The conflict is that you DIDN'T set the virtual interface IP to a 10.10.10.0/24 IP but to a 192.168.9.0/24 IP
–>"Interface IP" field on the client

read the stickies or one of the many threads regarding this problem ;)
http://forum.pfsense.org/index.php/topic,7001.0.html (the red part below)

I again searched the threads and found a lot of stuff, I did not have seen before. So, finally I could manage to route all the traffic through the firewall.

i got it going thanks to GruensFroeschli's tip - you just need to follow the steps like this:
1,2,5,3,4,6,7

instead of the assumed:
1,2,3,4,5,6,7

Do you push the route to the remote location of the site-to-site connection to the RoadWarriors?

(The man pages to OpenVPN: http://openvpn.net/index.php/documentation/manuals/openvpn-20x-manpage.html )

Yes it can.
Take a look at the stickies as there are how-to's on site-to-site and roadwarrior-setups.

In your case you can have multiple site-to-site connections (Shared Key Infrastructure)(multiple instances on the server),
or you have a single server and all clients connect to this one (Public Key Infrastructure).

In the second case you can/need add client-specific commands that automatically add/pushes the right routes.

Please open a ticket at cvstrac.pfsense.org

http://openvpn.net/index.php/documentation/howto.html

Copy the files to a safe place. You could copy them carefully into something like KeePass from http://keepass.info where the keys can be stored encrypted.

Update!

I managed to get it all working as I wanted, but ended up cheating in the end…

I added routes to 0.0.0.0/1 and 128.0.0.0/1 via the OpenVPN Tunnel!

One of these days, when I have some time, I'll try get it working the correct way!

GruensFroeschli, thanks very much for all the assistance. I would still have been stuck without your help!

i was playing with that push option, true no need fot that one (ifconfig-push)
i will try to set it with shared key, thx

Could you post the log-output when the tunnel comes up?
Also the config-files on the server and the client would help.

Seems ok, certainly not worlds apart from my own config which does work fine.

It would be good to check:

as it's probably either networking related or a problem with that individual client.

http://openvpn.net/howto.html#redirect

for embedded this should work…

fetch -o /etc/inc/openvpn.inc http://pfsense.trendchiller.com/patches/openvpn/_etc_inc/openvpn.inc
fetch -o /usr/local/pkg/openvpn.xml http://pfsense.trendchiller.com/patches/openvpn/_usr_local_pkg/openvpn.xml
fetch -o /usr/local/pkg/openvpn_cli.xml http://pfsense.trendchiller.com/patches/openvpn/_usr_local_pkg/openvpn_cli.xml
fetch -o /usr/local/pkg/openvpn_csc.xml http://pfsense.trendchiller.com/patches/openvpn/_usr_local_pkg/openvpn_csc.xml

Well i can confirm Debian box as OpenVPN client to pfsense server has been up solid for over 24 hours now no problem. Link is still solid. This is probably something to do with the client, i will post the client configs tomorrow.

I appreciate what you say about bugs and reporting, i am sure it would have been reported also and maybe this is something i have done wrong but one things for sure i have seen weird stuff like this before like with OpenWRT and netfilter working ok with NAT redirects for 24 hours and then randomly remapping to a different port for no reason!

Thanks for the time really appreciate it.

Regards,

Chris

http://openvpn.net/
http://openvpn.net/index.php/community/mailing-lists.html

You might be interrested in this:
http://openvpn.net/index.php/documentation/install.html?start=1

Notes – Firewall on the Windows client

In general, it's a good idea to always protect a VPN client or server with a firewall.

The important points for setting up firewalling on a Windows system running OpenVPN are:

1. Make sure that your connection to the internet is always firewalled, especially when you are running a VPN. VPNs create trusted relationships between geographically disparate networks, and if any network on the VPN is compromised by a virus or worm, the exploit has the potential of jumping across the VPN and infecting other machines.
  2. You can enable firewalling on a given network adapter by going to Control Panel -> Network Connections, right-click on the icon that represents your link to the internet, select "Properties", go the the "Advanced" tab, and enable "Internet Connection Firewall".
  3. If you are running OpenVPN as a server on a Windows machine, you will need to configure your firewall to allow incoming clients to connect to OpenVPN's port number which is "UDP 1194" by default.
  4. In general, running OpenVPN as a client doesn't require any special firewall configuration, provided you use the --ping option to preserve the state of the OpenVPN connection in the firewall.
  5. In general, you don't need to enable firewalling on the TAP-Win32 adapter. Once an IP packet appears to be "coming in" on the TAP-Win32 adapter, it has already been decrypted and authenticated by OpenVPN, even though the connection between OpenVPN peers might transit an untrusted network such as the internet.
  6. One case where you might want to firewall the TAP-Win32 adapter is if you are connecting to an untrusted machine, or a machine which will route or bridge your connection with an untrusted network.

Make sure you are using unique users for each client. If you login with the same user from another location the old session will be disconnected. It's the same for PPTP for example.

Umm, this is about running OpenVPN on pfSense - if you want to ask general OpenVPN questions you're best on the OpenVPN list ;)

That said, yes - or you can just tell the OpenVPN server to listen on all interfaces.