Thanks dude . it helped

@Derelict:

https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269

Thanks Derelict this looks a lot easier to understand. Interestingly with my current setup (from my last post above), the TCP port 80 for the web interface works perfectly, but to the other ports is still getting 'lost' somewhere even though the rules are setup the same for each one. I'll work through your referenced post and report back my findings later on.

Yes, you have to create a particular CA and server cert for each ovpn server. Only users with certificates from the CA which is assigned to the server can connect to it.
The second server must listen on a different port and use a different tunnel subnet, off course.

any one help
i have added multiple clients but clients not communicating with each other. any specific configuration do i want to add in clients???

Figured out the root cause.  Changed NAT outbound to hybrid and added the rules for the LAN within site B's pfSense. :D

You'll have to post your rules.

Yup, simple policy based routing… Just create a firewall rule using the IPs of your devices as source and send them out gateway to your vpn..

Here I gave example.. of doing just that in this thread
https://forum.pfsense.org/index.php?topic=104449.msg582455#msg582455

@tontoOz:

Could someone please clarify or advise how the name of the server can be used instead of the IP address in the above example?

Completely unrelated to this thread but Server host or address in the OpenVPN client config takes a hostname or IP address.

Very likely it will be just fine.

Another way of looking at it: what's the CPU load on your I7 Win client?

Not exactly an apples-apples comparison, but I'd be surprised if you see an appreciable CPU load @90Mbit/s.

The main thing that would slow down pfSense would be the introduction of a resource hungry package like Snort/Suricata.

With a reasonable amount of memory (1GB would be a start) and the CPU you mentioned, that system should be entirely adequate  for VPN across 100Mbit cable.
You might want to check with your VPN provider if they have any particular configuration issues w/pfSense (or perhaps search the other pfSense boards).

Teddy - Cheers, I will check the Bios! If connected, I'm just going to assume it's working!

Jimp - I have also had confirmation from my VPN provider that support will be added immediately post 2.4 release.

dude I have NO freaking idea what your doing wrong, since you have provided NOTHING in the way of information… What does the log say on both the server and the client when your saying it doesn't log in?

thank you so much I realized that bit defender what blocking the connection to the adapter I edited the adapter as trusted

Thank you so much pretty new to openvpn

Clipboarder.2015.12.26-005.png
Clipboarder.2015.12.26-005.png_thumb
Clipboarder.2015.12.26-006.png
Clipboarder.2015.12.26-006.png_thumb

Found it!!

With the current (2014-06-11) state of VirtIO network drivers in FreeBSD, it is necessary to check the Disable hardware checksum offload box under System > Advanced on the Networking tab and to manually reboot pfSense after saving the setting,

Figured it out.  My Local IPv4 network was being listed as the gateway address and not the scope.

I changed the last part of the ip from .1 to .0.

Thank you I just ended up using ELK to keep all the logs then filter it to find the user and external IP of the OpenVPN

Thank you again ;)

So would the following be a good secure way to issue new certs with minimal disruption?

Create another Certificate Authority.
Ensure the values are correct for my needs and today's standards. <– I need to research guidance on this.
Issue Certs for my clients.
Deploy them one at a time when we have the machine in for maintenance.
Then using the CRL turn off that old cert and eventually remove the entire list of Certs and old CA.

I'm trying to setup 100K predefined users with certification, I created script to add them all.

On what hardware you are trying this to realize?

once the script reached to 9K users, openvpn become very slow.

And writing a script that adds even and only adding 5000 users per run should not work?

Any idea how to figure out what is the root cause for it ?

The CPU is to lame The RAM size is to low The storage is to slow or small

Why not using an external OpenVPN Server? We use CentOS 6.6 and SoftEtherVPN Server on it.
Intel E3-1286v3 / 32 GB ECC RAM / Samsung840 Pro 512 GB SDD
Comtech AHA600 VPN acceleration card (AES-CBC)
Comtech AHA PCIe372 compresison card (on each side)