Bump  :) No one at all that can show me which rules they implemented to allow all traffic through the vpn tunnel and reject all other traffic?

Nov 23 11:32:33    openvpn[57852]: [Redacted]:31056 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' Nov 23 11:32:33    openvpn[57852]: [Redacted]:31056 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128' Nov 23 11:32:33    openvpn[57852]: [Redacted]:31056 WARNING: 'cipher' is used inconsistently, local='cipher CAMELLIA-256-CBC', remote='cipher BF-CBC' Nov 23 11:32:33    openvpn[57852]: [Redacted]:31056 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1544' You have mismatched settings between client and server. Cipher (keysize is determined by choice of cipher) and lzo compression settings have to match exactly.

Two options: 1: Create a static route on the default gateway of your server 2: NAT from the OpenVPN subnet to the servers subnet. 1 is IMO the easier and more proper way.

Hi, if i understand you… What protocol did you specify on the server? AD: ldap OpenVPN Server: TCP The default is UDP, but i see you have TCP in your client config (which is a bad idea btw). In my fpsense in production, use TCP, the configuration you see is only for test in a virtual machine, but i take your suggestion Any idea? Regards

Funny thing is that I had this same error and solved it by switching from UDP to TCP.

Is there a method of turning my Lan Port to bridge mode to become apart of my neighboring subnet? Then potentially VPN connect through Wan to the Bridged network on the LAN side? thanks

Follow this howto: http://doc.pfsense.org/index.php/Using_OpenVPN_With_FreeRADIUS (except replace the RADIUS server on pfSense with your own RADIUS server)

@GruensFroeschli: Are you sure about this? Yes i am sure. Your setup is the classic stumbling block if you're not really familiar with routing. I just tried the manual nat as well, but it didnt change anything Sad Please describe a little more detailed what you did. Can you show a screenshot of your AoN rules? Hi there, i just got it to work :) The NAT rule i added yesterday had the subnets configured. Now  just tried adding a new NAT rule for the vpn interface and any subnet, now everything works :) thanks for your support :)

It's up and running.  I scrapped what I had correlated my subnets to the ones in the sticky you mentioned and followed it step by step. Thank you so much for your help!

To be blunt, I think you need to bring in somebody with more experience than you have.  If DNS didn't work then you wouldn't be able to map the share.  From what you've said it all sounds like an authentication problem.  When you map the share across the VPN: a) Is the remote device on the domain? b) Are you providing a username and password?

you could maybe, but not worth it, i don't think.  if you have a pfsense at the other site, have it do dhcp and have a different subnet over there.  there is nothing at all that requires PXE booting to be on the same subnet - you just need (IIRC) for the dhcp client options for site2 to point at the tftp server on site1 - once it has an IP everything should just work :)

@mhab12: This worked for me some time ago on 1.2.2  I would suspect it's still a valid starting point.  Can't comment on your voip needs though… http://forum.pfsense.org/index.php?topic=7840.msg45969 Thanks for the lead, I'll check it out.

@xerovis: After we paid for support and asked for the config file we were told it would only work on a pre-release version of pfsense, which we could not download. (resolved this long ago with xerovis privately but wanted to follow up here) That's not true, it only works with 1.2.3-RC versions, which are on all the mirrors. The process is described here: http://doc.pfsense.org/index.php/OpenVPN_Bridging there are some issues with that, but it does work (with caveats). I'm working on updating that right now for an ideal configuration.

I have tried with Client-to-client enabled and disabled.  The PCs are getting the proper IPs and related settings.

yea give it a try set net bios to brodcast

ok… now this is embarresing. After I posted this post, I was just checking again on all my configs, like Windows Settings, Openvpn and so on. Then I thought: "ok let's do something stupid and switch the machine I try to log into SITE B from..." so I took another client and tried to access a PC of SITE B... and there it GOES!!! All working fine... After that I tried to access SITE B from the Windows Server again and it was working... I can't explain why this works JUST NOW out of the blue but it does... so please ignore this stupid it guy and get on with the day  ::)

I've made some progress. The problem above still exists, but when I tried on a Windows machine I got a IP address via DHCP. However I can only connect to machines in the VPN Server network, on their public IP addresses. The client gets IP address 10.0.1.6/30 and default gateway is set to 10.0.1.5. Seems fine. The openVPN client is all green, and no error messages in the log file either on the server or client. I cannot: Ping my gateway, 10.0.1.5 Connect to any machine on internet except the ones in the VPN server network (public IPs) I can: connect to pfsense machine via HTTPS connect to another webserver in the same public network as the pfsense server make DNS req to the DNS server, also in the same network as the pfsense server I have Outbound NAT (AON) for 10.0.1.0/28 to WAN interface address.