Nevermind. I think this was just logging an error because the route was already in the route table.

I'm still having a route issue, but I'll post that seperately

You can do that either way. You can have it be site-to-site, or you can assign the OpenVPN interface as an opt interface and setup NAT rules so that when traffic leaves OpenVPN, it gets NAT applied to the OpenVPN client address, and as long as the remote end doesn't have a route back to your LAN, it should be just how you describe.

???Anyone?

I was going to ask if you tried rebooting both machines or had an active IPSec connection as the config settings look right, but you figured it out, glad to hear.

good evening,

i have one question to your related posts.

i use pfsense 2.0 beta 5 newest version till yet!

and in openvpn client site is no entry for default gateway.

all clients can ping and share with local network, with right routes, but the entry for default gw is missing.
(gateway should be the pfsense openvpn server - in my config is it 10.10.0.1)

Feb  7 10:56:18 proxyfuck openvpn[15604]: /sbin/ifconfig ovpns1 10.10.0.1 10.10.0.2 mtu 1500 netmask 255.255.255.255 up

why it is hiding for me on client site???
:)

as noted in the pfsense docs:
"Word of caution: You can have both IPSec and OpenVPN enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references a subnet you wish to use in OpenVPN must be disabled, but IPSec andOpenVPN do not conflict."

Your Site-Site is using IPSec so you will want to use IPSec for your remote clients or switch everything over to OpenVPN

Edit: To see/set rules for any OpenVPN Tunnel, you need to add it as an interface, so you not seeing it is not unusual. What is your clients OpenVPN config? (remove public IPs/FQDNs)

regarding the static routing ….

I can ping from XP client behind PFSENCE B DD_WRT and vice versa, but cannot ping any client behind ddwrt like XP .... (after turning off local firewall)

XP1 ----DDWRT------PFSENCEA-------PFSENCEB------XP2 so XP1 cannot ping XP2 and vice versa.

Could be missing gateway on DD-wrt? there is setup IP 192.168.1.1 mask: /24 but no default gateway .....

The log shows the problem, and even links you to a FAQ entry telling you what to check - see here. If you're using Windows Vista or Windows 7 ensure you run the client as an Administrator (right click -> run as administrator).

Please take a couple of seconds and do a little research for yourself.  There is already a detailed howto on this subject:

http://doc.pfsense.org/index.php/Tutorials

Ok, that was the solution.

I added the routes in static routes in both Pfsense and the OpenVPN tunnel now goes through the SDSL lines. (I think only a static route in the distant site is required).

Thanks !!

The client has to know to send that traffic over the VPN in the first place, which requires routes, which requires administrator privileges… No way around that on the client side.

If you touch an assigned tun interface on 1.2.3, you must edit and save the associated OpenVPN client or server before it will function again (which will restart it). That works fine.

That should work fine, I've done that a time or two in the past.

Bridging is ugly and really isn't needed.

Firewall > NAT, Outbound NAT tab
Switch to manual outbound NAT, press save.
Add a rule, interface is LAN, source address would be your VPN subnet. Destination would be your LAN subnet, translation address would be 'Interface Address'.

That should be enough