Hi, I found the mistake. It was a firmwarebug in the router. The forwarding was not working. rgds,

Its a good idea…  Would be great if the keys changed constantly and if the last key used would be the only key accepted for the beginning for the next session also.  I guess...    :-\ I'm guessing you would be using blowfish?  I'm guessing....  I'd never suggest not to use AES... AES is NSA approved after all, so it must be awesomely unbreakable?

I just a way to allow users to direct traffic to the VPN or a gateway that the VPN sets up. What I want to be able to do is share a Anonymising VPN between more clients. I guess a proxy is probably the way to do it but it would be nice to have an interface of some sort. If all else fails I may setup one of the extra Raspberry Pis or something for a Socks proxy and have it direct to a gateway, but I don't know if the performance would work well. So any idea?? Thanks

http://forum.pfsense.org/index.php?topic=29944.0 http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/

This is windows? Do you know the IP of the computers with the share you wish to access? If so in a file manager, type: \IpOfComputerWithShare Like \192.168.1.10 If thats not working, verify that you don't have firewall rules messing things up.  Also verify that you don't have a subnet range in use in more than one place.

pfSsh.php playback gitsync RELENG_2_0 reinstall package profit even more (since fixes after 2.0.3 shipped are included in the gitsync)

I don't have your answer, but I did notice that the page linked is for openvpn access server,  which iirc is the commercial offering and is not the open source package that is used in pfsense and other linux distros. So the first thing you will want to determine is if your feature is also available in the open source edition.  Sorry for the non answer but since nobody else had replied maybe you will find this helpful.

Thanks for the reply, where can i find it?

Resolved the issue by saving the file in /etc/ and as file type .txt.

That's exactly the help I needed, thanks so much Jeff!!!

@phil.davis: You are having a "road warrior" server at Site A to "dial-in", then a site-to-site link from an OpenVPN client at site A to an OpenVPN server at site B. The tunnel network for "road warrior" and "site-to-site" have to be different subnets - what is in the original post is fine. (I think marvosa has misread your post, as I did when I first looked at it quickly) The local network at site A and site B have to be different and not overlapping. e.g. 10.0.0.0/16 and 10.1.0.0/16 Then it is all standard stuff, no real challenge for pfSense. Put the appropriate things in local and remote network fields of the VPN settings, allow stuff in firewall rules, go. All right, it mean that i`m on the right way to apply this. i will give it another try and may also check the firewall settings - the problem could be there.. many Thanks!

@phil.davis: For site-to-site links connecting private subnets at multiple locations, and servers for road-warriors connecting in, then you don't need an interface assigned. You can do it all with ordinary OpenVPN config - putting private subnets in the appropriate "local network" and "remote network" fields of the GUI, adding client-specific overrides for site-to-site with multiple clients from remote sites connecting in to 1 server… The GUI fields result in the necessary routes being created, then you use the general OpenVPN tab to allow traffic - often you only want/need to allow traffic between your various private IP subnets. As doktornoktor says, if you are OpenVPNing out to a server somewhere for general internet access, then you probably need to add a gateway on the link, and direct certain (or all) public internet traffic over the link... and that needs the interface assigned. If you are providing roadwarrior access with openvpn, you could use squid and squidguard to speed up your connections, so in this case you need the interface also assigned.

I was having the same issue and opened a ticket with PIA on it.  I was basing my config off what was provided in the client support site and their instructuctions for pfsense https://www.privateinternetaccess.com/pages/client-support/#pfsense_openvpn and the openvpn config files.  What I learned was to ignore their instructions – i told them they should update them after we realized they were wrong. === The first major issue I notice is that we don't use TLS auth, and LZO compression appears to be disabled, could you go ahead and correct these two things and try again? You should also only need to Auth-User-Pass line, everything else under advanced can be removed, as it's handled purely in the main configuration window. Thank you, Alexander B Tier II Technical Support/CSM Private Internet Access https://www.privateinternetaccess.com/ ======= Attached is a copy of my config that is working. config.txt

Well, if you cannot reboot, then wait.

Leave it on TCP unless you travel far far away - hundreds of miles or more. After that, switch over to UDP. Pretty much all devices will allow multiple configurations and are easily selectable via GUI in the clients. So, just run 2 instances of openvpn on your server. This is good idea for anyone really - Just to guarantee access with multiple accessible ports/protocols.

I'll add it to my PortableApps thumbdrive I keep handy for when I'm forced to go slumming on a windows machine  :) Its in their repo - I added it.

Post your server1.conf and client1.conf.