most of my installations have been update from 2.0-Beta -> 2.0.1 -> 2.0.3 -> 2.1 -> 2.1.1 -> 2.1.2 -> 2.1.3 as far as i can tell, there is nothing wrong with your openvpn configuration. for testing you could add a firewall rule on top of the openvpn-tab: PASS, PROTO:all, source:any , dest: some-lan-client-address, logging:on see in logs, if it shows up when you try to ping the client … if it does, then i'd say it's a client issue. If not, then only packet-captures could help to explain what is happening

@Derelict: Is this on? Strict CN/User matching: When authenticating users, enforce a match between the common name of the client certificate and the username given at login. It's in the OpenVPN server settings. EUREKA!!! Yes thank you -just tested, and is working as described. … In other news, i need to go and have my eyes tested - cant believe that i missed the setting  :o Thx Derelict / Guys :)

Hi , i tried all things ….........no luck ! the only way it worked is , when i used openvpn gui  !!! i was using openvpn client , but not working ! can you tell me wt the diffeence between them ?  why pfsense dont like both of them ?? also i have another issue with my iphone ! im trying to download the profile but it fail !!! it give me an error !!! anyhellp ?

many thanx viragomann, now i try to do it, i hope to have success. Can i ask you other in future? For me, this features is very important Regards

Hi, I have also added the following rules on the PRV5 interface you have to put the rule allowing traffic from OpenVPN to OpenVPN interface.

FIXED I went into the VPN interface, clicked 'Save' and all miraculously started working again. got the idea from another Thread: https://forum.pfsense.org/index.php?topic=75142.0 Same problem too (vpn tap with certificate + bridge) The vpn connects correctly (from logs either client and server side), but no traffic passes through it as interface is down. Going to the interface properties hitting save makes it work The problem doesn't happen with vpn tun with shared key to another location Thanks for the help though!

Well that figures, after dealing with it for weeks and finally asking for help, I seem to have fixed it. I ran 'addtap' and it gave me some dialog about how it was installed and updated?  It's working now.

A couple potential solutions. Use different networks for the local and VPN.  e.g. local: 192.168.1.x, VPN: 192.168.21.x Edit: Oh wait a minute, just realized that isn't what you are talking about.  It's the work and local networks that would need to be different also.  I think. Place the OpenVPN interface at the top of the binding order. This was pointed out to me by hero member johnpoz in an earlier thread last week: https://forum.pfsense.org/index.php?topic=77421.0 Good luck.

If you had used EasyRSA on pfSense 1.2.x to make the certificates and imported the CA from there, you have to be careful to get the serial number from EasyRSA when importing. EasyRSA tracked it in a separate text file. See https://doc.pfsense.org/index.php/Using_EasyRSA_Certificates_in_2.x

I'm a little unclear on what's your actual problem. Does the Tomato router connect, but you simply can't ping it from the pfsense side? Or does the Tomato connect and then drop off forcing a restart of the OVpn connection? If it's just a ping issue, you may need to add the "iroute 192.168.1.0 255.255.255.0" to the "OpenVPN->Client Specific Configuration" section for your Tomato connection.

Hi kpa, thanks for your fast response. The VPN is a TAP/bridged one, as fas as I understand there is no tunnel on this kind of vpn, or am I missing something? Thanks, Jakommo

ok i confirm the workaround. For an OpenVPN in TCP 443 on pfsense 2.1.3 i have to disable TCP Inflight Mode. If not, i have only 1.3 Mbit, without, i have 12 Mbit !

Yah, been there ::) Sometimes the magic works…... Sometimes you just have to get all the details just right..... Glad it's up and running  :)

I got panicked while I run``` pkg_add openvpn anyway I did pkg_delete openvpn-2.2.2 pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/openvpn-2.3.2.tbz and now I got openvpn version 2.3.2 and also the shared object : /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so thank you very much… I ll make my tests now...  :)

My reply is after adding that option and testing for however many days since your post. At first, it seemed to have done the trick but then I realized same problem exists. Here is my config auth-user-pass xxxx; #route-gateway x.x.x.x; #dhcp-option DNS x.x.x.x; #dhcp-option DISABLE-NBT; route-noexec; #dhcp-option DNS 8.8.8.8; #verb 6; reneg-sec 0; keepalive 10 60