i've got exactly the same problem! "Options error: –server and --server-bridge cannot be used together"
could anyone shed some light on this?
i triple checked every setting and my custom option will not override the settings :(

my custom settings

dev tap0;server-bridge 192.168.2.254 255.255.255.0 192.168.2.218 192.168.2.250;tls-auth /etc/openvpn1196.key 0;management 127.0.0.1 1196;

First place is both the server and client logs.  Is there anything in either that indicates anything remotely out of the ordinary?

@jimp:

You can setup OpenVPN on pfSense under VPN > OpenVPN, on the clients tab.

You can't selectively route traffic based on firewall rules (easily, yet) but you can route whatever subnets you like down the tunnel.

Unfortunately I don't want to be sending all my web traffic to the vpn from any specific machine, I could very easily flood my work's dedicated VPN line (a T1 iirc) that would be bad  :D. I am perfectly willing to set up a proxy or something that would forward any traffic it receives to the OpenVPN connection, this does not have to be on the pfsense machine.

@jimp:

Without a WINS server your options are severely limited.

I've been trying to come up with a way to proxy/relay NBNS traffic across subnets/openvpn to see if it would work, but I haven't had any luck so far.

Browsing won't work at all without WINS. The only way you might get \servername to work would be to add a DNS override entry for "servername" with its remote IP address in the DNS forwarder. Be sure the use your pfSense box's domain as the domain for this entry, then your clients should resolve it with "\servername" – It's ugly, but it works.

Thanks for your help,

I have try the method you mention, however, I cannot get it work…. .

I already tick all of the three items under Services:DNS forwards Tab

Add a Static Mapping under Status:DHCP leases tab

However, I have not add a DNS servers under System:General Setup tab and also I have not install the tinyDNS becuase I seen the description mention that the tinyDNS is for failover purpose.

Please let me know if I omit some important step.

Thanks,

Kam

Yeah i still have the original CA ;)

I found the solution anyway, was a strange problem, heres a post I left on another forum:

When looking at the ca.crt file, I noticed that after "State or Province Name (full name) [LONDON]:" there was "\x09":

Subject: C=UK, ST=LONDON\x09, L=LONDON, O=OpenVPN

This was seen as just some spaces when trying to build a key, however \x09 is actually hex for the tab key, I must have pressed it by mistake when first creating the ca file, so basically now when building client keys, i just type LONDON then hit tab, then enter.

What I dont understand is how I managed to create the first 16 keys without pressing the tab key!

Anyway, thanks

Should look like this when you're done.


To be clear, netrefer, this is a user forum, where we try to help each other out. This isn't a ticket system for technical support. Developers of the software do post here at times, but no one is obligated is to resolve your issue. If you want help, you need to include relevant information and answer the questions people are asking.

To answer one of yours, no you cannot use telnet to connect to a UDP port.

Hi Jonny,

Your explanation could use some clarification, what I understand is that you have two subnets and you want them both to be accessable for OpenVPN clients.

If that is the case I guess you can just use the "push-route" option like so:

push "route 192.168.1.0 255.255.255.0"

You wouldn't have to map ports although you will need to create some firewall rules on the OpenVPN interface to allow the traffic you require.

@MrHorizontal:

You're mad  ;D

But if you really want that, WINS with replication (courtesy of Samba) would do it for you.

Why yes, yes I am. :)

I would like to do that without running Samba on both sides. Mainly for customers who don't have or want a WINS server. I've tinkered with using Samba for WINS on pfSense as a package, but running Samba on a firewall has always made me feel uneasy.

found the answer on openvpn site.

http://openvpn.net/index.php/open-source/documentation/howto.html#security

A follow up on this:

Scrapped bridging for now - followed the tip on enabling the Avahi package and I've got the functionality I was looking for.

http://forum.pfsense.org/index.php/topic,22561.0.html

Hope this helps others out there - Thank you!

Ah I see now. Sorry, I overlooked that.

So you'd want pfSense to hook into your VPN, which is Cisco on the other end?

That's a little different, but again it may work in 2.0 as it should support xauth, which is how Cisco's VPN client does the authentication beyond using the psk/group/etc.

Not sure if it would work, but it stands a better chance.

Before you edit, run:

/etc/rc.conf_mount_rw

And then after, run:

/etc/rc.conf_mount_ro

Just thought I'd post the eventual solution, in case anyone else ever has the same problem.  I added a static route:

Interface  Network  Gateway  Description

WAN 216.251.231.64/32 (our gateway) Palmetto

in other words, I added an explicit rule to reinforce what should be happening anyway.  And now it works.  What caused the original problem, I don't know…

My problem is solved.
Set pfsense_Pc as a  Gateway to all office computer whom you want to connect from remote pc(road warier )

@jimp:

I just uploaded a package to add the OpenVPN status page from 2.0 to 1.2.3. Details here:
http://forum.pfsense.org/index.php/topic,22301.msg114826.html#msg114826

oh thank you SO much….this is exactly what i needed!

You can add in the field "custom options" all valid options for openVPN to run.
Just force the tunnel to use the tun "x" you define.