As far as I can tell the WebConfigurator CA is added to me device.
Not sure why this works on the LAN and Wifi, but not VPN.

I'd appreciate any help with this. Thanks

What am I doing wrong ! ?

You have no clue how certificates work, this has nothing to do with the VPN.

NET::ERR_CERT_AUTHORITY_INVALID

Google it and google how to to add your CA to your device/browser or how to allow self-signed certs.

The IP Address of the OPT2 interface is 172.x.x.1, when I connect to the VPN I get 172.x.x.100

If I try to browse to pfSense I get:

If I click Advanced I get:

If I click on Proceed to 172.x.x.1 I get taken back to the first page (image1)
Clicking on the error shown I get:

This is the certificate of the pfSense box.. I can connect fine via the LAN interface.
What am I doing wrong ! ?

Thanks

This is the Phase 2 settings.

and these are the rules for IPSEC.

I have two IPSEC VPNS configured.
One is a site to site VPN and I restrict access from 192.168.92.0/24 to specific devices.. that seems to work fine.

The other is a Dialin IPSEC VPN which has access to the NAS on OPT2, this is what I want to dial into and have access to the NAS & pfSense.

Thanks

Hey
Show rules /Firewall/Rules/IPsec
and phase2 IPsec settings

Under rules / OPT2 I have 3 rules:

1. Block anything from OPT2 to WiFi
2. Block anything from OPT2 to LAN
3. Allow from OPT2 to IP address of NAS.

This seems to work and when connected via VPN we can only connect to the NAS.
I added another rules the same as 3 to allow access to the IP address assigned to OPT2 interface thinking that would allow access to pfSense.

When I tried to connect I got errors stating the connection wasn't private and was rejected.

Any help is appreciated.
Thanks

What do your VPN firewall rules look like?