By doing this, am I telling the computer to use the VPN on everything EXCEPT for when it is in one of those subnets? Yes. When the VPN comes up, it sets the default route to itself. All packets for destinations that are not on a directly connected subnet and do not have an explicit route, will go to the VPN. Will it still cause DNS leaks? I guess the DNS is another issue. When you first connect to the local LAN, pfSense DHCP gives you an IP address and gives itself as the DNS server (that is thee default behaviour). So your PC will have DNS pointing to pfSensse. Because pfSense is on your local network, your PC will happily send DNS lookups there, and the pfSense DNS forwarder will do the lookup for you out the pfSense WAN. I guess you don't want that to happen - the DNS should go over the VPN also. Someone else could give some advice here - how to make the OpenVPN client replace the DNS server?

It's solved, thanks to cmb On my client side, the tunnel was bind to WAN interface instead of CARP Address. I did not upgrade. Thanks everyone.

U cannot 'push' settings to client over peer-to-peer vpn. If you want have routes over openvpn -> use ospf (more than 1 network wich is configured on openvpn settings.. or use 'redirect-gateway def1' to route all traffic via tun) br. .k

If you are not already having the StrongVPN link out of siteA as the default gateway for pfSenseA, then you will need to use policy-routing on the OpenVPN rules mentioned by @Reiner30 - in the Advanced of the rules, select the StrongVPN as the gateway for the traffic. Make sure your pass policy-routing rules on incoming OpenVPN specify something like "source <network a|network="" c="">destination (or destination )" - you don't want to route packets from network a to network b, straight past and out the StrongVPN.</network>

yes, one of the parallel threads here gives the answer already TODAY (search function is right upper; makes always sense to use it before posting ;)) http://doc.pfsense.org/index.php/CARP_Secondary_Unreachable_Over_VPN

I was just able to solve the problem. My server side config had "ping restart" configured, which I replaced by "keepalive", now the connection is not restarted anymore :)

I resolve this by configuring the router?

I use the OpenVPN Client Export Utility package and there is an option "Use a password to protect the pkcs12 file contents or key in Viscosity bundle. " under VPN:OpenVPN:Client Export. Does that work for you? (I haven't tried myself)

For the configs, just post the text.  For the firewall rules… take screen shots, upload them to photobucket and post using img tags.

No one can help me?

What version of PFsense? Post a network map. Post your server1.conf Post your firewall rules.

There are threads/howtos here for StrongVPN and I think VyprVPN. Anything OpenVPN-based should work similarly.

I've never seen any situation that called for that syntax. Only this: push "route x.x.x.0 255.255.255.0";

thank you very much

DEar Friend, I m having the same issue.. CAn you help me how u sort of the issue?

Anyone had experience with setting up LDAP with OpenVPN?  :-\