pfSense

After upgrading from CE 2.6.0 to 2.7.0, OpenVPN site-to-site does stop working. This does not seem to be an isolated issue, cf. https://forum.netgate.com/topic/181210/no-site-to-site-vpn-after-upgrading-ce-from-2-6-0-to-2-7-0

My situation is a two-location SOHO with pfSense on Supermicro hardware, with 2 WAN connections per location, with fixed IPs and IPv4 with NAT and LAGG on the LAN side. There are two routers per location set up as a high-availability router based on CARP.

For 10 years, this setup did serve me well for a site to site VPN:

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ospf.html
A variant with no OSPF and remote networks provided did also work. Also a single WAN site-to-site with the server running on localhost and NAT port forwarding to localhost did work well. I am using manual outbound NAT, switching to hybrid does not change any of the issues below.

After upgrading from CD 2.6.0 to 2.7.0 I did not regain full performance of the site-to-site VPN:

OpenVPN
    The best result I can get is that Diagnostics -> Ping on each firewall can ping all devices in the respective other LAN. Telephones using udp SIP can also log in through the tunnel. ICPM and TCP traffic will not flow.
    The following measures do not make a difference:

- IPv4 Remote network(s) empty vs. populated
    - remote network included in IPv4 Local network(s) or not
    - Client specific override with IPv4 Remote Network/s depeding on the certificate CN or not
    - Adding an OpenVPN interface and setting a static route or not.