Not sure, was thinking would of been nice, but if it really doesn't offer anything over self signed certs, then no reason for me to do it! I have been revising my network and consolidating all admin tools under a domain and using https on everything and so thought why not use the cert on VPN since i have it. I clearly have had the "headache" part of it so far! Appreciate the response.

You have always been able to run OpenVPN and IPsec at the same time. Just not for conflicting networks. You can run them both to different places, but you can't have them both cover the exact same route/subnets on both ends of a tunnel. OK: x.x.a.0/24 to x.x.b.0/24 - OpenVPN x.x.a.0/24 to x.x.c.0/24 - IPsec Not OK: x.x.a.0/24 to x.x.b.0/24 - OpenVPN x.x.a.0/24 to x.x.b.0/24 - IPsec

The only port forwarding rule I have is to make pfsense available to WAN. OpenVPN in pfsense is not configured at my apartment. What info do you want? Thanks.

@Nachtfalke: Hi, I would suggest you to read this how-to: http://forum.pfsense.org/index.php/topic,12888.0.html This will explain you how to make a site-to-site VPN which only needs one OpenVPN server and PKI infrastructure instead of PSK. Further you have the ability to use "Client specific overrides" so that you can push routes from the OpenVPN server to the clients and so you can push only the routes you want to allow. So one strategy could be to push only the routs syou want to allow or you push all routes to all sites and the do it like twaters wrote with firewall rules. I probably would go the way with firewall rules because configuring firewall rules to make a temporarily connection for some IPs or a subnet would be easier than with adding/removing routes. In general we can say what you want to do is possible, there are different possibilities to setup the VPN (PKI or PSK) and to use routes or firewall rules to limit traffic. Not to mention, but if you ever need to have Site 1 Subnet A talk to Remote Site 1 Subnet B, the route is already established and confirmed. All that is needed is a change in the Firewall Status.

I did a routing on the router 192.168.4.1 Any destination 192.168.0.0/23, redirects to the IP 192.168.4.117 entire network 192.168.4.0/24 can ping the pfsense.

So…  Apparently I'm an idiot, and when I downloaded the config, I downloaded the iOS version, and never realized.  I re-downloaded the ANDROID config, and it worked first shot. Sorry for the trouble, but I was starting to go crazy wondering what I could be doing wrong. I'm a m0n0wall convert and I'm really loving psSense!!  I'm running it on a little VIA C7 1ghz fanless unit...  I might have to upgrade to a full PC...........

Oops, I can't delete this topic, but I figured it out. I had the second client set with a static IP, but I dyslexia'd the IP, so it was not in the correct subnet. Delete this post if needed.

Are both sides PFsense?  Post your server1.conf and client1.conf. Nachtfalke already said it, but you're using a routed setup, you should be using TUN (not TAP). A couple things: 1.  Remove those client-specific override options, they are not needed.  (iroute is only used when the remote side is on a software client and that tunnel statement is redundant) 2.  Your advanced rules are redundant.  Those rules are already generated from the "IPv4 Remote Network/s" line. 3.  Remove the source restrictions from your firewall rules until you get it working…. i.e. on the OpenVPN tab, add an any/any rule to both sides (server and client)

[SOLVED] Fix will be available on 2.1.1

Hi All, I am now able to connect to the VPN, but the network through the VPN works for only 10 seconds, then I can see the gateway goes down, changing to red. Not sure what is happening here? Thanks, Dan

Missed a file in the last commit, it's 1.2.2 now, should be OK to try.