@sami-mkaddem How do I mark this post as solved?

@viragomann Both endpoints are running on Verizon Fios. I'll see if can get put in a ticket with Verizon.

@jimp I did also find this but it appears dead. https://redmine.pfsense.org/issues/9970 Thanks btw.

Yup. Changing it to "shared key" seems to have worked. That's bananas! All the systems I was comparing to were also 23.01 and were using peer to peer (SSL/TLS). These are all 7100 1U appliances in HA configuration. Anyway, it's now working and I met my deadline so I'm going to take a break. If anyone has any ideas why share key worked but ssl/tls didn't, I'd love to hear it.

@viragomann I thought it might create an instance in Firewall Rules when I was connected via the VPN, but when I connect via my home network there are still 2 Open VPN interfaces In the Firewall Rules. When I look at the Status Interface page, as well as my Interface Assignments page, I have only one Open VPN interface.

@dweimer When you change OpenVPN server settings, you have to re export the OpenVPN client file. You've done that, right ?

@dbass A public IP can only be used once. If you use NAT then LAN gets a private IP range, and you need NAT port forwarding rules to connect to the server on LAN. If the server actually needs a public IP then you need to get another IP range from the ISP so they can route the public IP to you. https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html

@viragomann Thanks so much for your help, I've just done this and its now all working as it should.

@gertjan The administrator of the server decided to change something based on my log dumps, and now the connection just works at the first attempt. Thank you everyone for your help. The only thing I had to change was the syntax of the remote line as mentioned by @viragomann, then the import worked just fine.

@rubens-fontes for dns use 172.16.0.2 , x.x.x.2 is amazons DNS. I usually attach a send Network interface (on the private subnet) to the pfsense and then add that as LAN

Regarding the time difference, it's strange because I've compared both times and they are equal

@viragomann said in How to route LAN traffic thru OVPN: @ispasoiumircea In the outbound NAT rule the source has to be your LAN, so 192.168.15.0/24 presumably. Consider that the policy routing rule on LAN directs all matching packets to the OpenVPN server. Hence it doesn't allow access to any internal destinations like DNS from this device. This can be done, but you need to use a DNS server on the concerned machine, which is accessible over the VPN. If there is any, you can simply forward DNS requests with a port forwarding rule on pfSense and need nothing to change on the device itself. Otherwise add an additional rule to pass internal traffic above of the policy routing rule. The rule on the OpenVPN is only needed for inbound traffic. But I guess, you don't want any, so you can remove it. Hello, Thank you. Its worked just adding outbound NAT rule from LAN to VPN. Good day,

@adrianp918 192.168.1.1/24 is not a network. 192.168.1.0/24 is.