So you're using Remote access VPN on an 8860 with windows clients connecting to it and accessing a windows server on LAN? And to clarify are you getting 2Mbits or 2MBytes (16Mbits) per second on the clients? How did you configure the VPN? tun/UDP?

You can achieve this with "client specific overrides". Assign a particular tunnel IP to each user and you can control user access by source address in firewall rules.

You can do this on 2.3, you have the option to restrict an override to one or more servers. So on 2.3 you'd have three entries each set for one of your individual servers.

Johnpoz, Forgot to mention: The firewall has a Pentium 4 HT with 1Gb of ram. I have a ADSL connection with a speed of 12Mbs max and 0,625Mbs upload. Thank you

I guess what I really wanted to do was be able to add a pfsense vm without nat, dns, or dhcp to an existing network and use it just as an openvpn appliance with the old router (or in this case fortigate and cheap router ) just port forward to pfsense on the lan side with static ip. Thanks for the help.

I've run into the situation a few times with OpenVPN, mainly when I'm "fiddling" with my configurations. I think the scenario occurs when a client is in the middle of establishing a link and I try to pull the server side down. The server instance tries to stay alive and complete the link so the restart ends up failing (sometimes "silently"). Normally a manual command line kill of the session solves the issue.  Worst case you're stuck with a reboot (very rare). Once you stop playing with the config files on both ends (especially mid-connect), I've found OpenVPN to be very stable.

PsySkeletor, did you get this to work?  If so, can you post a description on your configs, I can't get the pfsense client to connect to my softether server - my configs are off.

Yes, using Framed-IP-Address. If you're using a normal style setup then you set that to the IP address to assign the client and it sets one IP address lower as the "server" end. If you have topology subnet enabled you have to send back the address as above but also supply a Framed-Mask parameter that has the subnet mask in dotted quad notation (e.g. 255.255.255.0)

This issue still exists. Can't seem to run the PKI server as user/group nobody with advanced option: user nobody;group nobody

Thank you friends, I will follow the guidance of Lords.

Thanks for the quick reaction, the problem was as you described and I found the way to solve this. Since it defaults to "Peer to Peer (SSL/TLS)", Safari auto completed the authentication section. I used Chrome to delete the client and create a new one, and it is working now. Thanks! Joost.

filesystem permissions?

You can do this in System > Routing > Routes.  Add a rule for the site you want to go to over the WAN by getting the correct IP Address using the below method: Get a Websites IP Addresses to exclude from VPN using the Terminal: host domain name      [to obtain IP Address] whois ip address use the CIDR ip address range (69.53.224.0/19)        [This is the IP I have set for Netflix] On the rule you create, set the Gateway to WAN.

Thanks, heper!.  Your post helped me a lot. I had the same suspicion , but got scared from the new 2.2 advanced routing screen :-) For anyone in the future who might have the same problem. On Pfsense 2.2, go to NAT -> Outbound NAT. Switch to Hybrid NAT. Add entry on WAN(most likely) for NAT. Source should be your Openvpn LAN of the remote site.  Please have in mind that in my case there was NO NAT(on purpose)  between openvpn remote  LAN and tunnel net. In case you have such NAT, you might need to change advanced NAT rule, source to be the tunnel net.

If I understand your description, your setup is something like: Started with: LAN_B–-------[SiteB Client1]-WAN->(OVPN 10.76.0.8/30)<-WAN-[SiteA Server1]–-------LAN_A (192.168.42.0/24)                                                                                                          (192.168.40.0/24) Then you added a new OVPN server on SiteA to give you: LAN_B---------[SiteB Client2]-WAN->(OVPN 10.76.0.8/30)<-WAN-[SiteA Server1]–-------LAN_A (192.168.42.0/24)                                                                          /      |                        (192.168.40.0/24)                                                                                                       /      |           LAN_C--------[Other Client2]–-------(OVPN 10.76.0.44/30)--/      [SiteA Server2] (192.168.0.0/24) So (B) <-> (A) can communicate fine, but (C) <-> (A) sees only the tunnel address 10.76.0.45&46? This is usually a routing problem in the OpenVPN config. What type of server did you create for Server2 (SSL/TLS, Shared Key, Remote)?