ah ok i added a Fall over for P2P so if Nord Goes down it cant leak internet and start using the WAN.. had to adding a Floating Rule... this way IF Nord goes down i can still use internet but it denys it to the P2P and my guest network router

After contact with microsoft helpdesk I found the solution for me. For future reference: I had to turn on mss clamping and set it to 1350. This is also in the advanced IPSec settings Maybe this settings was defaulted after an update? I wasn't the one who configured it in the first place, so I wouldn't know for sure. I made sure to match my settings to this document https://docs.microsoft.com/nl-nl/azure/vpn-gateway/vpn-gateway-about-vpn-devices @stephenw10 Thanks for the reply, I had this disabled already, but the pointer was appreciated

@k15 Don't mention it Good luck

Hi, your machines uses s.o windows ? in that case turn off the firewall each and check pin to the other machine

@treborjm87 I'd be curious about this as well... I think you need to establish how much throughput/bandwidth you need and how many concurrent user connections you anticipate, etc? (Is this box dedicated to routing and VPN only or more exotic use cases like running VMs, etc) I've seen some charts floating around with hardware recommendations based on required throughput here and at the servethehome website.

https://www.netgate.com/docs/pfsense/virtualization/virtio-driver-support.html

Yes, nothing will change unless you change it. For example: https://www.netgate.com/docs/pfsense/book/openvpn/openvpn-and-multi-wan.html Steve

I am disappointed in this forum because not one suggestion was offered. Usually, community support for stuff like this is pretty good. Regardless, I figured it out myself. This thread can be considered closed.

I stand corrected! ~Mat

@patrick0525 If you're completely certain that nothing on your end changed, it stands to reason that maybe something on their end did? I'm not familiar with the provider, but have you checked to see whether they have an updated configuration guide? Have you tried connecting to them from a PC instead of the pfSense machine? If they support TCP as well have you tried that? Just a few thoughts for preliminary troubleshooting steps.

@medikopter said in OpenVPN TLS Fehler: Das klingt ja eigentlich ganz cool und simple, allerdings scheitere ich schon an der Umsetzung eines Failover. Nunja, aber das sind ja auch zwei verschiedene paar Stiefel ;) VPN auf beiden Interfaces zum Laufen zu bringen ist wesentlich leichter, weil du nichts umschalten/routen/sonstwas musst. Daher überhaupt nicht schwer. Also das er das Interface automatisch wechselt wenn eins Down ist. Es genügt doch eine Gateway Gruppe zu machen und die bei den Regeln auf dem LAN einzusetzen?