iptables -I INPUT -s 10.x.x.x/16 -j ACCEPT iptables -I FORWARD -s 10.x.x.x/16 -j ACCEPT add this en firewall dd-wrt

@jimp: Everything you need should be in the config.xml that you restore to the other system. Was the WAN IP address the same on the old and new unit? If it gets an IP by DHCP from upstream somewhere, it may have given a different system a different IP address. If you need more detail in the OpenVPN log, just add "verb x;" in the custom options box, where x is a number. I think the default is either 2 or 3, you can go all the way up to 9, but you don't really want that much in most cases. Yeah, same IP address (static from our ISP).  I will try the verb option.  Thanks.

The error about services failing is normal and doesn't mean there are problems. I haven't heard of anyone getting this to work with a remote access client, but I have got it to work fine when using a pfSense box running Avahi on each end of an OpenVPN tunnel. I can see Bonjour users on both ends of the tunnel in Pidgin.

Yes. With OpenVPN this just a tick in a checkbox.

Thanks a lot, you have been a great help!! I will test it and setup my Alix board as you said. I'll let you know about the outcome… regards rpf

thanks for all the info. Just trying to make sure I understand how everything works and squeeze the most out of it.

@kpa: DNS-servrar . . . . . . . . . . . : fec0:0:0:ffff::1%1 Looks like your client is using an IPv6 address for DNS, that's not going to get trough the VPN tunnel since pfSense by default drops IPv6 traffic. I tried to turn it off without any difference. I did it by go to Start > Network > Interface (TAP-VPN) and properties then disable ipv6 Edit: I think that all ports works fine except 80. I can play games like Trackmania over internet. But i can't play it without vpn. Somthing wrong with port 80.

Your question is not very clear.  OpenVPN is not supported on Cisco gear.  Please try to restate your question.

What did you put for your address pool/tunnel network? (It should be a /24, not /30)

It's just basic routing. A router that is connected to two or more different networks has to be able to tell the networks apart somehow, it can not guess where to send the packets if two networks have ip address that overlap.

Our paid support offering isn't $2k - that is for the reseller subscription. A 5-hour pack of commercial support is $600. For more details, see here: https://portal.pfsense.org/index.php/support-subscription If you want to see if anyone is willing to help for money on the forum, please post in the bounty board instead.

Perfect. Thanks!

GruensFroeschli, Thank you again for your input. 1. When WAN is down, other inbound traffic is passing safely through OPT1. My loadbalancer is also working when WAN is down. Only VPN is not getting established. 2. Like you suggested, I removed the 2nd VPN server. And, I removed the "local xxx.xxx.xxx.xxx" from the custom options field for the remaining server. Now, I cannot connect on OPT1 interface even when WAN is up. With two servers, I was able to connect through OPT1 when WAN was up. I must be missing something minor. Any help is greatly appreciated. Thank you

I have locked myself out but I have OpenVPN access. I am just doing console to the box and option 14 tells me that sshd is enabled. But when I try to reach the box with ssh 192.168.1.1 I can't get any response. I have checked and iptables -L doesn't exist either. How can I get this router to accept my HTTPs and SSH requests? What commands specifically? Thanks

I got it to work. It was a hardware issue. I won't be using any NICs with RealTech chips anymore. I'm using an old Dell server with a pfsense installation (1 GHz processor 512 RAM), it has an integrated NIC and I added a PCI NIC. I think it was a used D-Link. I came to the conclusion after reviewing the settings many times that there was nothing wrong with them. I replaced the D-Link NIC with an old Linksys. The tunnel came up, but then all the LAN computers lost internet and couldn't even ping the pfsense box. After some more troubleshooting I moved the card to a new PCI slot and now everything works (for now).

Using the standard LAN rule with no failover produces the same result: Pass Aug 18 11:02:58 NG0 xxx.xxx.xxx.xxx:1930 192.168.1.247:1194 TCP:S Pass Aug 18 11:03:24 NG0 xxx.xxx.xxx.xxx:1933 192.168.1.247:1194 TCP:S Pass Aug 18 11:03:50 NG0 xxx.xxx.xxx.xxx:1935 192.168.1.247:1194 TCP:S Block Aug 18 11:04:31 LAN 192.168.1.247:1194 xxx.xxx.xxx.xxx:1930 TCP:S Block Aug 18 11:04:58 LAN 192.168.1.247:1194 xxx.xxx.xxx.xxx:1933 TCP:S Block Aug 18 11:05:24 LAN 192.168.1.247:1194 xxx.xxx.xxx.xxx:1935 TCP:S

Anybody? I'm trying to get my VPN on OPT1 interface to work. Should I setup the VPN servers on different ports? Will that help?

Ah! So that's what i was missing. I created the rule and reconnected the VPN and everything is working fine. Thanks a lot cmb!