Thanks GruensFroeschli ! I will see what I can do.

So you only want to access services FROM the roadwarriors withing your existing network and not TO your roadwarriors. I Think you can just enable advanced outbound NAT and NAT from the roadwarrior-subnet to your existing network. For servers in your existing network it would seem as if the connections come from the IP of the pfSense-machine: http://forum.pfsense.org/index.php/topic,7001.0.html

1: I cannot speak from experience, but a few users reported that if you want to use it in a multiWAN enviroment you should use TCP and not UDP as carrier protocol. 2: The firewall rule is only there to allow your client to access the server itself. The connections you tunnel over this connection will not be firewalled. 3: Create a key/certificate pair for each client.

Can you ping by IP?  For the name resolution you might need to implement WINS.

Thank you very much ! I've been searching into the forum but i've not found the answer. Thanks again, Nahuel

Hi all !! solved the problem myself. all is working now The Wizard

Thanks chazers18 and GruensFroeschli for your replies. I don't see any major differences between your posts and mine. I'm thinking that I might have miss-configured something in the routing or nating on one of the boxes. As a follow up, RDC also 'kinda works'. I can connect to one machine (of the two that I tried so far). That being said the connection is unusable; it drops in and out, doesn't hardly refresh, and is unresponsive to input. I am thinking about merging the functionality of the two machines to see if that fixes this. It should simplify things at least… Oh well, wish me luck.

ouch… noob mistake... left the .txt when doing the config file... Now i see the options... The Wizard

Also could you post the output of the log on pfSense?

Wow, that compression option was the problem. I checked the box on the pfSense interface and now its working.  I had kinda seen that in the logs, but since it was a WARNING I really didn't give it much attention.  I'm used to seeing all kinds of warnings in my open source product logs that should usually just be ignored. Thanks for the help!

Hello, do you mind sharing more details of the setup you used that made it work for you? Thanks

Screenshot of WAN rule and OpenVPN log (I think for the ovpn client config above).  I hope this may give some more clues. rgds Tor [image: Rule.JPG] [image: Rule.JPG_thumb] [image: Syslog.JPG] [image: Syslog.JPG_thumb]

I still dont know if this is a PKI or PSK setup. For a PSK setup you just can create multiple keys and sav them. For a PKI i'm not sure… you would have to create multiple CA's and safe them in different locations. Read up on http://openVPN.net how to do that.

Solved. I was adding routes to server side not the client.  Once route added to client side pfsense OpenVPN client it started to work as expected. Thanks GruensFroeschli for your help –Seth

I've tried this and it didn't work. I'll try to change an ip address from an unused device to the 'working' range to make sure I have the same effect. Edit : I've changed the ip from 10.1.101.200 to 10.1.0.200 and then it worked.

I want my client public IP appeared to be my server IP. I installed and set up OpenVpn (all my client traffic is now forced through the tunnel to the server where is NATed) - all works sweet except the one test here: http://www.proxyserverprivacy.com/adv-free-proxy-detector.shtml which detects me using proxy.  All other tests I found (i.e. here: http://whatismyipaddress.com/staticpages/index.php/advanced-proxy-test for example) I passed undetected. Do you have any idea what could the test at proxyserverprivacy can test on?

Pushes only work for PKI's where the connecting clients recieve their configuration from the server. In a site-to-site setup the whole config comes from the local config-file.

Could you desribe this a bit more? Because as i wrote before: there is no firewall for OpenVPN.

Fixed this with a custom ifconfig option :)