I figured it out. It was the "keepalive 10 60" option which is put in the server configuration automatically by pfsense. This should really be optional! That option in server mode is equivalent to:

This tells the client to restart the connection if it goes 60 seconds without a ping from the server. If client A connects, then client B connects with the same common name, client A loses their connection. However, client A doesn't realize it lost its connection until it never receives a ping from the server, which then results in client A restarting. Then the same happens to client B, then back and forth. Why would this be the default? I had to edit openvpn.inc to remove the "keepalive" option, then push "ping-exit" to the client instead of "ping-restart".

Please read up how firewall rules on pfsense works.
Create two rules on the wlan interface.
1: allow, source: wlan, destination NOT lan
2: allow, source: wlan, destination ip_of_pfsense_on_wlan

like this everyone can access the internet.
People with openVPN will be treated as if they are connected to another interface on the pfsense and will be handles according to the rules you create on this other interface.

Following this thread did not solve everything until I added the addresses of DNS servers in the OpenVPN server configuration page under the "DHCP-Opt.: DNS-Server" option.  In may case I added the addresses for OpenDNS, although I doubt that matters.

My Xp Client is connected to Openvpn.the problem was on Client side in My pfsense.ovpn i have comment out #dev-node ovpn.
now my new setting will be
C:\Program Files\OpenVPN\config\pfsense.ovpn

float
port 1194
dev tun #dev-node ovpn        //comment it
proto tcp-client
remote 203.xxx.xxx.xx 1194
ping 10
persist-tun
persist-key
tls-client
ca ca.crt
cert client01.crt               
key client01.key
ns-cert-type server
#comp-lzo ? to enable LZO remove the #
pull
verb 4

yes

what would be the point of such a setup?
I mean the idea of having multiple remote declarations is, if one is down you can move to the next.
Do actually have multiple openVPN servers in the same location on the same internet-line?

Can anyone offer any further details on this issue?

I'm hitting some bumps getting bridging configured and am wondering if this is the trouble. I bought the book in hopes of getting some more light on this - it pointed me back to the online community.

I am sorry to bump this, but i reely need some help here or maybe some directions i can check of fix. but guess none have thought in this.

We attempted to set this up previously with 1.2.2 and had major issues where connectivity was failing until we disabled the VPN tunnels. The instructions we followed were from the OpenVPN site. Perhaps they must be modified on pfSense or we did something wrong? Single OpenVPN tunnels were fine.

@Cry:

If you can ping from the OpenVPN client to the LAN then routing is working.  Anything else comes down to firewall rules, either on the clients or on the pfSense host.

**Do you have rules on the LAN interface allowing communication to the OpenVPN subnet (remember, the default is block)? ** Do the OpenVPN clients have any software firewalls?  Is the unspecified service you're trying to access bound to the OpenVPN interface on the client?

I had to add the rules to the LAN interface to allow traffic from the LAN net to the OpenVPN subnet.  Now it works. Thanks!

So to summarize, getting this to work required me to do the following:
  1. I followed the steps in the section "Including multiple machines on the client side when using a routed VPN (dev tun)" of http://openvpn.net/index.php/open-source/documentation/howto.html#scope
  2. Add a rule to the LAN interface to allow all traffic from the LAN net to the OpenVPN subnet.

Thank you for your answer  ;)

Did you assign the OpenVPN interfaces as OPTx interface?
Then created appropriate firewall rules on the OpenVPN interface to allow different subnets?

I read that it is only possible with pfSense 1.2.3, isn't it ?

My two pfSense boxes are in version 1.2.2.

@GruensFroeschli:

You can set in the custom "custom option" field which tun will be assigned to which connection.
See the OpenVPN man-pages on how to do that.

@tester_02:

2.  If i currently only want port 80 traffic through the vpn, add I would have to do is set a firewall rule to allow port 80 on the opt1 adapter from opt to lan? (if I remember right all traffic is blocked and the rules overwrite?).

What exactly do you want?
Allow what kind of traffic from where to where?
Can you describe that and show a screenshot of the rule you already have?

Thanks for support!
I did figure out which vpn was which by assigning the opt and seeing which ip it was assigned.  So now I have both vpn's assigned.
Opt1 is my site to site vpn, and Opt2 is my roadwarrior style.  The only setting I have on it is that I set the bridge to disabled, and I set the ip address to match my setup in the openvpn settings. 
  What I am a bit of a loss at is the firewall blocking.  What I want to do is just allow port 80 on my opt1.  So I just setup a rule to only allow tcp port 80, as I believe everything else is blocked by default in pfsense.  It does seem to block traffic from the other site to mine.
  The problem is that I can still connect directly to other ports on the remote site.  What I am guessing is that the NAT is causing my problems?  Would I have to override the automatic outbound nat, and set it for AON.  The problem there is I am not sure about the rules..
Background info..  local net 192.168.4..  Site 2 192.168.1.

I am still a bit of a loss to all this, as I would have assumed that opt1 would block all traffic unless I open it up.  That NAT portion makes a bit of sense, but I would have originally thought the rules would override it.

Any help is appreciated.

D'oh.
Well i never use PPTP…

Another option would be to have a connection from each client to swissvpn...
But if that is practical  ::)

I played around a bit with the OpenVPN options.

On box 1: The Server uses port 1194 (UDP); the client uses port 10111 (UDP)
On box 2: The Server uses port 10111 (UDP)

When i check the "Dynamic sourceport" checkbox in the client configuration everything seems to work fine!

I will run a few tests later.

I will second that it is covered quite extensively in the book. He's not only saying it because he helped write it  ;). I have not actually set up any openVPN on pfSense but after reading through those chapters I feel prepared to do it.

Thanks folks, I got it. I feel silly for not figuring that out. Can't wait till my pfSense book gets here, hopefully that will cut down on the forum posts :)

Thanks again.