Upgrade to a recent snapshot if you aren't seeing an OpenVPN dynamic gateway (or if you see it but it's always "gathering data"). There were some bug fixes a week or so ago, after the official RC3.

What solved this one?

If they don't have a certificate, and you're on SSL/TLS, then they can't access the VPN.

I don't think there is a permission for OpenVPN use, though there probably should be, may not see that until 2.1 though.

It appears that the update

"2.0-RC3 (amd64)
built on Wed Jun 29 18:35:57 EDT 2011 "

fixed the issue. Very odd.

Thanks for the input, guys.

Thank you jimp, I'll try your suggestions ASAP then report back.

Just some notes on the same topic is found here:
http://forum.pfsense.org/index.php/topic,7840.msg198497.html#msg198497

Thanks. I think a have to learn a little bit more about ovpn. I thought the tunnel network ist just a /24 subnet where Server and Clients can communicate.
But it works now.
Had the problem that on Serverside there is a multiwan configuration and a firewallrule which directs traffic from lan to a Gatewaypool.
This rule caused the traffic with destination to remotenetwork going directly to the gatewaypool and not through the tunnel. So I created a rule with destination 192.168.0.0/24 without any gatewaysetting and  it works perfect now.
But is this normal behavior? My IP-Sec-Tunnels weren't affected by this rule.

You probably aren't pushing a route to the VLAN subnet to the OpenVPN clients (or in the case of a static key setup, the client isn't routing the subnet over the VPN).

You may also need firewall rules on the OpenVPN interface if you're on 2.0, depending on what your existing rules allow.

That was weird.  On a hunch, I deleted the openvpn config, uninstalled the export package, etc…  Edited the config.xml and saw some turds left over.  If memory serves, last time I had openvpn working was quite a bit ago.  I manually deleted everything from the config file that looked related, and rebooted the appliance.  Now it works.  Go figure :)

Hey guys,

Figured it out and as usual, it was just a stupid error on my part.  On the OpenVPN rules tab, I was only allowing all UDP traffic.  Once I allowed all traffic, then all was good.

Thanks for the help!
Ben

It was return traffic that failed. Problem solved by adding

in "Advanced configuration"/"additional options"/"Custom Options" (name is version specific I guess) on 10.10.40.1 & 10.10.60.1, where 10.99.99.0 is my road warrior "tunnel network".

It can't be exactly the same as the others or it would be working. :-)

Look at the raw config.xml from a working one and the non-working one, compare the OpenVPN section of the config.

Yes, that's the second option I mentioned. The OpenVPN server needs a route back to the client. Search on the doc wiki (see my sig) for openvpn site-to-site and look at the docs. The exact method is different for SSL/TLS or Shared Key, so it depends on what you have.

Anyone? If I can provide more information or more clearly state the problem, please let me know.

Solved !

Upgraded to the latest RC2 snapshop (about 10 days difference) and it' s ok !

Yeah, I found the company by searching on Google.  You still haven't posted any details about your config.  Without that, no one will help you.

It's sorted, I installed WiKiD straight from the ISO.