That's probably a feature of the newer openvpn version we're using in 2.0 then.

I have spent the last 2 days on this forum and openvpn forums without any progress.  I can't believe this question hasn't come up.  All I can seem to dig up is people having issues with clients accessing the LAN.  Since all of our clients are linux machines I need to be able to hit the clients from our LAN.  This was no big deal with just one Openvpn server because we could route everything containing to "10.130.0.0" through the openvpn server using our proxy.  Now that we are going to use two servers there seems to be no easy way to do this. Does anyone know if pfsence is capable of performing this?  I want to have two openvpn servers with each one connected to different WAN's, then use openvpn load balancing to randomly select which server to connect two.  Since this is random we have no way to tell which client is connected to which server without getting on the openvpn server.  I want to be able to ssh to the clients openvpn IP from our LAN.  Any suggestions are greatly appreciated. Thanks, Adam

Yeah? Very sparse on details, I'll have to start guessing my way. At least, by your reply I know it's probably possible. Thank you.

If it was working fine for a year and then stopped, I would suspect one of two things: ISP/upstream interference Hardware Neither of which would be rectified by resetting your OpenVPN settings. To remove OpenVPN settings, if you really must, download a backup of your configuration file from Diagnostics > Backup/Restore, edit out the OpenVPN sections, then restore that edited backup file.

Hi, Thanks for the tip. I had the same problem and effectively just changing the boundaries does not solve the issue. What you must do is to convert your pem key file into a old RSA format. Use the following command and specify the path to the key file you want to convert: openssl rsa -in /path/server_key.pem Then copy the output into your webGUI text box including the boundaries "–---BEGIN RSA PRIVATE KEY-----" / "-----END RSA PRIVATE KEY-----"

Got it.. Thanks for clearing that up.  I finally got everything working with PKI.  PFSense rocks.. Cheers EB

http://doc.pfsense.org/index.php/OpenVPN_Bridging

Correct, no custom options are needed when going from pfSense to pfSense because on both sides the GUI has a field to list the remote side network. Then so long as the pfSense routers doing OpenVPN are the default gateway of the internal networks on both sides, everyone can talk back and forth.

That should be just a routing problem - ensure that you push the appropriate routes so that all nodes know how to reach all others (or at least their default gateways do).

Finally I didn't try this solution because I used the 2.0 beta version and I am totally excited with the openvpn configuration ! 1. It has OPENVPN Firewall seperately from the physical interfaces ! 2. You can create certificates inside pfsense easily without using easy-rsa ! 3. You can provide configuration to the client very easy by using an amazing package ! There is nothing more for someone to ask !!!!!!! ;D ;D ;D ;D ;D ;D ;D

Thanks for the real world information.  I knew that some VPN clients did not play nice at all and was hoping this was not the case with Juniper and OpenVPN. Mike

hi, i have read the guide in the book you have wrote "pfsense the definitive guide" and i have solved my issue because the process is explained very well. Thanks for all advice.

From what you have posted, yes.

If it can't access HTTP, but can access other protocols, then it's either a proxy configuration setting on the client that's wrong or a configuration issue with the proxy server(s).

Thanks this worked for the most part, I changed the OpenVPN client address pool to 172.17.255.0/25 and I did have to do a route push in the form of…..... push "route 192.168.20.0 255.255.255.0 172.17.255.5";push "route 10.10.10.0 255.255.255.0 172.17.255.5" ....in the OpenVPN Client-Specific configuration but other then that, works like a champ :) Thanks mate!

This is for a 1.2.3 system. I will give AON a try and see if that fixes it. Thanks.