Hi Jonny,

Your explanation could use some clarification, what I understand is that you have two subnets and you want them both to be accessable for OpenVPN clients.

If that is the case I guess you can just use the "push-route" option like so:

push "route 192.168.1.0 255.255.255.0"

You wouldn't have to map ports although you will need to create some firewall rules on the OpenVPN interface to allow the traffic you require.

@MrHorizontal:

You're mad  ;D

But if you really want that, WINS with replication (courtesy of Samba) would do it for you.

Why yes, yes I am. :)

I would like to do that without running Samba on both sides. Mainly for customers who don't have or want a WINS server. I've tinkered with using Samba for WINS on pfSense as a package, but running Samba on a firewall has always made me feel uneasy.

found the answer on openvpn site.

http://openvpn.net/index.php/open-source/documentation/howto.html#security

A follow up on this:

Scrapped bridging for now - followed the tip on enabling the Avahi package and I've got the functionality I was looking for.

http://forum.pfsense.org/index.php/topic,22561.0.html

Hope this helps others out there - Thank you!

Ah I see now. Sorry, I overlooked that.

So you'd want pfSense to hook into your VPN, which is Cisco on the other end?

That's a little different, but again it may work in 2.0 as it should support xauth, which is how Cisco's VPN client does the authentication beyond using the psk/group/etc.

Not sure if it would work, but it stands a better chance.

Before you edit, run:

/etc/rc.conf_mount_rw

And then after, run:

/etc/rc.conf_mount_ro

Just thought I'd post the eventual solution, in case anyone else ever has the same problem.  I added a static route:

Interface  Network  Gateway  Description

WAN 216.251.231.64/32 (our gateway) Palmetto

in other words, I added an explicit rule to reinforce what should be happening anyway.  And now it works.  What caused the original problem, I don't know…

My problem is solved.
Set pfsense_Pc as a  Gateway to all office computer whom you want to connect from remote pc(road warier )

@jimp:

I just uploaded a package to add the OpenVPN status page from 2.0 to 1.2.3. Details here:
http://forum.pfsense.org/index.php/topic,22301.msg114826.html#msg114826

oh thank you SO much….this is exactly what i needed!

You can add in the field "custom options" all valid options for openVPN to run.
Just force the tunnel to use the tun "x" you define.

I figured it out. It was the "keepalive 10 60" option which is put in the server configuration automatically by pfsense. This should really be optional! That option in server mode is equivalent to:

ping 10 ping-restart 120 push "ping 10" push "ping-restart 60"

This tells the client to restart the connection if it goes 60 seconds without a ping from the server. If client A connects, then client B connects with the same common name, client A loses their connection. However, client A doesn't realize it lost its connection until it never receives a ping from the server, which then results in client A restarting. Then the same happens to client B, then back and forth. Why would this be the default? I had to edit openvpn.inc to remove the "keepalive" option, then push "ping-exit" to the client instead of "ping-restart".

Please read up how firewall rules on pfsense works.
Create two rules on the wlan interface.
1: allow, source: wlan, destination NOT lan
2: allow, source: wlan, destination ip_of_pfsense_on_wlan

like this everyone can access the internet.
People with openVPN will be treated as if they are connected to another interface on the pfsense and will be handles according to the rules you create on this other interface.

Following this thread did not solve everything until I added the addresses of DNS servers in the OpenVPN server configuration page under the "DHCP-Opt.: DNS-Server" option.  In may case I added the addresses for OpenDNS, although I doubt that matters.

My Xp Client is connected to Openvpn.the problem was on Client side in My pfsense.ovpn i have comment out #dev-node ovpn.
now my new setting will be
C:\Program Files\OpenVPN\config\pfsense.ovpn

float
port 1194
dev tun #dev-node ovpn        //comment it
proto tcp-client
remote 203.xxx.xxx.xx 1194
ping 10
persist-tun
persist-key
tls-client
ca ca.crt
cert client01.crt               
key client01.key
ns-cert-type server
#comp-lzo ? to enable LZO remove the #
pull
verb 4

yes