And maybe you have an OpenVPN server on pfSense for clients to conect into your LAN. If you really want to allow the same certificate to be connect multiple times simultaneously then that is possible. See https://forum.pfsense.org/index.php/topic,71790.0.html

Post any other messages from the package installer GUI window. You haven't given much to go on  ;)

i probably meant garantie uptime between the tunnels The guarantee is as good as the WAN link/s you have at each site and the ISP actually routing traffic. In my experience, once you have the site-to-site link set up with OpenVPN server and client talking to each other, then it is rock-solid. The times I get grief (connection going up-and-down) always turn out to be that a WAN connection is suffering significant packet loss.

If you really want multiple uses of the same certificate (and username) to be valid, then I think just go to the OpenVPN Server and check the box: Duplicate Connections - Allow multiple concurrent connections from clients using the same Common Name. NOTE: This is not generally recommended, but may be needed for some scenarios. The security issue is that if the certificate is compromised, and you need to revoke it, then you have multiple client devices with that certificate installed - so they all stop working.

You can set static IP addresses (well, /30 blocks the way OpenVPN works by default) for users in the Client-Specific Override section and then setup rules based on those static IPs.

@phil.davis: 3 - I want the client to get the LAN IP address because it just one user who is going to use the VPN to access the LAN,  I believe Tun mode is already selected on my VPN configuration For the client to get real LAN IP, you have to use tap mode. But the tun mode should also work - if you want to keep trying to make tun mode work, then post the OpenVPN server settings. Somehow the client is not getting the route - until that is fixed it definitely won't work. Dear Phil, the below is the confi file of the VPN I used on the client laptop to connect to the office, P.S I changed the external IP and log in name : dev tun persist-tun persist-key cipher AES-128-CBC auth SHA1 tls-client client resolv-retry infinite remote XX.XXX.XX.X 1194 udp lport 0 verify-x509-name "HassVPN" name auth-user-pass pkcs12 pfSense-udp-1194-jjansen.p12 tls-auth pfSense-udp-1194-jjansen-tls.key 1 ns-cert-type server comp-lzo Dear Philp, i managed to fix the issue ! first i had to create a rule to allow the connection between the Lan and OPENVPN, like this it routed the connection from the virtual tunnel to the LAN thank you so much for your help !

http://lmgtfy.com/?q=pfsense+openvpn+active+directory 1st hit, I did it yesterday and works great!

Phil, thanks for your reply. I tried checking off that box and then I uninstalled then exported and reinstalled the Openvpn install from the gateway page. I am able to connect to the vpn but now I cannot ping or access anything on the office network and cannot access the internet. It looks like a rule was added for openvpn when I enabled it that says to pass traffic from openvpn with any protocol, any source, and any destination. I am assuming that is what you meant when you said "make sure you have wider rules on the OpenVPN tab to allow traffic from the clients that has destination general internet IPs." update*** I tried again and was able to ping the pfsense gateway and some pc's in the network but still cant get out to the internet.

Hi johnpoz I was incorrect on this thread, you see I have issues with my pfsense openvpn client connected to Mullvad VPN provider, it connects successfully and I can see bytes and connection. But no internet access regardless of laptop or desktop etc. Strange thing is if I wait 3-4 minutes it kicks in… and internet then works, this is why I thought it maybe some DNS issue. If I disable openvpn client and just want normal internet that works straight away via my pfsense pc build... I tried different DNS addresses thinking it was VPN dns servers not working right so tried public ones like opendns but no joy same error. I checked the logs for errors and got some strange error which maybe related I posted a new thread here: http://forum.pfsense.org/index.php/topic,71434.0.html Since am very new to pfsense and only know the basics as you know its tricky  ! Any idea on this error ?

Thanks for the reply, gents. Our network is pretty simple and flat.  Yes, our real LAN is behind the ISA server.  I'm using VMware vSphere to run both the ISA server and the pfSense box.  The VMware hosts all have a direct connection to our public router, and the pfSense box has a dedicated public IP adddress for WAN – it doesn't go through the ISA server.  I wanted to have our VPN users to be able to connect to the network, but I also wanted them to be subject to the rules of our MS ISA server (which is our current gateway) if they use the virtual machines on our network to go out.  I can't have VPN users using our network to surf kiddie porn externally, for instance.  When installing pfSense, I gave the LAN connection our ISA server as a gateway out of habit (I was and am still very new to pfSense) but it all seemed to work anyway, and like I said before, everything has been working great until I removed the LAN gateway.  My firewall rules - OpenVPN tab has a list of rules that direct specific IP addresses (users) to specific virtual machines, and this has worked well to control access to servers on our network by the VPN users.

It turned out that a misinterpretation of the UNIX timestamp expired the certificates prematurely. They had 10 years lifetime, but the date was misinterpreted as a date from the past. I created new certificates with 6 years instead of 10 of lifetime and everything works again. In conclusion, avoid creating certificates with 10 years of expiry, make them with less.

found it! http://forum.pfsense.org/index.php/topic,71078.0.html

troubleshooting a problem is never a waste of time, even if we spent time looking to what the problem was not.. Once we ruled those out as not the problem you get to what the goal was - find the source of the problem. And you get the added bonus which is always good! "I did learn some additional things while troubleshooting all of this. " Let us know how it works out - and I run esxi 5.5 and my pfsense is VM..  With multiple segments on my esxi, etc.  So if you need any help in that area even though its not pfsense directly let me know - glad to help.

Fix was to use google or opendns DNS servers instead :)

Okay I solved it. Don't know how exactly! but let me tell if someone like me having issue with this. What I have done:=> 1. In sever conf file, i have changed TCP into uDP and port into 2500. looks probably it was because port before was blocked or something like that. But now another problem,, I cant browse anything from that VPN? Is this problem from Server-side or client-side pfsense?

Thank you  jimp … I will test it....

The OpenVPN config files look reasonable. You do not mention firewall rules - what rules do you have to allow traffic into pfSense end OpenVPN? And same for Windows Server firewalling (however you do that using OpenVPN client on Windows Server).

I never did update this post…. everything is working well. Thanks, jimp!