Unless it's already used. :P Make sure you create a big enough "pool", limit the number of connections as needed and use IPs from the end of the available range for this "static" assignment…

@Supermule: Dont expect anything to be safe. Look who created TOR. And ask yourself that question again… Since people may not understand the reference that Brian is making here: Quoting wikipedia: The Tor Project, Inc is a Massachusetts-based 501(3) research-education nonprofit organization founded by computer scientists Roger Dingledine, Nick Mathewson and five others. Onion routing was developed in the mid-1990s at the U.S. Naval Research Laboratory by employees Paul Syverson, Michael Reed, and David Goldschlag to protect U.S. intelligence communications online. It was further developed by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. The actual network that people refer to as Tor belongs to the people who furnish the nodes used by it. Tor was not invented to provide anonymity against a well-funded aggressor, such as the US Government.  It was created to enable dissidents in areas governed by relatively unsophisticated entities to be able to securely communicate between themselves and to the outside world.  Measured against it's original goal, Tor is a success.  But the script kiddies decided that they had found a better VPN, and the ability to spend money (such that some large percentage of Tor nodes is under the control of a single entity) trumps the architecture of Tor. Tor is safe enough if you're a journalist in a third-world country.  It was never intended as a defensive measure against the likes of the NSA / CIA / ...

Hi jimp, Sorry my long lasting answer. It doesn't work in diagnostics, too. Authentication Failed. If I change the password from 1234Jklö to 1234Qwer it works as suggested.

Squid will send through def gateway. (Whatever it is)

@doktornotor: 3 most common sources of pfSense troubles: Squid and related proxy junk bridging PEBKAC ::) ::) ::) /thread

On second thought: suppose Squid would have still been there, in transparent mode, shouldn't it then be still logged? Or is the case this: firewall doesn't bother with anything at all if Squid is installed? Because if that is true then that is a "less optimal design and implementation" "a feature". But if it is not true and if the firewall still monitors that traffic via Squid too, then it can log it too. ???

@heper: set the interface-type to "none'  (you don't fill in ipv4/6 info on the interface page) @got0: The interface is only enabled, nothing more. For the rules, I use aliases for the 'interface net' and 'interface address' now. No such thing needed for useless logspam - https://redmine.pfsense.org/issues/4102

I found this on the web, Nitro Key User authentication on local computers (e.g. Windows, Linux) and networks (e.g. Firefox, OpenSSH, OpenVPN, IPSec, OpenID).

@ulla5000: I`ve taken the .p12 file, converted it to B64 Pem and imported the cert again. Is there a (another) recomended way how to handle that? I don't think so. @ulla5000: I`ve taken the .p12 file, converted it to B64 Pem and imported the cert again. Create a new CA and issue new certs… ?  ::) :(

What version of pfSense are you running?

Agreed, thats the only way you could do that.

You have both local networks listed in the OpenVPN Server instance?

This is how I do it: https://forum.pfsense.org/index.php?topic=84463.msg463226#msg463226

When I behind the first Pfsense with my mobile phone (connected with WIFI), connected with OpenVPN I have same issues. Then when I switch off the wifi and try the same over the mobile data connection, it works fine. So this suggest nothing to do with client…

Works like a charm! Thank you very much :D

Dude WTF does public vs private or domain have to do with it??  That is just setting your firewall rules that would be inbound rules to that box, not outbound. I am on 2.2.3 and it works perfectly as well - a vpn interface does NOT get a GATEWAY!!!  its a TUNNEL!!! Connect to your vpn, post up your route print output and your ipconfig /all output  and what IP you trying to get too?