D'oh. Well i never use PPTP… Another option would be to have a connection from each client to swissvpn... But if that is practical  ::)

I played around a bit with the OpenVPN options. On box 1: The Server uses port 1194 (UDP); the client uses port 10111 (UDP) On box 2: The Server uses port 10111 (UDP) When i check the "Dynamic sourceport" checkbox in the client configuration everything seems to work fine! openvpn[409]: Initialization Sequence Completed I will run a few tests later.

I will second that it is covered quite extensively in the book. He's not only saying it because he helped write it  ;). I have not actually set up any openVPN on pfSense but after reading through those chapters I feel prepared to do it.

Thanks folks, I got it. I feel silly for not figuring that out. Can't wait till my pfSense book gets here, hopefully that will cut down on the forum posts :) Thanks again.

Thanks for pointing this out. Manually adding pfSense address to the resolv.conf did the trick. As mentioned in the thread you posted a simple trick should be able to do that automatically. Thanks again. alphazo

Nice.. thank you very much. When I put 192.168.100.8/30 in the client config, I was able to set filtering rules for the IP 192.168.100.9.

IT WORKS !!! I don't know the WHY details, but it works. what I did ?     First, I upgraded to 1.2.3 release nanobsd on both sides.     Since there was messages in the log saying there was an error trying to add the routes in my custom options, I tryed first to remove all routes in custom options to see what append !  The result is that it works without any custom option anywhere! From both sides, I can take control of PC on other side (ultravnc) by using their respective IP addresses (192.168.0.* or 192.168.1.*) And now I have to do the bridging stuff, just waiting for the tutorial to be updated. PS:    By the way, I discovered that the firewall in windows XP SP3 prevents the PC to respond to pings if activated. silly thing :) Patrice

@GruensFroeschli: I'm not sure if this works with a bridged setup. You could use the command: redirect-gateway def1 Hmmm. Just read up a bit on the openVPN man-pages: http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html It seems redirect-gateway def1 really doesnt work with a bridge. But you have to option to use push "route-gateway x.x.x.x" Thanks,  I'll try the push "route-gateway x.x.x.x".  I should just add it to the "extra options" area on the OpenVPN page? I'll let you know if it works.

Got this resolved; apparently a FW rule was moved to a wrong position  ::)

1.2.3 is based on FreeBSD 7.2 Your OpenVPN is a port to FreeBSD 6.0. Either you're not really on 1.2.3 or something went terribly wrong when you updated.

@UnderCover: also note following the books example for site-to-site vpn with a shared key ther eis one step missing on the client side interface ip must be set: 172.31.55.0/30 the configuration file for openvpn client will not let you save anything until an interace ip is set on top of what the book mentions Thanks for catching that. We'll check into it and update the errata page if need be.

I just did the upgrade to 1.2.3.  The tun interface is assigned to opt1 setup the routes and works perfectly. Thanks again for the help.

When I tried it, the "address pool" was messed up.  It chose the same range for two clients and could not distinguish them.  I couldn't figure out a way to force the pool to a specific range for the two clients as the server has only one place to enter the pool and it must be the entire range. Just more stuff to figure out.  If it were easy anybody could do it – and they wouldn't need an overpriced curmudgeon like me! :P

Well well well. The same OpenVPN tunnel definitions that failed before work now.  All I did was update my home router to 1.2.3 RC3 (it was RC1 before).  It's starting to look like there is something amiss between RC1 and RC3 in OpenVPN implementations. Easy enough to fix, if you know about the problem…

got all sorted out. Thank you!