Ahh - Remote Networks is not displayed for that sort of "Road Warrior" server, because that sort of server is not designed to be routing from the server out to some client "office" subnet. The wizard gives all the fields to type in, I don't think it has script to hide/display various fields depending on the type of server you have picked.\ That reachability should be just a matter of checking that all routers along the way know routes to/from all the various subnets, and that firewalls along the way are permitting packets to/from those subnets. On pfSense OpenVPN server: Local Networks - put something like 192.168.1.0/24,192.168.15.0/24,10.10.0.0/16 OpenVPN firewall rules - pass all that stuff (and more if that is then the way to the whole internet), and pass 10.15.0.0/16 as it comes back from Linux OpenVPN server. Linux OpenVPN server: Tell it that the pfSense client has 192.168.1.0/24,192.168.15.0/24,10.15.0.0/16 (whatever those networks are) reachable behind it. Pass all the relevant networks. traceroute/tracert should be your friend - use that to/from parts of the network and see where the traffic is hopping, and where it is not returning. That will give clues about which hop has router or firewall issues.

There is no way to get it "ported". The problem is a DoS only, so you could use the Service Watchdog to keep an eye on the server and restart it. Sure it's possible for malware to target it, but it's highly unlikely for it to do so. And if you know the service stopped, you can check your logs and see who the last person was to connect before it died, revoke their certificate and then send some hired help to beat them up. Or do it personally. Your choice. Or just upgrade to 2.2-RC when it drops shortly and stop worrying about it.

found out, wasnt a server certificate i used, this walkthrough works: https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/

Is there fix for 2.1.3 ? I've made TUN bridge but vpn gateway is down.

Glad I could be of help..

Thanks very much! Not sure why my search didn't turn that one up, I'll follow that thread.

There is no way to make "per-user" rules using the GUI alone. It is possible to do if the users and rules come via RADIUS, though. Giving each client a unique certificate/login and override with a unique IP is best, and the only way to make that work in the GUI.

I needed to login to the VPN and ping a 172.17 host for the tunnel to be established.

thanks a lot guys. i appreciate your help and info.  ;)

I did a complete reinstall and started fresh.  I read a thread around the forums regarding the Traffic Shaper, and i think i might have went in there and tried it out which broke things in the background.  After a fresh install and some minor setup hiccups it seems that i'm up and running with OpenVPN routed to the one client that i want!! Thanks for all the help! Edit: I believe i found the culprit as well to the issues that i was having this entire time.  Squid…after i installed it again it ended up breaking the VPN connection.  Had to put in a bypass proxy setting in there and all is well again!

I'm assuming this is an OpenVPN client config on pfSense? Have you tried comparing the working script against the pfSense rewrites that fail? If there are a few necessary lines removed when pfSense does its write, you should be able to add them to the advanced section of the client config.  If it's something more there may be other ways, post back with more details.

I restarted CARP on Master and Slave and now it works.

Bad form in posting back to my old posts, but just to let you know, that I've finally fixed it. Phil, I dug around regarding your suggestion and found this: https://forum.pfsense.org/index.php?topic=76015.0 All working as intended! I've not restarted any of my client VPN connections, or rebooted, but I'm sure that if the client comes up with same interface (ovpnc1) then I consider myself a happy chap. Only 1 year in the making… wow.

If it is site-to-site, then, in the Remote Network/s box at both client and server end, list all the remote networks reachable across the VPN link. (i.e. the list will be "opposite" on client to server) If it is road warrior server, then put all the networks reachable through the server into the Local Network/s box - this will tell the clients what they can reach across their link to the server. In all cases put rules on OpenVPN to allow traffic from the clients to the various networks. Put rules on the server-end LAN etc to allow traffic from the server network/s to the clients (if you want traffic to be initiated in that direction also)

A few things… first, this clearly is not a PFsense box... you should probably post in the forum of whatever distro you're using or openvpn.net, but will attempt to help anyway. 1.  Provide a network map, so we know more about your network and what you're trying to access. 2.  Is this in a lab?  Because it appears as though you are trying to connect to the VPN from the same LAN the server is on... but we'll know more when you provide the network map. 3.  When you say "I can access the tunnel but I cannot access internet.", can you truly not access the internet or just unable to resolve domain names?  Because those are two separate issues.

Ramotalana, when you setup the tunnel it will only route traffic that you tell it to route… and it will only allow the traffic that your firewall rules tell it to allow...  i.e. only traffic destined for the tunnel will be routed over the tunnel.  Internet traffic along with everything else will follow the routing table on both ends.

How can we even begin to help troubleshoot?  There are no details.  Provide a network map, post your config, post your firewall rules.

Yes - If you have multiple VPNs you can give them different sets of firewall rules.  Thats just for one.