@viragomann: I don't know about latency issues in 2.4.1 and trouble to install the Client Export package in 2.3.4. However, you can export certs separately if you want. The Client Export tool only bundles config, certs and Windows installer. But why want you use WinSCP? Just use the GUI: System > Certificate Manager > Certificates Thank you very much for your answer. I ended up updating and installing the Export Tool. I'm just hoping I won't have any issues with speeds now…

firewall > rules > lan add the ip of the devices to the list, then under the settings change the gateway to WAN_dhcp. this is how i allow netflix to play on my TV while the rest of the network is under PIA VPN

Thanks viragomann!

Shared key can only have one client per server. You would have to switch to an SSL/TLS setup to have multiple clients on a single server.

It depends on why it stopped. If it fails because of an auth error at PIA, then OpenVPN considers that fatal and exits. We have a fix for that on 2.4.1 and later (using "auth-retry nointeract") If there is something else causing it to exit, then the fix would be different. Have to see the error in the OpenVPN logs to know for sure. If the process is exiting, then using the Service Watchdog package to monitor it will help treat the symptom, but not cure the original problem.

Ok, so I finally figured it out. OMG. I had created a cert with a type-o in it and the verify-x509-name was erroring when I tried to connect to machines that were on the domain. That's why some worked and some didn't, because some were on the domain and some weren't. Once I got that all fixed up everything else was easy. Thanks so much for taking the time to look at this with me.

I am using UDP, currently I have disabled the vpn and am using the windows client. Would really like to use pfsense as I have more than one machine that I would like to vpn. As I said above if anyone needs any more info just ask.

I'd probably put a route to the server in the openvpn client side and a route to the client subnet on the server side…  However, I'm not super genius, so may not work.

I've got this working, in case someone else stumbles on this and has issues my problem was that the username didn't match the certificate name. Andy

Damn I totally forgot to add rules on the only interface firewall that I had to let users use that OpenVPN like I have done with 53 port from DNS Resolver. Thanks anyway.

Thanks for the info. I have done as suggested & posted to the OpenVPN forum.

I should qualify this, it only happens when I am connected to the web page via OpenVPN. Is his normal? The OpenVPN Connection I am attempting to kill is not my web connection, but a separate router

Yes, I use SSL/TLS (+ user auth) for my OpenVPN instances. Thank you for your advice, that was it. So the lesson learned - you need to have a separate CA for a new OpenVPN instance.  :) I created a new CA, then both server and user certificates, assigned them to the 1195 OpenVPN instance and my user respectively. Then finally in Client Export Utility I could select a new entry in the  Remote Access Server drop-down and my user was under this new server. Yes! Exported files had the correct name (with 1195) and worked as expected on my laptop. I only had to correct a few small bugs in my firewall rules.

PFSense is currently running version 2.3.4 and it says there is the option to upgrade to version 2.4.1 I am a little reluctant to do this as it could potentially lead to other issues (especially after reading through some of the problems others have had after doing the same) and it is only affecting one person. There is an option on the 'Certificate Export' page to use the 'Old Windows Installer' ver 2.3.14, as this is also a 2.3 release (as the server), could trying this potentially 'fix' the issue? I will give this a go. It should be noted that several users have been using the 2.4.1 client, as issued by the Client Export page, with no problems.

error=unsupported certificate purpose Generate a new server certificate and re-export the client configuration.

It restarts the openvpn daemon and adds all the routes again. It is possible that route existed due to something else adding it and when you started the client with that route there it could not add it for itself. Then it was subsequently removed. Or something. Impossible to know without seeing that event actually occur.

Thank you for your answer, we have found the error was on the IP dresses of the WAN thank you

Yes, I bounced the tunnel. Didn’t help at all. Then I manually restarted the vpn client. The changed IP was reflected on the web interface. But the result still the same, no traffic is flowing. For now, no clue at all