Thank you … that solved it. I kept looking on the client export tab not the servers tab.

Another issue I found, could not connect for the life of me, following PureVPN steps and tips here, then spoke to support, turns out dedicated IP hosts dont work with OVPN, only PPTP / L2TP. As soon as I changed to one of PureVPNs "normal" public hosts it connected instantly.  Im using PF 2.4.3 with custom options in VPN client settings as below: verb 5; auth-nocache; remote-cert-tls server; comp-lzo a handy list of PureVPN servers –>>  https://support.purevpn.com/vpn-servers

Do these window servers use a different gateway? Or not set at all?  So they don't know how to answer. Screams firewall on them to be sure. What I would do to validate traffic is leaving pfsense towards the servers is sniff on this interface, assume its your lan where 192.168.20 network is.  And then say ping the server from remote client.  Do you see pfsense send the ping in the sniff.  If not figure out why not.. If is sending, and correct mac of the server - and your not seeing an answer then firewall on the server or for whatever other reason it does not want to answer.

Hello Thanks for your assistance Assuming you mean - VPN IP Network Specify the addresses and netmasks for the virtual networks created for VPN clients  The VPN tunnel network is  172.27.240.0/20 My Pfsense box is getting assigned  the 172.27.254.38 ip and it seems to know the gateway is 172.27.254.1 but the interface shows as down as it cannot ping or talk to 172.27.254.1 . On the OpenVPN server, I can ping the 172.27.254.1  Gateway IP but not from the PfSense Box. Some documentation seems to say you need to assign a manual route, and others do not.  I have tried  assigning a manual NAT listing but it didn't seem to change anything.

Start from checking your routing tables. I suppose that remote site may have no information on how to reach your remote access subnet.

hello Jimp doing it right now. Thanks Fabricio.

You don't need to touch configuration files. Navigate to VPN-OpenVPN-Clients and add your client configuration there.

I had the same issue on 2.4.2 version Users where able to connect to client but could not access anything on lan When downloading new Windows Installer it is only 5KB large and it did not work on PC's Uninstalling and installing back openvpn-client-export package resolved the problem

Hi Derelict, I should have checked the bugtracker:-) But thanks for your response.

I would just spring the $9 on Viscosity and call it a day. Create the OpenVPN server and use the client export package to generate your configuration. Import it into Viscosity and you are done.

sorted !!! what i did was create a "client specific override" common name rob and ip 10.100.3.10/24 and this is my rule https://s31.postimg.org/pxsqg9env/openvpn_rules.png now i can only talk to 10.100.1.253 which is my switch, if i try 10.100.1.254 which is my router i cannot get access to it thanks rob

@Derelict: You need to set the search domain properly on the client if you expect it to append the domain name in a lookup. Try resolving the FQDN. If that works it's a search domain problem. Precisely correct.  I thought I had tried that but I went back through and looked at my previous pings and found I had misspelled it.  This is primarily for VPN protected RDP access so I can just use the FQDN of the server and it pops them in just fine.  Thanks again for your help!  You learn something new every day!

@Derelict: I did that manually and it worked fine. Could you please compare my configuration with yours? Here a the relevant part of the server config and override file: --- /var/etc/openvpn/server4.conf --- server 10.9.0.0 255.255.255.128 ifconfig 10.9.0.1 10.9.0.2 route 192.168.1.0 255.255.255.0 topology subnet route 10.9.0.128 255.255.255.128 --- /var/etc/openvpn-csc/server4/username --- push "route 10.0.1.0 255.255.255.0" iroute 192.168.1.0 255.255.255.0 ifconfig-push 10.9.0.134 255.255.255.128 With this configuration - client IP is not on "server" subnet- I get the error message I mentioned earlier. As I'm reading OpenVPN documentation I realize that server configuration page needs some modification in order to support pool configuration with topology subnet.

Any updates please

Guys problem solved, For some reason unknown to me yet, PFBlockeNg was blocking access to pinging and HTTPS sites of the remote network. Http sites worked normally. Once I disabled PFBlockerNG, everything works as expected. Now I have to find the setting in PFBlockerNG to allow simultaneous operation of Site 2 Site VPN and PFBlockerNG . Any recommendation is welcome.

Nothing special to it. Make sure your destination IP address has a route sending it through your other VPN and it will do the rest on its own. You'll be slowed down by having to encrypt/decrypt everything twice, and you'll lose even more bytes per packet to overhead, but otherwise it should work.

It's entirely possible that AD does the right thing and OpenLDAP-based systems fail that test. Strengthens the case that it's not a pfSense issue, but a problem on the authentication server.