@nick-loenders
Anyway, if you have sequenced subnets like these you can embrace them in the p2 using an appropriate mask. But with a local LAN of 10.0.1.0/24 you run into risk of overlapping.

So if the LAN here is 10.0.1.0/24 you could only merge tunnel 2 and 3 by stating 10.0.2.0/23 as the remote network.

If you have control over all involved site you should consider this when designing the networks.

@viragomann Thanks for the reply! I have checked this box, however when I do reload the tunnel (momentarily dropping it) traffic does route to the other network card, so it must not be blocking it

Yes Sir!

Many thanks for the speedy response.

Kind regards,
jB 😎

@gertjan Thanks!

Issue resolved by contacting support for the new version.

In fact, I have to provide as best practice, but makes sense, all details about : what I would like to do, where I am, what is the configuration, so I have prepare a message in French with all of things and all pictures of the current configuration .... I think I have around 8 / 10 Pictures, and also pictures of PfSense Interfaces are in French 😁 and several hours to write it with some links to existing messages (I performed some search), but without success. I miss something.
But you are right, I am pretty sure that the answer is in existing messages, I will perform a new lookup on this section you provided.
It's very sample but I never do it and like everybody I want the solution without effort and fast also ...
I will check also .... if there is a how to section.
Thanks again.

Hi All ,

Here in 2020 same issue and this was my fix : compression: omit preference .
Works with PfBlocker unbound too .

Thanks @JeGr

Peer to peer, TLS
UDP on v4
tun
<your WAN interface>
server host: Your Server
server port 443 (that is real strange - udp/443 isn't something normally used but maybe CG does it)
no proxy settings
<your description>
<username>
<password>

do not retry
use a TLS key
peer CA: import the ca.crt from CG
peer CRL -> none
client cert: import the client.crt and the client.key
encryption: AES-256-CBC
disable NCP (CG config doesn't include it)
Auth digest: SHA256
leave tunnel network blank (none given in the config)
leave remote network
compression: omit preference (as the CG file has comp-lzo -> that's no that nice because of VORACLE)
topology net30 (I assume from your screenshot when dialed in (.62 -> .61) that they still use net30
leave the rest
set gw creation to v4 only
verbosity level 3