You're adding more variables to the equation and there were already too many unknowns. :) If your phone connects as expected on external wifi, but not on the LTE network then it would seem to point to an issue with your mobile carrier, but you'd have to do a lot of troubleshooting to confirm that assumption.  I'd start with ping tests while connected to LTE and if you can't ping, do a traceroute from the phone to see what's going on.  Is it possible your mobile provider is blocking OpenVPN connections?  Unlikely, but maybe – again too many variables & unknowns, not enough facts. But wifi works and LTE doesn't is at least something to work with.  Do the ping & traceroute tests when connected to LTE and work from there.  Seems like a phone config problem.  Does your LTE provider do CGNAT?  I don't think that should cause an issue, but maybe?  Have you tried connecting with another device? Having connected successfully to both the webgui and your rdp host behind pfsense using wifi, I think it's safe to say the openvpn server is properly configured and operational.  The rest, I'm afraid, is going to be up to you to troubleshoot.

@silvershark78: I'm using 2.1.4 if that matters https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD

Another problem solved by multiple SSIDs on one radio is they are all on the same frequency. Multiple APs each need a clear channel. Most people can't find one clean one on 2.4, much less three.

actually i did not invest at all.. I tried pfsense on VM but it was giving all weird behaviors also when server shutdown the whole routing failed and when my wifi router finally failed , i just used a very old system(pentium4 with 1G ram) and got it working. I was looking for a switch but was never sure if the one i was looking for were managed switches.. For example is this TL-SG108E a managed switch or not and if not is it fine to use because they do mention vlan is supported..  Another reason i did not go for  a switch was i had very few systems to support so i assumed i could handle with existing PCIe port connection.. Like i said using Intel pentium 4 LGA 775 based montherboard with 1G ram and  Intel PCIe I340T(not original got it from ebay).. Yes right now all but wifi devices are static IPs. Thanks a lot for your help Johnpoz.. Let me play around a bit for couple more days and see what i can do and understand and your steps might help ..

@telmocalhaco: It´s a firewall problem on the pfsense , just add a floating rule on the WAN to allow all trafic and it start to working . hi i have the same scenario how did you make the floating rule I can’t seem to get it to work I have 2 wan a dsl and now I use d-link as a backup 4g wan I get an external ip address on the port but can’t route traffic and it show the gateway as offline please help I have a bad internet I have the latest pfsense

So I'm getting a repeat of this issue again. Nightmare. I've read up on some topics of people seeing similar issues regarding the states. Could anybody point me to the light regarding this issue? When I disconnect and reconnect via interfaces I get use of both gateways but not before long I get the same issue after a gateway maybe going down for a few minutes? :-[ Thanks

Had a colleague in China last year using my OpenVPN.  As a tourist on "public", hotels mostly, hot spots I'm sure it's not the same as for a "subscribed" service.  But even so it seemed connections were restarting quite a bit.  For a mobile device not being heavily/continuously used it was okay.  Can't imagine the poor user experience for heavy computer use though.  We weren't doing any thing to obfuscate though.

What might be the most concerning about this is whether or not there is a secure firewall rule set in place when this happens.

Ok I figured out why your image wasn't loaded - I was connected to one of my vps via vpn on my workstation, and that was having issues.  I notice when I couldn't get to my local stuff ;) Anyway.. So why and the hell would you have a dual wan router connect to pfsense lan with 2 different connections???  That is ZERO reason to do that… And why would you be using it as a router anyway??  That should just be used as an accesspoint.. You have a 50/20 internet connection there would be ZERO reason for such a setup.. Turn that router into just an AP connect it with 1 wire to pfsense lan and that should fix whatever issue your having..

delay.. without more info it is impossible to even guess what your talking about.  There is nothing in "nat" that would cause a hours delay..  Once this delay happens do they then work fine?  Its possible they had a different IP and you had to wait for their lease to expire then get a new IP on the new network since you removed their other nat.. As always a drawing of your network would be helpful in understanding your environment so we are all clear on how your setup.  You say you removed a nat, so I would assume your clients are now on a different network ip scheme..  Which is via dhcp?  So if you had an old lease, you would have to release and then get a new lease from the dhcp server on the new network your on. Or did you remove the nat and now your just routing to a downstream network vs natting to it?  These are details that need to be understood to try and help you.

Yep just tried emptying the cache directory and I was able to create the rule

Must be lot of fun with doing maths and waiting where it overflows… but - the circular log is not suitable for archiving purpose, at all. Use a remote syslog server, or at least install the syslog-ng package and log to normal logs, rotating them as needed.

Yes, reinstall is the only way to fix UFS. I've filed multitude of bugs about UFS and fsck. fsck is so broken that it needs multiple successive manual runs to even try to repair the filesystem, and then it gets all sort of things wrong, and segfaults, or spits out various confused nonsense, and eventually screws the filesystem to the point where you cannot boot any more. I got the below patch from one of the pfSense devs for debugging, and while it tries to run fsck much aggressively, as noted above, the only result in the end was complete FS destruction. Also, it would need updating for 2.3.2 or newer, apparently. diff --git a/src/etc/rc b/src/etc/rc index e82a5ba..970fa9c 100755 --- a/src/etc/rc +++ b/src/etc/rc @@ -54,7 +54,7 @@ fi if [ -e /root/force_fsck ]; then echo "Forcing filesystem(s) check..." - /sbin/fsck -y -F -t ufs + /sbin/fsck -y fi if [ "${PLATFORM}" != "cdrom" ]; then @@ -77,18 +77,37 @@ if [ "${PLATFORM}" != "cdrom" ]; then if [ ${FSCK_ACTION_NEEDED} = 1 ]; then echo "WARNING: Trying to recover filesystem from inconsistency..." - /sbin/fsck -yF + ntries=0 + fsck_rc=1 + until [ $ntries -ge 3 -o $fsck_rc -eq 0 ]; do + /sbin/fsck -y + fsck_rc=$? + ntries=$((ntries+1)) + echo "DEBUG: Run #${ntries} - rc = ${fsck_rc}" + sleep 1 + + # Sometimes first call returns 0 but filesystem is still broken + # Run fsck in preen mode again just to be sure + /sbin/fsck -p -F + fsck_rc=$? + echo "DEBUG: (-p) #${ntries} - rc = ${fsck_rc}" + sleep 1 + done + + if [ $fsck_rc -ne 0 ]; then + echo "Automatic filesystem recovery failed. Starting recovery shell!" + tcsh + reboot + fi fi /sbin/mount -a 2>/dev/null - mount_rc=$? - attempts=0 - while [ ${mount_rc} -ne 0 -a ${attempts} -lt 3 ]; do - /sbin/fsck -yF - /sbin/mount -a 2>/dev/null - mount_rc=$? - attempts=$((attempts+1)) - done + + if [ $? -ne 0 ]; then + echo "Filesystems could not be mounted. Starting recovery shell!" + tcsh + reboot + fi if [ "${PLATFORM}" = "nanobsd" ]; then # XXX This script does need all filesystems rw!!!!