Thank you all so much for your feedback! This solution worked for me, i just added to the VPN under advanced configurtion on client side the subnet to be routed trought: "route 192.168.10.0 255.255.255.0" Tata! Thanks! @viragomann: The recommended solution is to use different subnets on both sites, you know. If you try to route the same subnet over VPN as is configured on physical interface the route will be ignored. For workaround, you may add singular IPs you want access in the remote subnet to be routed over VPN instead of the hole subnet. Remember that your VPN client host cannot access the same IPs in local network while it is connected to the VPN server.

Thanks! Worked perfectly.

More crap on this completely fresh reinstall of pfSense 2.1.5 (and even more crap new messages, which I have in a word document and will post later): attached pic. I can not assess if this is related to this: https://redmine.pfsense.org/issues/3894 https://forum.pfsense.org/index.php?topic=75502.0 I'm way to noob for that. [image: PIAVPN-weird.jpg] [image: PIAVPN-weird.jpg_thumb] [image: PIAVPN-weird2.jpg] [image: PIAVPN-weird2.jpg_thumb] [image: PIAVPN-weird3.jpg] [image: PIAVPN-weird3.jpg_thumb]

Is this help? …. https://www.youtube.com/watch?v=VdAHVSTl1ys

@jimp: If your VPN client is OpenVPN and it receives its default route dynamically over that channel (e.g. "redirect-gateway def1" on the server) then you'll need to use "route-nopull" in the advanced options so that the client will ignore the default route information. Hmm, Jim, if I do that I get: ] | Jan 3 15:29:30 | openvpn[73188]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) | | Jan 3 15:29:30 | openvpn[73188]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) | | Jan 3 15:29:30 | openvpn[73188]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) | | Jan 3 15:29:30 | openvpn[73188]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) | | Jan 3 15:29:30 | openvpn[73188]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.124.1.1,topology net30,ifconfig 10.124.1.6 10.124.1.5' | | Jan 3 15:29:30 | openvpn[73188]: SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1) | | Jan 3 15:29:28 | openvpn[73188]: [Private Internet Access] Peer Connection Initiated with [AF_INET]x.x.x.x.:1194 | | Jan 3 15:29:28 | openvpn[73188]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA | | Jan 3 15:29:28 | openvpn[73188]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication | | Jan 3 15:29:28 | openvpn[73188]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key | | Jan 3 15:29:28 | openvpn[73188]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication | | Jan 3 15:29:28 | openvpn[73188]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key | | Jan 3 15:29:28 | openvpn[73188]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com[/t][/t][/t] My settings are: | auth-user-pass /etc/openvpn-password.txt; ca /etc/ca.crt; verb 3; route-nopull; What might this mean? Thank you  ;D

If there is some computer behind the pfSense at the remote site, then you can install something like TeamViewer on it. That will also find its way out from behind private address space. Then you can TeamViewer to that computer (VM or whatever) and open a browser there to access pfSense webGUI even when the OpenVPN is down/off.

I just finished writing up a quick set up guide on a local forum of ours, please feel free to check it out: http://mybroadband.co.za/vb/showthread.php/669041-Mini-Guide-Setup-free-VPN-(Froot-using-OpenVPN)-in-PfSense Seems to be working fine on my side.

If you are using authentication against AD for OpenVPN, why do you touch the user manager? They do not need account entries there. Make certificates directly under System > Cert Manager on the Certificates tab. Ignore the user manager.

In the advanced options for the gateways, adjust the latency thresholds higher so that they won't trigger so soon, and set the down time higher (30-60sec) https://doc.pfsense.org/index.php/Gateway_Settings#Advanced_Options

As written, there is no Log on the server side … not one line (about this instance) OK ... problem found ;) I've set the server to the WAN-Interface ... but he have to listen to a virtual ip on this interface ... so he tried to bind to the main ip instead of the virtual ip address. I've changed the interface and one second later, the client was connected. Anyway ... many thanks for your inputs ... Kind regards

Yes, you can open your openvpn-port (normaly 1194) not only on the wan-interface, but on the lan2 interface too. Set the openvpn-server to listen on "any" interface.

Hi Heper! Thanks for the response. I looked at this great tutorial: https://forum.pfsense.org/index.php?topic=76015.0 The problem I had was that I was missing the NAT rules, did as suggested there and it all works great!

Problem #1 is your tunnel network is inside your LAN.

I have not seen anything that shows PFsense can be configured to do so, but you can always dump to a syslog and implement filters to show you what you want to see.

bump