Just thought I'd post the eventual solution, in case anyone else ever has the same problem.  I added a static route: Interface  Network  Gateway  Description WAN 216.251.231.64/32 (our gateway) Palmetto in other words, I added an explicit rule to reinforce what should be happening anyway.  And now it works.  What caused the original problem, I don't know…

My problem is solved. Set pfsense_Pc as a  Gateway to all office computer whom you want to connect from remote pc(road warier )

@jimp: I just uploaded a package to add the OpenVPN status page from 2.0 to 1.2.3. Details here: http://forum.pfsense.org/index.php/topic,22301.msg114826.html#msg114826 oh thank you SO much….this is exactly what i needed!

You can add in the field "custom options" all valid options for openVPN to run. Just force the tunnel to use the tun "x" you define.

I figured it out. It was the "keepalive 10 60" option which is put in the server configuration automatically by pfsense. This should really be optional! That option in server mode is equivalent to: ping 10 ping-restart 120 push "ping 10" push "ping-restart 60" This tells the client to restart the connection if it goes 60 seconds without a ping from the server. If client A connects, then client B connects with the same common name, client A loses their connection. However, client A doesn't realize it lost its connection until it never receives a ping from the server, which then results in client A restarting. Then the same happens to client B, then back and forth. Why would this be the default? I had to edit openvpn.inc to remove the "keepalive" option, then push "ping-exit" to the client instead of "ping-restart".

Please read up how firewall rules on pfsense works. Create two rules on the wlan interface. 1: allow, source: wlan, destination NOT lan 2: allow, source: wlan, destination ip_of_pfsense_on_wlan like this everyone can access the internet. People with openVPN will be treated as if they are connected to another interface on the pfsense and will be handles according to the rules you create on this other interface.

Following this thread did not solve everything until I added the addresses of DNS servers in the OpenVPN server configuration page under the "DHCP-Opt.: DNS-Server" option.  In may case I added the addresses for OpenDNS, although I doubt that matters.

My Xp Client is connected to Openvpn.the problem was on Client side in My pfsense.ovpn i have comment out #dev-node ovpn. now my new setting will be C:\Program Files\OpenVPN\config\pfsense.ovpn float port 1194 dev tun #dev-node ovpn        //comment it proto tcp-client remote 203.xxx.xxx.xx 1194 ping 10 persist-tun persist-key tls-client ca ca.crt cert client01.crt                key client01.key ns-cert-type server #comp-lzo ? to enable LZO remove the # pull verb 4

yes

what would be the point of such a setup? I mean the idea of having multiple remote declarations is, if one is down you can move to the next. Do actually have multiple openVPN servers in the same location on the same internet-line?

Can anyone offer any further details on this issue? I'm hitting some bumps getting bridging configured and am wondering if this is the trouble. I bought the book in hopes of getting some more light on this - it pointed me back to the online community.

I am sorry to bump this, but i reely need some help here or maybe some directions i can check of fix. but guess none have thought in this.

We attempted to set this up previously with 1.2.2 and had major issues where connectivity was failing until we disabled the VPN tunnels. The instructions we followed were from the OpenVPN site. Perhaps they must be modified on pfSense or we did something wrong? Single OpenVPN tunnels were fine.

@Cry: If you can ping from the OpenVPN client to the LAN then routing is working.  Anything else comes down to firewall rules, either on the clients or on the pfSense host. **Do you have rules on the LAN interface allowing communication to the OpenVPN subnet (remember, the default is block)? ** Do the OpenVPN clients have any software firewalls?  Is the unspecified service you're trying to access bound to the OpenVPN interface on the client? I had to add the rules to the LAN interface to allow traffic from the LAN net to the OpenVPN subnet.  Now it works. Thanks! So to summarize, getting this to work required me to do the following:   1. I followed the steps in the section "Including multiple machines on the client side when using a routed VPN (dev tun)" of http://openvpn.net/index.php/open-source/documentation/howto.html#scope   2. Add a rule to the LAN interface to allow all traffic from the LAN net to the OpenVPN subnet.

Thank you for your answer  ;) Did you assign the OpenVPN interfaces as OPTx interface? Then created appropriate firewall rules on the OpenVPN interface to allow different subnets? I read that it is only possible with pfSense 1.2.3, isn't it ? My two pfSense boxes are in version 1.2.2.