After looking for some openvpn configurations in /etc/ I possibly could apply from my existing installation, I was searching the forums until I found this thread OpenVPN config file? and realized the configs are stored in /var/etc/openvpn/ so from the webui via menu "diagnostics" - "edit file" its possible to edit your specific config. Looking at the openvpn logs it seems like it works same as it worked on my existing installation. I have to fully set up pfsense to test if the same configuration would work, but so far it looks good. Thanks

If you can't change your router to act as a (bridging) modem, at least you need to be able to add corresponding port-forwards for your openvpn server. Without a possibility to connect to the openvpn server from outside, it won't work. See OpenVPN Networking

@jimp: The new version of the export package includes OpenVPN 2.4 binaries. They will work fine with OpenVPN 2.3.x servers. The message in that description is warning you that if you have an OpenVPN 2.4 server, and the OpenVPN 2.4 server has features enabled that are only in OpenVPN 2.4, then an older OpenVPN 2.3.x client may not work against that server. Thanks for this explication It's ok Have a nice week-end,

Anyone have any ideas??

To answer my own question, it was pulling routes from OpenVPN. I checked the "Don't pull routes: Bars the server from adding routes to the client's routing table" box and everything is working as desired! Routing before: Internet: Destination        Gateway            Flags      Netif Expire 0.0.0.0/1          10.69.0.5          UGS      ovpnc1 default            InternetIPGoesHere      UGS        em0 Routing after: Internet: Destination        Gateway            Flags      Netif Expire default            InternetIPGoesHere      UGS        em0 Special thanks to FPSRogerRamjet for the help!

Yes, that will work with pfSense and also with only one interface. Do you plan a remote access server or a site-to-site? A site-to-site would be more comfortable for the remote users. In both cases you will have to add a static route for the remote site to the file server pointing to pfSense. If it's an access server for the tunnel subnet, if it's a site-to-site for the remote users LAN.

Yup - i think that fixed it.  I switched from "All" to multi selected.  All seems to be working now! Huge thanks for your help, truly appreciated!

How do you connect to those other /24 ranges? Is there some other router involved? In all likelihood the traffic leaves pfSense heading toward those other subnets but can't find its way back.

Can this be fixed on the next stable release?

Not currently, no. It may be possible with changes to some of the nsis scripts used to do the install but it's not something that gets requested often and I'm not sure how complicated it might be. Windows installers are not something I like hacking on ;-)

It's working ! I don't do anything more, just sleep a long night and it's working ! Amazing ! … Yesterday, my test don't work because i must drop existing tcp/udp flow before testing

@TheIPdude: I experienced the same problem! How did you solve it?

When you make a new CA, you have to remake all of the server and client certificates to go with it.

Is it possible to map a VIP (10.0.8.1) to a local ip (192.168.x.x)? so that the camera app can search the local ip cam

Can we assume no news is good news?

Yes, I've set up two openvpn roadwarrior servers, one per wan interface with same configuration both but different TCP port, because we have two DSL lines, is there a better way to set up X openvpn roadwarrior servers listening to diferent DSL lines without create X different networks? I want to simplify the client override settings, because we are assigning an static ip to some users, and if we create X networks we also need to create X client overrides thanks

10.0.50.3 is in the same subnet as 10.0.50.2/30, it's the broadcast address for the first users subnet. 10.0.50.2/30: 10.0.50.0 … network 10.0.50.1 ... server 10.0.50.2 ... client 10.0.50.3 ... broadcast You may give the second user the next /30 subnet, that's 10.0.50.4/30, so the client will get 10.0.50.6 and the server 10.0.50.5.

@Derelict: That'll do it. Indeed. For my own understanding, why would OpenVPN allow one connection though? I get that 10.8.15.0/24 couldn't get outside of VLAN 15 because there were no routes outside of it, but why would the first connection be able to get to all other VLANS? Is OpenVPN somehow above the law so to speak in the network stack?

Another possibility is "helpful"(?!) browsers auto-filling/auto-correcting on screen forms. Might be worth trying a different browser just to be sure.