Finally, I got the solution!!! https://forum.pfsense.org/index.php?topic=69826.msg381825#msg381825

That's the thing though, it wasn't working.  And it was because of the topology check box I selected.  However,  if I deselect that and add the following in the Advanced Configuration section, it is working now: verb 5 topology p2p route 192.168.10.0 255.255.255.0 vpn_gateway that is along with the client specific override adding the iroute.

good to know your issue is fixed, didn't know your MAC wasnt patched with the latest security patch ( SSL ). disabling IPV6 is really the solution, had the same issue before with my Mac users.

No I have 2 strongvpn accounts. For some devices I want to route it to account 1 but others I want account 2.

Are you behind a Domain controller ? is Pfsense your Forwarder or other server ? screenshot of your pfsense DNS setting please?

return the iphone 6…buy android, problem solved  ::) Jamerson advice is dead on. It works fine for me, 2.1.5 with a 4s

Nope - Your VPN will cut through your pfsense like a hot knife through butter.  Once you are using a machine inside the LAN running vpn client, the vpn server and any other clients connected to that server and anyone with access to the server or one of the clients or anyone who has hacked into the server or any of the clients on that server potentially have access to your LAN freely. So, like I said before, hope you trust your VPN server.

Might need to re-write this… it doesn't make sense, but I'm guessing you're trying to say one side is able to communicate with the other, but not vice versa. Post a network map.  We need details in order to help you troubleshoot. Post your server1.conf and client1.conf.

Your talking about the export package - openvpn is base install of pfsense, its not a package Available: 1.2.13 Installed: 1.2.12 I just updated this remotely without any issues.

I agree with you jimp.  The bad news is openvpn GUIs seem to all suck for me in linux.  The good news is once you figure it out, which isn't hard, vpn in linux is very reliable.  I'd say more than windows.

viettruong, I do not see a question here.  Please clarify what you are trying to do.

If you need the key, then you need to export the key (second export button).  Key blobs don't start with –---BEGIN CERTIFICATE-----  they usually start with -----BEGIN RSA PRIVATE KEY----- Looked at the link.  Export the p12 (third export button).  If it prompts for a password enter nothing (unfortunately).

@pberis: Just for clarification, How do you use "Client Specific Overrides" with AD?  Thought I had read somewhere that you had to use local database for CSO … Is this no longer true? Okay, that was wild guess. I have no experiences with OVPN server in combination with AD. I just use local database, cause we need a fistful users only. However, if you use TLS the second recommendation should work. It does a good job for me with local user db.

I think there's a basic misunderstanding here: well, what I can't understand is; why it works only if I disable clients from pfsense gui !! and if I activate them I can just see my vpn clients. in this exemple and I use the same configuration, agenthex and agentansi (disabled ) connect successfully and ping my internal network, but it's not the case for agentonsa which is connected but can ping only vpn clients. I would like to share print screen, to show you better my problem, but when I attach files I receive " 500 Internal Server Error ". OpenVPN: Client Disabled  Protocol  Server  Description YES  UDP  41.X.X.X:1194  agenthex        YES  UDP  41.X.X.X:1194  agentansi        NO  UDP  41.X.X.X:1194  agentonsa The diagram you posted earlier shows a central pfSense box controlling LAN 172.16.10.0/24. You also showed two different clients, one PC based and on Linux based, connecting to the pfSense box via OpenVPN. In order to make this scenario work, you need only 3 pieces. An OpenVPN SERVER running on the pfSense box A Windows compatible OpenVPN client running on the Windows box. A Linux compatible client running on the Linux box. That's it. There is no need for any OpenVPN client on the pfSense box. The OpenVPN server on pfSense sits and watches on port 1194 for clients attempting to connect. The clients on each machine try to connect to the server IP address on port 1194 to get a connection. The reason it only works when you disable the other "clients" is 1) they're conflicting with the pfSense Server and trying to use the same port (1194) and 2) THEY'RE NOT NEEDED TO MAKE THIS WORK!  (sorry for the rant  :)  ) Seriously, I think you've actually got this working, it's just simpler than you think.

Hi, I have the same problem. I created a new certificate and recognized a mistyping in the Name. Then I deleted it. After I recognized the text in the WebGui of the Certificate Authority Manager: Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 394 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 444 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 490 Maybe it is, because the name for the Cert. that I wrongly entered, was the same that was already in use? I can not export any Client or Certificates anymore, like elemay mentioned. Is there any possibility to get more details where the problem is caused by? Maybe some one could help me how to fix it. BR and many thanks indvance.

Give us a network map showing what you're trying to do, so we can help you.