I think these routes are the problem:

192.168.1.1 192.168.1.2 UH 1 0 1500 tun0 192.168.2.0/24 192.168.1.1 UGS 0 190 1500 tun0

First, the gateway for 192.168.2.0/24 should be the other endpoint of the OpenVPN tunnel, 192.168.254.1. Not sure what the other route is about, but it's weird.

I haven't used OpenVPN in pfSense though, so I'm not sure what you'd need to change to fix this.

@Cry:

To confirm:

When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?

When outside your network you can't connect using the public IP (WAN) address?

If that is so, then your problem is with your gateway's port forwarding/firewall rules.

That's correct, the strange thing is that some rules do work. For example if I open port 8080 for a webserver, that does work perfectly.

Edit : It looks like it's fixed, I did a firmware upgrade of my gateway and it's working just fine:)

Thanks for the help

Finally i got it to work :D

I tried changing the DNS address to what you suggested but that didn't work. So i added a custom entry to Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)) and that got it to work.

No one that has any idea to what bravo83 and I are doing wrong?

What you're say is only possible if you missconfigured or missmanipulated someting.
Please refer to the openVPN documentation on http://openVPN.net on how to set up a CA correctly and build the files.

I forgot to mention that when I make a PPTP VPN between the two networks it works both ways no problem to access the shared files!  ??? but ofcourse that's different

for thr OpenVPN
I'm pretty sure I have to add some route in the config file or in pfsense gui but I can't figure what exactly. i tried in windows: "route add 192.168.50.0 mask 255.255.255.252 192.168.10.5"        but still no access to \192.168.10.6

my openvpn ip is 192.168.10.6 (and my physical ethernet adapter uses 192.168.50.0) but i saw in the ovpn gui that it pushes the routes to 192.168.10.5 so i guess that is my gateway … or am i wrong? probably...

Cry Havoc , please i'm sure you know the solution. you're the man :)

cheers

AON works as expected, thanks again for your help.

Thanks ! I had solved the problem myself.

Regards,

CQ

Works!!!

Thanks for help.

@franklookyou:

You might also try browsing the OpenVPN users mailing-list (http://news.gmane.org/gmane.network.openvpn.user).  A quick look over the past month turned up a couple of people asking about similar-ish problems.

Ah.  Excellent.  I'll take a look there.  Thanks for the link.

http://forum.pfsense.org/index.php/topic,5282.0.html

okay - with these custom options i get this log

route 192.168.3.0 255.255.0.0;route 192.168.4.0 255.255.0.0;push "route 192.168.1.0 255.255.0.0";push "redirect-gateway def1";dev tap0;server-bridge 192.168.1.1 255.255.255.0 192.168.1.150 192.168.1.165

Feb 3 11:38:41 openvpn[49146]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
Feb 3 11:38:41 openvpn[49146]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
Feb 3 11:38:41 openvpn[49146]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Feb 3 11:38:41 openvpn[49146]: gw 192.168.2.1
Feb 3 11:38:41 openvpn[49146]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options
Feb 3 11:38:41 openvpn[49146]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.3.0
Feb 3 11:38:41 openvpn[49146]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options
Feb 3 11:38:41 openvpn[49146]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.4.0
Feb 3 11:38:41 openvpn[49146]: TUN/TAP device /dev/tap0 opened
Feb 3 11:38:41 openvpn[49146]: /sbin/ifconfig tap0 192.168.5.1 netmask 192.168.5.2 mtu 1500 up
Feb 3 11:38:41 openvpn[49146]: /etc/rc.filter_configure tap0 1500 1573 192.168.5.1 192.168.5.2 init
Feb 3 11:38:41 openvpn[49160]: UDPv4 link local (bound): [undef]:1194
Feb 3 11:38:41 openvpn[49160]: UDPv4 link remote: [undef]
Feb 3 11:38:41 openvpn[49160]: Initialization Sequence Completed

if i remove all but dev tap0;server-bridge 192.168.1.1 255.255.255.0 192.168.1.150 192.168.1.165

i get this in the log

Feb 3 12:06:11 openvpn[52031]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
Feb 3 12:06:11 openvpn[52031]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
Feb 3 12:06:11 openvpn[52031]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Feb 3 12:06:11 openvpn[52031]: TUN/TAP device /dev/tap0 opened
Feb 3 12:06:11 openvpn[52031]: /sbin/ifconfig tap0 192.168.5.1 netmask 192.168.5.2 mtu 1500 up
Feb 3 12:06:11 openvpn[52031]: /etc/rc.filter_configure tap0 1500 1573 192.168.5.1 192.168.5.2 init
Feb 3 12:06:12 openvpn[52044]: UDPv4 link local (bound): [undef]:1194
Feb 3 12:06:12 openvpn[52044]: UDPv4 link remote: [undef]
Feb 3 12:06:12 openvpn[52044]: Initialization Sequence Completed

this is the entry i'm referring too

Feb 3 12:06:11 openvpn[52031]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)

i'm not sure how to go about it

Sorry about this.

I rebooted the box and all seems fine now. Log message are just what you'd expect to see.

Regards

Mark

Hey Franky

I tested this again on 1.2.2 over a wan link and it works just fine, so sorry about all this.
Your how-to is spot on, top class!
Cheers

Anyone? :(