Thanks again for the help.  I was able to get this working using the following. Download the client including the gui manager. Once installed I was able to go in to services and set the openvpn service to start automatically I then downloaded the openvpn-mi-gui program and when I run it I don't have the problem with the admin and it runs the batch files in the config directory as the logged in user.

Hi, Sorry, I can't help you at this time. But maybe you can help me! I am new to pfSense and also have Torguard VPN.  I have successfully installed Torguard on DD-WRT and ASUS Merlin Build routers.  I am trying to get it to work on pfSense 2.3.2. I followed the instructions on https://torguard.net/knowledgebase.php?action=displayarticle&id=208. The wan, lan and Torguard VPN interfaces are up and running. My laptop gets an IP address, but I can't access any websites. What instructions did you use to install TorGuard VPN? Thanks in advance for the help. EDIT: I was able to fix the problem. I started creating screen shots to send to support. When I landed on the LAN Interface page, I noticed that IPv6 Configuration Type was set to “Track Interface”. I don’t use IPv6 and recall seeing on the pfsense forum that IPv6 needed to be turned off.  I tried to change it to “None”.  But I received a message that DHCPv6 Server was active and must be disabled first.  So, I went to Services, DHCPv6 Server & RA, and set it to disable.  I then went to Interfaces. LAN, IPv6 Configuration Type = “None”.  I am now able to access websites.  Problem solved!

"Skip rules When gateway is down" is now off and will stay off!!! I like tagging the packets destined for the vpn in the lan rules … then the floating rule matches the tag and rejects packets so they can't get to the Internet. In practice this method seems to be much faster at rejecting packets. Any, guys, thanks very much for the information ... much appreciated.

so did you look here? https://doc.pfsense.org/index.php/Mobile_One-time_Passwords_with_FreeRADIUS

create a client override for your specific client and then push out the IP you want them to use [image: clientoverride.jpg] [image: clientoverride.jpg_thumb]

Tks… solved... ;D ;D ;D ;D

Thanks Derelict, the authentication is failing and not sure what the correct settings are to use with OS X 10.11.x Some settings in the Server Settings section: Port value: 636 Peer Certificate Authority: MainCA Internal (Is this where i could be going wrong? Do i have to export the authentication certificate from the authentication server?) The Base DN is: cn=users, dc=abcserver, dc=local Authentication containers: cn=users, dc=abcserver, dc=local Do i need to check the RFC 2307 Groups box? What do i put for Group Object Class? Thanks.

For me this turned out to be a problem with Virgin Media, when I started an Open VPN between 2 of their Static IP connections, Started fine, try and transfer any data and both Virgin modems would disconnect their GRE Tunnel. If the client is on a non static IP Virgin connection it works fine, and does not appear to have issues with any other ISP static IPs…..

Have you set a firewall rule on pfSense at OpenVPN interface to allow the access to the other site? Ensure that software firewalls (Windows) at the destination hosts do not block the access.

no, the tunnel keeps running fine. that's the weird thing. if I ping or ssh from pfSense it has no problems. But from "Local LAN" it works the 3rd try.  ???

I took a look at their ovpn files and it doesn't look like there's anything that would make much difference. The guide should work, just skip steps 10, 11 and 12 and enter the username and password in the pfSense gui. If it still doesn't work, you'll have to post your log.

your route command doesn't look right off the top of my head.. route add -net 172.16.10.0/24 172.16.1.1 Would be proper syntax

I add vpn subnet to local network in asterisk and everything work ! thanks

@jimp Thanks, that worked for me.

Wound up resetting to default, reinstalled everything as it was, everything worked. No clue what caused the issue. Did not install squid this time however.

regarding point 2, i found the solution in one of the blogs. the following option needs to be selected (Checked) System -> Advanced -> Firewall and NAT -> Bypass firewall rules for traffic on the same interface. any hints for point 1? thank you

Ok, I didnt give up…. yet :) I read that Synology NAS cant do site to site but I guess that goes for being server. I changed port number on NAS config to connect to correct server, so from existing RA to PtP. Using existing config file exported from pfS with inline cert/key/tls Authentication failing. PtP server generated new tls key, I hit my head, I should know... Copy key over but then the server log spits: " TLS Auth Error: --client-config-dir authentication failed for common name 'NAS' file='/var/etc/openvpn-csc/server2/NAS' " " '/var/etc/openvpn-csc/server2/NAS' " here my mistake. So now I know this way it`s not working :) Have to export NAS and not use the existing one. Me trying to take shortcuts but eventually it takes longer :)

Thanks for the succinct answer!

"I wouldn't trust the hardware if it's that old, though." Exactly which is why I would get new hard, do a nice clean install - put in your config, swap them this provides for very short down time.  How ever long it takes to you swap the cables really.  And if something not working because you missed a config, etc.  Then you could swap the cables back. To me this is the safest approach since swapping disks maybe something else fails on the ancient hardware on a reboot.  Shit does that old of hardware even support sata as a disk connection..  You mention soekris, what model number - prob has some soldered CF so can not even swap that.. I would prob go with their net6501-70 if customer wants to stay with same namebrand, etc. But for that price point why not just go with pfsense sg-4860 or Netgate RCC-VE 4860, etc..  Sure that would huge improvement to some soekris system from 9 years ago ;)