Got it.  LZ0 compression is on in the config file supplied with the how-to in the wiki, but i did not have it turn on @ the pfsense.  Removed the LZ0 line from the client config, and everything seems ok.

I want to have a LAN Party with remote locations.  I would like to avoid lag (unless the lag only hits them and I can win easier!)  ;D.  We tried to use the Sony servers and could not get on…I guess they are selling a ton of playstations.

@noitalever:

I have on the client side: (which is the 192.168.250.1 Lan)

Protocol  TCP
Server address :70.xxx.xxx.xxx
Server port :1193
Interface IP  192.168.10.0/24
Remote network  192.168.252.0/24

and on the server side,

Protocol  TCP
Dynamic IP  is checked
Local port  1193
Address pool: 192.168.10.0/24
Use static IPs  not checked
Local network  blanked,
Remote network  192.168.250.0/24

I think that this could help, you should set a rule a for a push route so the client side know what is what on the server side? (email servers Domain controllers?)

push "dhcp-option DNS x.x.x.x";push "dhcp-option WINS x.x.x.x"

that was the old school way now they have a fill in the boxes with your needed servers ip

also shouldn't you fill in the local network in the upperbox?

Ok,

I will give it a try on monday, and check if the routing table changes after I fail WAN1 and my clients reconnect through WAN2.

I'll post my findings here,

Thanks a lot!

Regards,

Diego Bendlin

ooookee…..
Without any information (and you provided next to nothing in your last post) i wont be able to help you.

But as a prelimary nogo: using different subnets on the same tunnel is bad.

I have a problem with: "reading before posting"

I read the Pfsense and OpenVPN for new users tutorial and managed to configure it.

The thing is that i was trying to make road warrior work as site-to-site.

I will keep in mind "search before ask" in the future.

Thanks GruensFroeschli for your time anyway

Hi Gruens,

Thanks for  your inputs. Here is what I'm planning to setup, install Pfsense as firewall in all of the sites and configure the OpenVPN client/server setup. The subnet is a trusted subnet, and the scenario would be e.g., clients on site 1 will able to see/share files on the Head Office subnet and vice versa.

LAN subnet
    |
    |
pfsense HeadOffice
OpenVPN server
    |
    |
pfsense remote site 1
    |
    |
Remote LAN

Regards,

Jan

many thanks :)

Humm, today I gave up and installed IPCOP. OpenVPN works fine on IPCOP and has been solid so far, any ideas on what could be causing this with pfsense?

It is obviously not hardware.

Thanks
Keith

Yes you can do it i have it set and running right now i *think

set up a test and let it rip

The WARNING: 'ifconfig' **** "statement means that you have not setup the client in openvpn properly,

going off the information you have provided the client machine must have

interface Ip = 192.168.252.0/24 and remote network = 192.168.1.0/24

Just for the record. My problem had to do with routing. And I can confirm that the server-side pool addresses are the same as the remote LAN. What I dont understand is how I got everything to work following that documentation if it is fundamentally wrong in that aspect.

Thanks again,

Pedro

OK, I understand now. Thanks for your help I appreciate it ;D

The only subnet that's created is a "transfer net" between the two OpenVPN nodes. You can use some completely different one (10.x.x.x or 172.16.x.x) and it is only used for communication between the OpenVPN endpoints. In normal use you don't have anything to do with it, you just work as the other sides ip range is a local one. Nothing to get worried about. There's a nice howto explaining the steps setting it up that way. I suggest looking into it.

Greets Grey

However, a clean (and common) solution is to simply arrange for the pfSense host to be powered up N minutes after the ADSL router/modem, which is what we're suggesting.  Building a list of services that need restarted, while a fully-featured solution, isn't likely to be trivial (you need to build a full dependency list for a start) and I'd suspect that you'd need to raise a bounty for such work.

As for the OpenVPN config, if you SSH onto the pfSense host and look in /var/etc you'll find a file called something like openvpn_client0.conf.  If the connect-retry option is set you'll find it there.  If it isn't then you'll need to provide it in the "Custom options" field of the OpenVPN client config.  Note that this only works for TCP clients (as detailed in the OpenVPN man page).

@IsNoGood:

any Idea about midnight commander that will work ?

Yes, installed it here and working fine.
Add it from a shell: pkg_add -r mc
Don't know why but it's not working until you reboot the pfSense.

I must be mis-reading what was questioned at first - I got the impression the original sub-nets would stay the same (including the sub-net masks) but he wanted to use just one gateway…

If so then - never mind :)

gm...