You're welcome  ;) The best for final users is to configure the app to run as administrator always (Right click -> properties -> Compatibility -> Run as admin), or just enable the service on services manager to connect at windows startup. Greetings!!

@SirJohnEh: I haven't started on it yet, but it's on my things to do list. I reviewed this topic and found the way. We can use Cron. Don't know how much you are familiar with this *nix stuff but this serves exactly to our purpose and PfSense has a wonderful GUI to use it very simply. Just install the package and then configure it according to this page: https://www.freebsd.org/doc/en/books/handbook/configtuning-cron.html Bear in mind that openvpn config files are located in this dir: /var/etc/openvpn Each client that you configured via the PfSense GUI has a clientX.conf file where the X is the number of your client. To start the OPenVPN client you will need to configure 2 cron lines for each of them. The first will start the client and second line will kill it at a prdefined time. To make things better you can eventually arrange a shell script that before start or stop the openvpn client will check if a PID for it is running. Please let me know if you need any help on this and I'll be glad to provide more info. Zeno

Hello and thanks for your time, You just have to set up the PIAVPN interface I created the PIAVPN Interface. you can use the PIAVPN gateway in firewall rules to route the traffic over VPN At the Gateway advanced Features section of my LAN Rule, for some reason the PIAVPN is not listed in the drop down box. [image: NAT_For_PIAVPN.jpg] [image: NAT_For_PIAVPN.jpg_thumb] [image: LAN_Interface.jpg] [image: LAN_Interface.jpg_thumb]

thank you. first when configuring the lan server over dhcp its hostname appears correctly in the pfsense menu Status -> DHCP leases and you can ping the hostname correctly. only if i configure a static ip for the lan server network it is shown only in the menu Diagnostic -> ARP Table but not under the DHCP leases. so what to do to setup the dns service that it also can resolve the hostnames from the connected servers showed in the ARP Tables? where and how to configure the dns service for lan in pfsense, like you said? at the moment my above mentioned solution works fine but if there is a way to automatically resolve manually configured lan networks please give me a further tip. daniel

I think i got it! i configured a wan gateway group with different tier priorities and select that gateway group as the client interface for my openvpn connection. works well!

Thanks dude . it helped

@Derelict: https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269 Thanks Derelict this looks a lot easier to understand. Interestingly with my current setup (from my last post above), the TCP port 80 for the web interface works perfectly, but to the other ports is still getting 'lost' somewhere even though the rules are setup the same for each one. I'll work through your referenced post and report back my findings later on.

Yes, you have to create a particular CA and server cert for each ovpn server. Only users with certificates from the CA which is assigned to the server can connect to it. The second server must listen on a different port and use a different tunnel subnet, off course.

any one help i have added multiple clients but clients not communicating with each other. any specific configuration do i want to add in clients???

Figured out the root cause.  Changed NAT outbound to hybrid and added the rules for the LAN within site B's pfSense. :D

You'll have to post your rules.

Yup, simple policy based routing… Just create a firewall rule using the IPs of your devices as source and send them out gateway to your vpn.. Here I gave example.. of doing just that in this thread https://forum.pfsense.org/index.php?topic=104449.msg582455#msg582455

@tontoOz: Could someone please clarify or advise how the name of the server can be used instead of the IP address in the above example? Completely unrelated to this thread but Server host or address in the OpenVPN client config takes a hostname or IP address.

Very likely it will be just fine. Another way of looking at it: what's the CPU load on your I7 Win client? Not exactly an apples-apples comparison, but I'd be surprised if you see an appreciable CPU load @90Mbit/s. The main thing that would slow down pfSense would be the introduction of a resource hungry package like Snort/Suricata. With a reasonable amount of memory (1GB would be a start) and the CPU you mentioned, that system should be entirely adequate  for VPN across 100Mbit cable. You might want to check with your VPN provider if they have any particular configuration issues w/pfSense (or perhaps search the other pfSense boards).

Teddy - Cheers, I will check the Bios! If connected, I'm just going to assume it's working! Jimp - I have also had confirmation from my VPN provider that support will be added immediately post 2.4 release.