You probably aren't pushing a route to the VLAN subnet to the OpenVPN clients (or in the case of a static key setup, the client isn't routing the subnet over the VPN).

You may also need firewall rules on the OpenVPN interface if you're on 2.0, depending on what your existing rules allow.

That was weird.  On a hunch, I deleted the openvpn config, uninstalled the export package, etc…  Edited the config.xml and saw some turds left over.  If memory serves, last time I had openvpn working was quite a bit ago.  I manually deleted everything from the config file that looked related, and rebooted the appliance.  Now it works.  Go figure :)

Hey guys,

Figured it out and as usual, it was just a stupid error on my part.  On the OpenVPN rules tab, I was only allowing all UDP traffic.  Once I allowed all traffic, then all was good.

Thanks for the help!
Ben

It was return traffic that failed. Problem solved by adding

in "Advanced configuration"/"additional options"/"Custom Options" (name is version specific I guess) on 10.10.40.1 & 10.10.60.1, where 10.99.99.0 is my road warrior "tunnel network".

It can't be exactly the same as the others or it would be working. :-)

Look at the raw config.xml from a working one and the non-working one, compare the OpenVPN section of the config.

Yes, that's the second option I mentioned. The OpenVPN server needs a route back to the client. Search on the doc wiki (see my sig) for openvpn site-to-site and look at the docs. The exact method is different for SSL/TLS or Shared Key, so it depends on what you have.

Anyone? If I can provide more information or more clearly state the problem, please let me know.

Solved !

Upgraded to the latest RC2 snapshop (about 10 days difference) and it' s ok !

Yeah, I found the company by searching on Google.  You still haven't posted any details about your config.  Without that, no one will help you.

It's sorted, I installed WiKiD straight from the ISO.

on 2.0 you can also require a username+password to login as well as the certificates. That username and password can come from pfSense, or a defined RADIUS or LDAP server.

That log is from my test box on my desk connected to the external line–-interwebs---pfsense server in the closet next to me.  The pfsense server open vpn logs got cleared when I restarted it.  facepalm

No, that is not the same. Those are still separate subnets. Operating them in that way is no different than if you made them two completely different /24's, you've just restricted the IPs you have available for use by both sets of systems.

If something on either side still has a /24 mask then it will never talk to things on the 'other' side of the tunnel. Or if by some miracle it gets traffic to it, it won't get it back.

There are ways to get them into one flat subnet with tap/bridging, search the forums for details.

Thanks. I got it to work by what was said here. First I added the OpenVPN service on VyprVpn (I had only standard vpn).

Followed the info from the first post.
Except that I added the 3 persists lines what was said about the advanced config. It now looks like this:

verb 5;engine cryptodev;auth-user-pass /cf/conf/Vypr.pas;tls-remote us1.vpn.giganews.com
persist-key
persist-tun
persist-remote-ip

Then did section 2 from the other post.

And now when I connect on the LAN side of pfSense, I come out on the VPN side. US IP so I can enjoy Netflix that they wont let Europeans enjoy :)