to the problem of incorrect listening interface. after changing the interface from wan to any in openvpn server it was ok.

thanks

@cmb:

"The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user."

That's your problem, fix your Windows account and/or NPS policy.

NPS will only reply with essentially one of two things - auth failed, or auth successful. To get details as to why it fails when it does, you have to check the Windows side.

@cmb:

"The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user."

That's your problem, fix your Windows account and/or NPS policy.

NPS will only reply with essentially one of two things - auth failed, or auth successful. To get details as to why it fails when it does, you have to check the Windows side.

hi cmb
i've checked this permission and was set ok, i even change it to the allow permission and it didn't works,
this happens after the latest microsoft update probably they miss with the settings of the NPS,
after i disabled the connection to other devices.
voila everything start working !
i am really curious to understand what changes are happend.
other customers are working fine and had the same update lately on their OS but the settings are still the same
i am very curious to know the changes that happens.

Diag>nanobsd, mount rw, save file, mount back to ro.

I used this tutorial and it works quite nicely:

https://forum.pfsense.org/index.php?topic=64439.0

Finally, I got the solution!!!

https://forum.pfsense.org/index.php?topic=69826.msg381825#msg381825

That's the thing though, it wasn't working.  And it was because of the topology check box I selected.  However,  if I deselect that and add the following in the Advanced Configuration section, it is working now:

verb 5
topology p2p
route 192.168.10.0 255.255.255.0 vpn_gateway

that is along with the client specific override adding the iroute.

good to know your issue is fixed,
didn't know your MAC wasnt patched with the latest security patch ( SSL ).
disabling IPV6 is really the solution,
had the same issue before with my Mac users.

No I have 2 strongvpn accounts. For some devices I want to route it to account 1 but others I want account 2.

Are you behind a Domain controller ?
is Pfsense your Forwarder or other server ?
screenshot of your pfsense DNS setting please?

return the iphone 6…buy android, problem solved  ::)

Jamerson advice is dead on. It works fine for me, 2.1.5 with a 4s

Nope - Your VPN will cut through your pfsense like a hot knife through butter.  Once you are using a machine inside the LAN running vpn client, the vpn server and any other clients connected to that server and anyone with access to the server or one of the clients or anyone who has hacked into the server or any of the clients on that server potentially have access to your LAN freely.

So, like I said before, hope you trust your VPN server.

Might need to re-write this… it doesn't make sense, but I'm guessing you're trying to say one side is able to communicate with the other, but not vice versa.

Post a network map.  We need details in order to help you troubleshoot.

Post your server1.conf and client1.conf.

Your talking about the export package - openvpn is base install of pfsense, its not a package

Available: 1.2.13
Installed: 1.2.12

I just updated this remotely without any issues.