an extra bone…

under diagnostics > ping >

I am from the wan interface able to ping  the linux clients, example 172.16.2.10  but not the windows client 172.16.2.30 ...

any ideas?

Well again the site connection has dropped out every minute, all day. I've checked squid logs and also bandwidthD and there's nothing to suggest excessive traffic on either end. However the dropouts continue. So I established a private VPN so I could look at the two pfsense appliances side-by-side. The server end never reports a drop-out, however the reconnection from the client end (every minute) is noted in the OpenVPN server logs. On the client side is a repetition of the  Inactivity timeout (–ping-restart), restarting log entry.

So I tried something. I disabled the client VPN, then disabled the server VPN, waited a minute, re-enabled the server VPN, then re-enabled the client VPN. And now the connection has worked for the past hour without a drop-out.

So it seems to me the problem is not necessarily due to constant drop-outs, but instead that once an issue occurs, the reconnect doesn't work properly and the client side attempts unsuccessfully to reconnect every minute, but without a full reset, the connection might not be made again all day.

Frustrating….  :(

Your welcome, glad to help.

Did you have the tap bridge fix package installed?

It's possible that when it booted up after the upgrade, the package wasn't installed, so it wrote out the "wrong" config for a tap setup, then the package got installed, and when you did the edit/save it then setup and rewrote a proper config for a tap bridge.

Hi Phil

Just wanted to say thanks for your reply. I set the VPN connection to force all traffic over the VPN and the Port Forward worked.

Thanks again for your advice.

Wasca

Glad that it helped

Many thanks for directing me to this. Host 192.168.220 did have a misconfiguration - broadcast 192.168.255.255 with netmask 255.255.255.0 - which did not raise a problem until a reboot - coincidently around the time of the pfSense upgrade.
Now ping is working from VPN clients to this host (and all VM's on this machine) but still a ping to the Windows 7 host 192.168.1.100 gets only answered inside the LAN, but that's obviously not related to pfSense.

Thanks for the tip, I have not yet set the default gateway to the pfSense firewall because I want to test the configuration first. But this has to be the problem.

Thanks for the feedback guys - I will try again with Open VPN as L2TP keeps dropping out

Thanks for all your help guys, I appreciate the answers.

I considered using heper's solution but for the sake of avoiding all conflicts I think I might just change the addressing scheme to something somewhat random like 10.9.8.0/24 or something similar.

10x a lot,
it was enough for me to understand :)

Hello marcelloc,
Our Realtek Ethernet Card is in 100baseTX <full-duplex>Mode.

The other Szenario is with Intel Gigabit Cards and we tested OpenVPN and IPsec with Tuneables
No Success :(

Can someone help us or have ideas for more performance
We think 100baseTX <full-duplex>Realtek over IPsec or OpenVPN with Crypto should have 80MBit/s Performance over Tunnel.</full-duplex></full-duplex>

OpenVPN client advanced config, like this screen shot.
On the server end, you can just have 1 OpenVPN server running, listening on LAN. Then port forward the port you want to listen on from WAN1, WAN2… to LAN. That way the same OpenVPN server receives the connect requests from the client, whichever public IP address the client connects to.

OpenVPN-Client-Dual-Server.png
OpenVPN-Client-Dual-Server.png_thumb

You can have rules on the OpenVPN tab just make sure they don't match the traffic that would be coming over the assigned interface. Meaning, specify a proper source on the rules for other VPN instances and not just use 'any' or at least make sure that they don't match the same exact traffic as the rules on the assigned interface.

The wizard adds the any/any rule because most people don't want nor need to assign the VPN interface and just want to pass in all traffic from the VPN to their LAN or internal networks.

Thanks a lot for your reply  :)

That did it, now everything works as expected, again a big THANKS to all of you who helped me out here  :)

Have a nice week!

Best regards,

Chris

@ciambellone:

Hi All,
I've resolved the problem. I've found an error in the configuration
thanks a lot.

hi sir!

I failed you, but I do not know how to handle.You can share how to handle errors that are not.Thank you

I have tried it from my parents house which has 15/5 and it is still stupid slow. What I am really trying to get to run better is file transfers and such to and from my home to my tablet/laptop. I have centralized all of my files on a home server and I would like to connect to it and be able view, download, upload, stream and szuch while out but with the 550kbs it is not working. I'm not funnling all my internet traffic thru the VPN so it is just file transfers. If I can get this to work properly I want to setup a backup server at my parents and do the backups over the VPN. Thanks for the help