pfSense can route through as many OpenVPN connections as you want, so long as you have the proper routing configured on each leg.

I see (now :)) Probably the config is stored in /var/etc somewhere. Try to find it and see if persist-tun is in it.

If the tunnel is up the devices between the tunnel nodes do not affect the availability of the hosts behind it. Based on your description of your issue, I presume the client is set behind the Cradlepoint and other hosts in the LAN use the the router as default gateway and will have no route to the server sides LAN. If so you will either have add a route to each LAN host at client side for server sides LAN to direct the traffic to pfSense or do NAT to translate the VPN traffic to the clients LAN IP.

Speaking of the OpenVPN app, that thing needs to be updated.  It's GUI looks like crap.

Uncheck "Redirect gateway" in the OpenVPN server setting and enter the subnet(s) you want to route over the vpn in the "Local network/s" box.

I would guess it would work if you create firewall rules in each vlan, source your network; destination theirs, and select advanced options in the rule and manually select the gateway interface. So long as you have it assigned to an interface. Though, admittedly, I am new to OpenVPN.

Thanks, I'll try that and see if it works.

@johnpoz: why would you not just give the user specific IP in your tunnel Even better! But how we specify a specific IP for a user in tunnel ? Same configuration (Client Specific Overrides) with a CIDR / 32 ?

Thanks again for the help.  I was able to get this working using the following. Download the client including the gui manager. Once installed I was able to go in to services and set the openvpn service to start automatically I then downloaded the openvpn-mi-gui program and when I run it I don't have the problem with the admin and it runs the batch files in the config directory as the logged in user.

Hi, Sorry, I can't help you at this time. But maybe you can help me! I am new to pfSense and also have Torguard VPN.  I have successfully installed Torguard on DD-WRT and ASUS Merlin Build routers.  I am trying to get it to work on pfSense 2.3.2. I followed the instructions on https://torguard.net/knowledgebase.php?action=displayarticle&id=208. The wan, lan and Torguard VPN interfaces are up and running. My laptop gets an IP address, but I can't access any websites. What instructions did you use to install TorGuard VPN? Thanks in advance for the help. EDIT: I was able to fix the problem. I started creating screen shots to send to support. When I landed on the LAN Interface page, I noticed that IPv6 Configuration Type was set to “Track Interface”. I don’t use IPv6 and recall seeing on the pfsense forum that IPv6 needed to be turned off.  I tried to change it to “None”.  But I received a message that DHCPv6 Server was active and must be disabled first.  So, I went to Services, DHCPv6 Server & RA, and set it to disable.  I then went to Interfaces. LAN, IPv6 Configuration Type = “None”.  I am now able to access websites.  Problem solved!

"Skip rules When gateway is down" is now off and will stay off!!! I like tagging the packets destined for the vpn in the lan rules … then the floating rule matches the tag and rejects packets so they can't get to the Internet. In practice this method seems to be much faster at rejecting packets. Any, guys, thanks very much for the information ... much appreciated.

so did you look here? https://doc.pfsense.org/index.php/Mobile_One-time_Passwords_with_FreeRADIUS

create a client override for your specific client and then push out the IP you want them to use [image: clientoverride.jpg] [image: clientoverride.jpg_thumb]

Tks… solved... ;D ;D ;D ;D

Thanks Derelict, the authentication is failing and not sure what the correct settings are to use with OS X 10.11.x Some settings in the Server Settings section: Port value: 636 Peer Certificate Authority: MainCA Internal (Is this where i could be going wrong? Do i have to export the authentication certificate from the authentication server?) The Base DN is: cn=users, dc=abcserver, dc=local Authentication containers: cn=users, dc=abcserver, dc=local Do i need to check the RFC 2307 Groups box? What do i put for Group Object Class? Thanks.

For me this turned out to be a problem with Virgin Media, when I started an Open VPN between 2 of their Static IP connections, Started fine, try and transfer any data and both Virgin modems would disconnect their GRE Tunnel. If the client is on a non static IP Virgin connection it works fine, and does not appear to have issues with any other ISP static IPs…..

Have you set a firewall rule on pfSense at OpenVPN interface to allow the access to the other site? Ensure that software firewalls (Windows) at the destination hosts do not block the access.

no, the tunnel keeps running fine. that's the weird thing. if I ping or ssh from pfSense it has no problems. But from "Local LAN" it works the 3rd try.  ???