From what you have posted, yes.

If it can't access HTTP, but can access other protocols, then it's either a proxy configuration setting on the client that's wrong or a configuration issue with the proxy server(s).

Thanks this worked for the most part, I changed the OpenVPN client address pool to 172.17.255.0/25 and I did have to do a route push in the form of….....

push "route 192.168.20.0 255.255.255.0 172.17.255.5";push "route 10.10.10.0 255.255.255.0 172.17.255.5"

....in the OpenVPN Client-Specific configuration but other then that, works like a champ :)

Thanks mate!

This is for a 1.2.3 system. I will give AON a try and see if that fixes it.
Thanks.

It happens on both. I have re-downloaded and re-installed and re-did configurations from scratch and I end up the same place again.  :'(

UDP isn't likely to be the problem.  When you connect from this 10. network, what does the client log show?  Are you by any chance also use a 10. network for your VPN or your remote network?

i am new at this, but would like to learn how to setup this option, can you show me how
Thanks

Aw man, here I was all comfortable in a state of ignorant bliss and you come along talking about disk failures.  :)

Thank you for the tip. I will give the disk a close look. I've been thinking about trying out 2.0 so this will give me an excuse.

Thanks jimp, I ended up restarting pfSense and the problem cleared up. I am interested in finding a way to reload the config without doing a full reboot and I'll try your suggestion if the problem pops up again.

@eureka, Thanks for the suggestions.
I will try out your suggestions & get back to you with the results.

Before I try out though, I would like to tell you that sub-domain to search into is not known @ deployment time. Sub-domains & Users in that sub-domain are getting added dynamically, there could be hundreds of sub-domains in one root domain so fixing group BaseDN wont be possible. I had commented out <group>…</group> section completely when I had tested.

Also, I would like to know what exactly "%u" does in filter (&(uid=%u)).

OpenVPN automatically reconnects. It doesn't wait for traffic, it tries constantly. There is a 60-second timeout (but that can be tweaked in the custom options).

When you save on the server end, the process restarts which disconnects the client, which can then take up to a minute to reconnect.

When you save on the client, the process restarts and it will reconnect right away.

There is nothing wrong with OpenVPN when setup properly, I use it all over the place every day and have zero issues. I have far more issues with IPsec tunnels on a weekly basis.

@jimp:

If you have more than one subnet, you need to push more routes to the clients using the custom options box. There are multiple threads and documents about that here on the forum and on the doc wiki. If you are unable to resolve the situation, please start a new thread with an appropriate subject so that it will draw more attention.

Again thank you
I added route under```
Advanced configuration >push "route 192.115.37.0 255.255.255.0";

"TLS Error" sounds difficult but it's easy: Just take the TLS string from your server, put it into a textfile on your openvpn client.

2048 bit OpenVPN static key

…

I have a slightly different question, but I think it is related to this.

I want to bind together at least 2 (up to 5 or 6 if possible) entirely different connections (same ISP; two ISP accounts; two modems) and load balance. I'm trying to improve my bandwidth (avoid caps and maximize overall throughput) to the VPN service I use. Here's the question: Is it possible to load balance a single session of OpenVPN over two (or more) different connections? It gets slightly trickier, I need to run pfSense virtualized on Win7. I'm thinking of something like http://bora.bilg.in/blog/04/multi-wan-load-balancing-under-windows-with-pfsense, with a single session of OpenVPN load balanced. If it did work, it would go something like this:

Win7 with OpenVPN Client <–> Virtual PfSense with Load balancing <--> Connections 1, 2,...,n <--> VPN Server <--> Internet

Please note that I only have one VPN tunnel I want to make, I just want to expand the number of physical lines I can use to reach the server.

Is that even possible? Does the Server need to be setup in a special way? Should PfSense be running the OpenVPN client instead of Win7? If this is possible, are there any particular methods I need to use? What are they?

Update!  :)

Problem solved using the OpenVPN Access Server. I purchased user licenses and downloaded the VMware OVPN appliance. I then converted and imported the appliance into my Citrix XenServer and configured the OpenVPN Access Server. Now remote users can access both of my offices over a single VPN connection using OpenVPN and IPSec. I'm currently running both servers side-by-side until I replace my user clients with the ovpn client generated by the Access Server. The pfSense server is using UDP 1194 and the OVPN AS server is using UDP 1195. I can now route traffic between the various subnets in my network over the VPN.

Using my Windows Server 2008's Network Policy Server (RADIUS), remote VPN users use their Active Directory credentials to authenticate with OpenVPN. In addition, all VPN users belong to a special Windows Security Group and only members of that group are allowed to access the OpenVPN AS. My site-to-site tunnel using IPSec remains unchanged and I have removed the OpenVPN site-to-site configurations from my pfSense boxes. I have also shutdown the 2nd OpenVPN server located in my satellite office which was used to access the remote network located there. I had been at this for 3 months and I simply never could get the site-to-site tunnel using OpenVPN to work on pfSense so I am most pleased with the outcome.

ISSUES RESOLVED!

For some reason, there was a static route set to 192.168.0.1 for the 10.0.10.x subnet.  I have no idea who set this up, but the route had zero traffic on it.  I'm guessing one of the other admins (gone now) who was responsible for this location had made the change and not documented it.

Thanks for the help.  I was about to go out of my mind.

Yesterday it was confirmed on the OpenVPN mailing list that OpenVPN isn't vulnerable.

Hi torontob,

Please, when you get a chance post what you did on the outbound NAT/static port to get this working. I've been having the same issue and it's driving me insane!! The tunnel simply won't work over UDP.

After analyzing my packet captures I realized my error:  the routes that I was trying to set up in the router obviously can't work because I am requesting a 10.10.11.x resource through pfSense that has an origination address of 192.168.100.x.

The correct route I needed was:
ip route 192.168.100.0 255.255.255.0 192.168.1.203

All fixed Neil from 12vpn helped me out :

"The important thing is not to put the rule on the WAN interface, but on the OpenVPN interface instead.

If the VPN client is connected when you go to the NAT->Outbound rules you'll have the option to select WAN, LAN and OpenVPN."

BTW, source and destination can both be "any". As long as the interface is set to OpenVPN and the translation address is set to "Interface address".