if you changed the only rule to use sprcific gateway, then you should be ok with this scenario.

what about the gateway .

so here is the network

Site A                              Tunnel                                        site B

Lan                                                                              lan 192.168.20.0/24

192.168.0.0/24
                                  ON SERVER SITE                                 
                                    10.0.20.0/24
                                      server ip is 10.0.20.1                      client ip 10.0.20.2

Vlan 23                                                                              roadworrior

192.168.23.0/24                                                                          10.0.23.0/24
                                                                                        push route here is 192.168.23.0/24

How to add the route on A for 10.0.23.0 which is the network for B roarworrior.

Also do you add it from

System => Routing => 10.0.23.0/23

Gateway is the wan nic.

Cheers,

Raj

Okay, it's working now
i change the client machine
thanks for all of you

other thing can i make it automatically connect when windows start i mean on startup windows XP ?

Hello,

Rules are ok for me, i've also to create a temporary "Any" but no effect.

In summary

A computer 10.10.10.45 connected to firewall 10.10.10.1 can ping firewall, OpenVPN Interface 10.10.30.1

On other side a computer 192.168.2.8 can ping firewall 192.168.2.1

With a ssh shell session on 10.10.10.1 i can ping 192.168.2.1 and .8

Same on 192.168.2.1 i can ping 10.10.10.1 and .45

But not possible from pfsense gui / diag / ping, i try lan, wan… timeout, same from computers....

... :'(

Bad English aside, we need more info.  Start with the basics…what does your set up look like... simple road warrior, site-to-site? Give us your LAN scope, Tunnel Network, PFsense version, OpenVPN firewall rule, also a network map would help.

Did you actually add a static route or try to add a route to your custom config?

No there isn't, anyway i have rebooted pfsense and all is working perfectly now.
Thank you very much.
;D

Then put ping-exit in the client config and make sure they have no keepalive or ping-restart in the client config.

The only thing you can do on the server side is specify the inactive parameter I showed earlier.

I wouldn't really mark your work around as solved - because you have not solved the root of the problem.  The root of the problem is you have the same network segment.

So you force traffic down the tunnel - now clients can not access resources on their own segment ;)  And still have issue with dupes, maybe client wants to access 192.168.1.14 on his segment, and he ends up trying to access 192.168.1.14 on your segment.  Maybe his address is .14, and needs to access .14 on other end ;)

Your solution may have allowed you to accomplish a portion of what your what your wanting to do - but it in no way is an actual solution.  Now natting would actually be a solution since remote clients would be able to access any IP on the vpn local side, no matter what IP even if matches up with their own.

need write ADVANCED

push "route 192.168.0.0 255.255.0.0";  - where    192.168.0.0 255.255.0.0  you local network….

good luck...

@jimp:

Also if you switched between tun and tap and back (as it appears you have) you must reboot in between.

The openvpn interfaces in tun mode would not have an 'ether' line and the IP config wouldn't look like that.

THANK YOU!!

You're absolutely correct. I have switched between tun and tap mode. I was messing about because I initially didn't have the knowledge of which one did what. On the currently deployed Ubuntu Server interfaces config says TAP, but after investigating it's operating in TUN mode. Weird :/

Anyways, a reboot solved the issue. I'm so used to not rebooting that I never even considered it on a freshly installed VM.

Thanks again.

Some notes on using that:

First, read all of the text descriptions on the new fields that show up when you switch to TAP. The notes are important.

Add a new VPN instance, select tap, fill in all your other info as you want, If you want to provide DHCP to clients, check the box to bridge DHCP, select the interface you will be bridging to, and (optionally) fill in the DHCP server pool. If you fill in the DHCP server start/end it should be a range of IPs outside of your existing DHCP pool. If you leave the IPs blank, it will pass DHCP through to your LAN DHCP server.

After you save the VPN settings, go to Interfaces > (assign), assign the new VPN interface. Go to Interfaces > OPTx, enable, leave IP type as "none", save. Go to Interfaces > (assign), bridges tab, bridge the VPN interface and your LAN or whatever internal interface(s) you want.

Go to Firewall > Rules, on the VPN interface be sure to add rules there that will pass DHCP and whatever other traffic you want (or just pass any/all).

I had the same problem.  With the OpenVPN client, if you're using Windows 7 or Windows Vista, you need to run the client as Administrator – not meaning an account with administrative rights, but either right-click, run as administrator, or edit the properties of the shortcut to run the client as admin.  It needs this to create a route on your Windows PC.  Running as administrator solved the problem for me.

I got it going, much thanks for the advise and best of all the online youtube video that gave step by step instructions on how to use the wizard on pfsense 2.0.

Any one need a hand I'll be happy to help.

If you are using OpenVPN and UDP than try this:

OpenVPN Server should listen on LAN interface PortForward from WAN1 to LAN for OpenVPN PortForward from WAN2 to LAN for OpenVPN

As far as I know there are "LoadBalancing" problems in OpenVPN and UDP with two or more WAN interfaces.
Perhaps you found some more information on the forum relating to UDP und Multi-WAN

Nachtfalke, thank you for explaining this!

From those screenshots it doesn't appear that you have any client certificates, which as justsomeguy6575 found would make that list show up empty. Make some client certificates for users from the same CA as the server certificate and they should show up.