@Numbski: billm, I hope you're wrong about this.  Here's why: I have a client that needed some serious entropy available to an application.  We purchased a hifn card to supplement /dev/random.  FreeBSD does not create /dev/hwrandom, and from all appearances, speed of the customer's application went waaay up, and the deployment passed some certification process that I was not involved in.  So….hmm. Interesting stuff.  Perhaps I should dig into this further?  BTW, another option if I recall correctly would be to insert a sound card, get the driver working, get the block device for the mic-in, then take and have that constantly dumping to /dev/random too. (don't hold me to that, never personally tried it!) You're probably correct. –Bill

Maybe a link in the tutorial to http://www.openvpn.se/mycert/ would be nice too.

Ok… Thanks... thought so... then I'll test a little more  :P

cheers, i will add all solutions & fallbacks to the tutorial so we can prevent further problems like these. will be online next week. kind regards dairaen

ok scratch that. its fixed

ifconfig tunX destroy

Maybe you could add a "Beware of your gateway" line in the section where you're supposed to test your new VPN tunnel? done ;)

Your not going to like to hear this but I went with IPSEC vpn's instead.  The interface is much more reliable and pfsense's implementation will allow you to configure the server as a remote client portal.  All the pfsense clients connect as if they were a site to site and it takes care of all routes beautifully.  It doesnt matter if they are dynamic or static ip's with this conifig also.  I will keep checking with OVPN and hopefully they will have all the kinks worked out soon.

After the openvpn tunnel comes up, openvpn launches our script that reloads the filter rules, then it notices tun0 and sets everything up.

Update to the latest 1.0-RCe… Upload a, b,c,d,e. We changed how OpenVPN is launched now.

Thanks, now its works

Neither on IPSEC in 1.0 if that is the next question.

Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!

I am having the same issue and have recently upgraded to R3 with no help.  I also tried downloading the latest snapshot but the images arent available from the link.  Any ideas?

Yeah, that only works when bridging, and well, you can see the novella being created by my efforts to get that working. :P

Ah didn't figure that out - must be missing the "both" keyword in the "ports" keyword description. Thanks for pointing out. Yeah, right, the tunnel is supposed to be established between the two devices on the same port on both ends, as that makes maintaining the firewall ports easier and more transparent.

That howto needs some additional work. Seems there are some things not completely correct. You won't open up your network to the whole internet, only to authenticated clients that then have an encrypted connection to your site.

OpenVPN should work, as long as its standard UDP Port (1194) ist properly redirected to the pfSense box behind the Cisco. The other pfsense on the ADSL (I assume) line should work just fine. Anything further depends on the ip/netmasks used on either side and the mode used for openvpn. But at a first glance I can't see anything that should spoil the fun here - as long as the cisco is fowarding the openvpn-udp packets adressed for the public ip to the pfsense on its transfer-net (wan)