Have a look at /index.php?topic=105810.0. You may be able to adapt the details there to your requirements.

I apologize as I do not have an answer to your question, but am seeking an answer to my own.  I am also using PFSense and OpenVPN and I am attempting to configure the firewall to allow only the VPN traffic and block everything else.  So, if/when the OpenVPN connection drops, so does all other traffic.  I accomplished this on a linux router previously using the following IPtables rules, but can not how to conceptually do the same with pfsense, as there is not a "source port" option in the GUI.  Any help would be awesome! :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p udp -m udp –sport 53 -j ACCEPT -A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT -A INPUT -j DROP -A FORWARD -j DROP -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT -A OUTPUT -j DROP COMMIT Completed on Thu Jan 14 11:13:06 2016 Generated by iptables-save v1.4.7 on Thu Jan 14 11:13:06 2016 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.2.2/32 -o tun0 -j MASQUERADE COMMIT

Hi stanthewizard, thanks four your explanation. I got it up and running as described below. installed OpenVPN with the Wizard to listen on the WAN interface, port 443, TCP, tun mode in "Advanced" I inserted the following "port-share 192.168.0.1 4443" and added a NAT Port Forward rule as following: | If | Proto | Src. addr | Src. ports | Dest. addr | Dest. ports | NAT IP | NAT Ports | | WAN | TCP | * | * | WAN address | 443(HTTPS) | 192.168.0.1 | 443(HTTPS) | as expected, the firewall rule was created automatically, which is why the following rules are defined for the WAN interface: | ID | Proto | Source | Port | Destination | Port | Gateway | Queue | Schedule | | IPv4 TCP | * | * | WAN address | 443(HTTPS) | * | none | | | IPv4 TCP | * | * | 192.168.0.1 | 443(HTTPS) | * | none | | squid3 reverse is listening on the WAN interface, port 4443 In my case the IP "127.0.0.1" did not work. The problem was that the pfsense is located behind the ISP's router which forwards the port 443 to the pfsense box. Instead, I had to use the WAN interface's IP address "192.168.0.1" of my pfsense box. Thanks again.

You can either add 'OpenVPN" to the dashboard or go to Status -> OpenVPN.

I usually create a user account for each device - that way, if one gets lost/stolen, you can just revoke the account for that device, rather than having to put new configs on everything else that shared the same profile.

@mudmanc4: Here is a very good video to setup openvpn server and client on pfsense. https://youtu.be/VdAHVSTl1ys This will get the VPN server / client up and running. +1 to that video. I am a total noobie to VPN and PFsense and I got it up and running on my iOS devices and my Macbook within an hour or so.

I figured everything out –- the problem was with the OVPN export part. I needed to change the hostname resolution part because it was defaulting to the WAN IP address but because there is a Verizon Router in front of my pfSense box, that WAN IP address is still an internal subnet address. After I changed the host name resolution to use a name, everything worked fine. Hope this helps anyone else who runs a pfSense behind a Verizon router

I hate to assume, so I'll just ask…. have you verified that they are launching the app as admin every time?  Check the clients routing table when they are connected.

Not currently. There is a redmine ticket out there already for it though. It would require some significant work to pull off.

That would be a question for OpenVPN itself. https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage

Are these SSH sessions idle during the 80 seconds? What happens if you run something that frequently updates like top?

@cmb: What version are you running? Deleting OpenVPN instances kills off the PID that OpenVPN writes to its PID file. There were issues with earlier OpenVPN 2.3.x versions where it doesn't correctly write out its PID file's contents, in which case deleting that instance will try to kill a PID that doesn't actually correspond to OpenVPN (and likely doesn't exist at all). You'll find the PID file in /var/run/openvpn_server1.pid (assuming it was instance 1). Check the running instance with 'ps auwwx | grep openvpn'. Its PID that's running is 43054 judging by your logs. That PID file likely has some other number in it ('cat /var/run/openvpn_server1.pid' to check). After verifying that, just run 'killall openvpn' and it'll be gone. Thanks, killall openvpn seemed to clear it out. There was a process running with PID 43054 but could not find any file in "/var/run/" for openvpn_server. Anyhow setup a new server and all seems to be working great. Thanks

i'm on 2.3 beta

Ok, the Issue is gone away after re-installing the box.

Solved by enable VPNDialogs system app, it was frozen and disabled before, using OpenVPN for Android.

It's an option. If you have small groups you can string them together, so that your groups can be expressed with e.g. /28 for 4 users or /27 for 8. So it is easy to create firewall rules with this subnets.