In fact, I have to provide as best practice, but makes sense, all details about : what I would like to do, where I am, what is the configuration, so I have prepare a message in French with all of things and all pictures of the current configuration .... I think I have around 8 / 10 Pictures, and also pictures of PfSense Interfaces are in French and several hours to write it with some links to existing messages (I performed some search), but without success. I miss something. But you are right, I am pretty sure that the answer is in existing messages, I will perform a new lookup on this section you provided. It's very sample but I never do it and like everybody I want the solution without effort and fast also ... I will check also .... if there is a how to section. Thanks again.

Hi All , Here in 2020 same issue and this was my fix : compression: omit preference . Works with PfBlocker unbound too . Thanks @JeGr Peer to peer, TLS UDP on v4 tun <your WAN interface> server host: Your Server server port 443 (that is real strange - udp/443 isn't something normally used but maybe CG does it) no proxy settings <your description> <username> <password> do not retry use a TLS key peer CA: import the ca.crt from CG peer CRL -> none client cert: import the client.crt and the client.key encryption: AES-256-CBC disable NCP (CG config doesn't include it) Auth digest: SHA256 leave tunnel network blank (none given in the config) leave remote network compression: omit preference (as the CG file has comp-lzo -> that's no that nice because of VORACLE) topology net30 (I assume from your screenshot when dialed in (.62 -> .61) that they still use net30 leave the rest set gw creation to v4 only verbosity level 3