Issue with OpenVPN access back to client
- 
 I'm having an issue with openVPN, not sure what setting I missed I have a work network on a normal intel PC 
 LAN 192.168.0.0/24
 VPN 192.168.70.0/24I also have a HyperV at my house connecting to my work network 
 Home 192.168.5.0/24
 HyperV 192.168.2.0/24
 VPN 192.168.70.0/24I'm using peer to peer (Shared Key), port 1195 
 I used this as a guide
 https://www.youtube.com/watch?v=-8xt7LUtYH4&feature=youtu.bePFSense states I should not be using routing, but if I leave it alone, the home pc works perfect, but cannot access the home network from work, when I try to change what I think is logical, I end up not being able to communicate anywhere. From home, I can ping .70.2, .70.1 and .0.202 .0.200 or any other pc at the work location. Now I need something to communicate back to my home, I use tracert and I can ping .70.1, but if I try to make my way farther up the tunnel, it tries to use the WAN to connect to it, showing my public IP, etc.. I cannot ping or go any farther on the 0.0/24 network past the local tunnel address of .70.1. Any help would be appreciated, thanks in advance. 
- 
 Post your OpenVPN settings from both server and client. 
- 
 Server 
 Peer to Peer (Shared Key)
 UDP on IPv4 Only
 tun - Layer 3 Tunnel Mode
 WAN
 1195
 UsernameVPN
 use default direction
 -Shared Key-
 AES-256-CBC (256 bit key, 128 bit block)
 Enable Negotiable Cryptographic Parameters
 AES-256-CBC
 SHA256 (256-bit)
 BSD Cryptodev Engine
 192.168.70.0/24
 ipv6 - blank
 192.168.2.0/24
 ipv6-blank
 25
 disable compression
 TOS disabled
 ping inactive - 0
 ping method - Keepalive
 interval - 10
 Timeout - 60
 Custom Options - Blank
 UDP Fast I/O Disabled
 Exit Notify - Disabled
 Send/Receive Buffer - Default
 Gateway Creation - Both
 Verbosity Level - Default
 -Firewall/Rules/OpenVPN
 Check 17/272MiB IPv4* * * * * * none -Client (home) 
 Peer to Peer (Shared Key)
 USP on IPv4 Only
 tun - Layer 3
 WAN
 Local port - Blank
 Server - FDQN of office domain
 1195
 Proxy host - blank
 proxy port - blank
 proxy auth - none
 Description - Company VPN
 TLS - Default
 Peer Certificate - None
 -Share Key-
 AES-256-CBC (256 bit Key, 128 bit block)
 Enable Negotiable Cryptographic Parameters
 AES-256-CBC
 SHA256 (256-bit)
 No Hardware Crypto (Hyper-V Disabled)
 192.168.70.0/24
 ipv6 - blank
 192.168.0.0/24
 ipv6-blank
 Limit Outgoing bandwidth - blank
 disable compression
 TOS disabled
 Don't add or remove routes - unchecked
 ping inactive - 0
 ping method - Keepalive
 interval - 10
 Timeout - 60
 Custom Options - Blank
 UDP Fast I/O Disabled
 Exit Notify - Disabled
 Send/Receive Buffer - Default
 Gateway Creation - Both
 Verbosity Level - Default
 -Firewall/Rules/OpenVPN
 Check 0/0B IPv4 TCP * * * * * none - -And as I am writing this out, I discovered what it was 
 on the OpenVPN firewall rule, the protocol was set to TCP and not any. Once I flipped to "any", it appears all is working.
 TCP is default, so I didn't catch that all data from the VPN is through UDP and the firewall was not allowing it.Hopefully this helps someone else, as TCP is the "default" 
- 
 @KruglerD said in Issue with OpenVPN access back to client: TCP is default, so I didn't catch that all data from the VPN is through UDP and the firewall was not allowing it. UDP is only the OpenVPN tunnel itself. That has nothing to so with packets passing the OpenVPN interface. 
 However, pings are on ICMP, neiter TCP nor UdP, hence it didn't work.
- 
 Maybe, and maybe that is why my phone would not communicate is it would ping first, but switching from TCP to Any allowed my phone to operate as expected. 
- 
 OK, this has happened several times. What does "Type-of-Service" do? I have had this happen where everything is working just fine, and then all communication drops between the two networks. I go in and toggle off the "Type-Of-Service" on both firewalls and communication is restored. 
 I have the TOS on (I'm thinking) so that my VOIP phone on the 2.0 network can utilize traffic shaping on the server on the 0.0 network with higher quality.
 I have not changed anything over the last few days, but just all of a sudden, this was blocked.
 I'm on 2.4.5-RELEASE-p1 on both machines.