So you have your sites connected to a mpls cloud.  And these sites also have internet where you run a vpn tunnel between the locations.

Now you want to auto use the vpn connection over the internet if the mpls is down?

As helper stated this is normally done via running a routing protocol.. If the mpls goes away that route drops off and you use the less priority route.

well i just ended up reinstalling pfSense again from scratch  and its working the OpenVPN its just odd this happened

Thanks again

I found a workaround of sorts:

unchecked the "bridge dhcp" box left "bridge interface" set to none left "server bridge dhcp start" and "end" blank

in custom options i added:

server-bridge 10.1.0.1 255.255.255.0 10.1.0.150 10.1.0.200; push "redirect-gateway def1"

(it was the "server bridge" command that was setting the wrong gateway in the openvpn config.  As i wanted to keep all config in the xml, this seemed like the easiest workaround)

thanks!

-bmwt

Some update here.

No problem with OpenVPN Client 2.3.14

Only higher versions are affected

problem solved.
decreased "time period" (Time period in milliseconds over which results are averaged. Default is 60000.) to 5000
Now wan correctly goes down, OpenVpn do not crash.

Never mind.
The things I wanted to add to the config needs to be done on the client-export tab.

This is resolved now.  8)

@bilbo:

Did either of you get this to work?

yes i did. I've setup an alias for BBC as per the below screenshots…

It seems to work fine for me - i can leave all IPs on my network connecting via VPN but only BBC sites get routed to bypass the VPN.

I just need to work out/find the IP address range for Netflix now!

HTH

EDIT: just to confirm this works on both iPlayer website on my PC and also on iPlayer app on Samsung TVs. It also unblocks entire BBC website

Capture.PNG
Capture.PNG_thumb
Capture1.PNG
Capture1.PNG_thumb
Capture2.PNG
Capture2.PNG_thumb

Your OpenVPN client configuration is set to require a password but there is no password entered in the GUI for that client. The server may be pushing that requirement to the client.

Whew,  :) thought maybe I was losing my mind for a moment and somehow what I thought was 48 bits had changed.

Just to let you know that I had this same error when check Microsoft Certificate Storage. I just have test it in Windows 10.

Hello good afternoon.
The "rsocarras" tip helped, it usually ran OpenVPN in the grandstream gxp1625.

Thank you.

Hi all,

I investigated it.
For information:

Certificates are saved in file /conf/config.xml between tags
1. decode certificate
cert=echo $crt | openssl enc -base64 -d -A
2.  obtain expiration date
date=echo $cert | openssl x509 -noout -enddata

I have been trying to get OpenVPN to work with softether through pfsense for awhile.  If you have had the same problem as me, then your port is not open.  This can be tested through a website.  I ended up doing a NAT redirect to the router from WAN port 443 (the port I will be using for openVPN).  You can setup an alias for multiple ports.  I'm guessing this can be done easier with just opening ports, but I can connect now, which is all I care about.  I attached the NAT redirect that I did, but I am sure someone can probably chime in with a better solution.

NAT.png
NAT.png_thumb

I can confirm that the iPad cannot now connect to the remote network!

It appears that only the first connected VPN client is able to traverse to the primary LAN.