If you don't want to use "Duplicate Connection" and you've different CNs you can also set up "client specific overrides" for each cert to get different IPs, but that's more of work. Ok, I will just keep duplicate connections enabled. Have you installed the openvpn-client-export package? Yes I have. It does show one configuration per user, but the other certificate i made does not show up there. Also I am now unable to access the servers from my phone (android, Openvpn for android) through the VPN, not sure what happened there as the only thing i have changed is enabling duplicate connections. I tried disabling duplicate connections but no change. I can still connect to them from my laptop though, I'm guessing for some reason the routes are not being added to my phone. Update: Well my phone is working fine on my home wifi, I guess it has something to do with the cell network…

That was it. I create another P2 for site 30 and now VPN clients have access to both sites. Thanks for the help.

@visi0n: hi john have you tried obfsproxy? i temporarily enabled the FBSD repo and installed obfsproxy & deps however i still get an error about argparse. configargparse did get installed along with py27. latest obfsproxy commit shows py-argparse should no longer be a dep in 0.2.13 (https://www.freshports.org/security/obfsproxy/) I'm versed on many things but py isnt in my skillbook, i'm stuck as I cant use my openvpn without wrapping through obfsproxy :( Do you have any tips? google didnt get me any further Traceback (most recent call last):   File "/usr/local/bin/obfsproxy", line 6, in <module>from pkg_resources import load_entry_point   File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3019, in <module>@_call_aside   File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3003, in _call_aside     f(*args, **kwargs)   File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3032, in _initialize_master_working_set     working_set = WorkingSet._build_master()   File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 655, in _build_master     ws.require(__requires__)   File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 963, in require     needed = self.resolve(parse_requirements(requirements))   File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 849, in resolve     raise DistributionNotFound(req, requirers) pkg_resources.DistributionNotFound: The 'argparse' distribution was not found and is required by obfsproxy</module></module> do I have the same problem? did you solve it?

I tried that biased on my understanding of the options presented by pfsense GUI. I was unable to make it work….. Now that I think about it i may have entered it in Site A's Config. I will try again tomorrow.

You may also do both with an access server. Look here: https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server The routing for the site-to-site can be set by client specific override.

Looks like the client doesn't reach the server. Ensure that the server listens on WAN address or you've forwarded port 1194 to the address it is listening. Also ensure the incoming packets are allowed by firewall rules.

Same exact issue I am having, fails to delete old dynamic routes.  Update version 2.4.1 may of fixed this issue, can anyone confirm? https://forum.pfsense.org/index.php?topic=138608.0

Thanks for the response. I checked this boxed with seems to have solved by above problem. "Skip rules when gateway is down" under advanced settings.

You have to make sure the rules are properly-configured on both but not really. When you have one OpenVPN that is essentially a WAN and one that is private you really have no choice but to separate the rules.

@kejianshi: After you share the port, put your web gui on some other rarely used unassigned port.  If you have a bad case of alzheimer's, write it down and save it in your favorites. By web gui do you mean pfsense GUI? I currently use http: port 80 for it.

no problem.. Glad we got it sorted.

Openvpn is simple and port flexible.  IPsec is pretty much the opposite of that.

Yes, on each site pfSense is the main gateway/router. I applied the config and rebooted pfSense on both ends, still no luck. Ping attempt from the branch office: PING 10.1.1.9 (10.1.1.9) from 192.168.1.1: 56 data bytes --- 10.1.1.9 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss This is an attempt to ping one of my servers (10.1.1.9) from the LAN interface at the branch office. Here is some more interesting behavior: I can ping the main office LAN gw (10.1.1.1) from the branch office on the VPN interface: PING 10.1.1.1 (10.1.1.1) from 10.0.0.109: 56 data bytes 64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=51.527 ms 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=84.772 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=27.185 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 27.185/54.495/84.772/23.603 ms But I cannot ping servers from the VPN interface at the branch office: PING 10.1.1.9 (10.1.1.9) from 10.0.0.109: 56 data bytes --- 10.1.1.9 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss I cannot ping the main office LAN gw from the branch office LAN PING 10.1.1.1 (10.1.1.1) from 192.168.1.1: 56 data bytes --- 10.1.1.1 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss Routes at the branch office: 10.0.0.0/24 gw 10.0.0.1 10.1.0.0/16 gw 10.0.0.1 10.196.54.128/26 gw 10.0.0.1 Routes at the main office 10.0.0.0/24 gw 10.0.0.2 192.168.1.0/24 gw 10.0.0.2

It’s complicated. I tried to replicate the problem and succeeded two times, only to see that when I replay the actions after a full reinstall without restore, the problem disappeared. My impression is that the problem occurs when one replaces a VPN provider that uses TLS (NordVPN), add a new provider that doesn’t use TLS and then replace the client in the interfaces. When I deleted the interfaces first, save and then recreated the interfaces I never had troubles. I’ve spend more than 12 hours now on trying to create a decent and easy to replicate big report but it is complicated. I’ll have  more time in a couple of weeks and I will do a follow up then.

You are joking, right? When you say: @SirBisgaard: my OpenVPN server is working then I expect you tested that already. How? With an OpenVPN client on your laptop? Use that (Tunnelblick as OpenVPN client) when you are in school. Or ask your IT teacher to help you solve this … if you are not the teacher, that is.  :-) And may I suggest some reading here: https://forum.pfsense.org/index.php?topic=20236.0 BTW: what did you already do/test and what's not working?

Hello, have you manage to fix this? I have exact same issue. Cheers!