Ok i got it. I had to delete all rules and NAT translation related to wan address and 443. Than i reconfigured OpenVPN Server and now everything is fine.  ;)

I think the group member attribute is what is causing most peoples issues with ad/ldap. Glad you got it working. :)

We had exactly the same situation. With an tun OpenVPN network I have not been able to get it working either. So I created another OpenVPN connection, this time based on a tap-device (see other posts for that). After pushing a route for the client-network in the OpenVPN default setting I now can access files through home–>OpenVPN-->Office-->IPSec-->Customer site.

In this case you can check your firewall logs to see if there is traffic blocked.If it is, just simply create a new rule. System logs can be very helpful.

@costasppc: Hello, Based on this thread: https://forum.pfsense.org/index.php?topic=60201.msg323949#msg323949 in the 2.1.5 in the OpenVPN there is the ability to have gateway groups in the OpenVPN server. Can this be used for having Site to Site WAN failover? Solutions were given at this thread, but is there something new with the latest edition? Best regards Kostas should be mostly the same. 2.1 –> 2.1.5 are mostly bug/security fixes, with little major change to how to use it

It sounds like traffic is getting blocked by the default deny rule which means it is not matching any of your pass rules. Without more detail it's tough to say exactly what rules to add, but try making sure your OpenVPN tab rule is passing traffic in for any protocol and with a destination of 'any'. If that doesn't help, you'll have to post screenshots of the firewall log entries and your firewall rules.

You'd burn more CPU, be forced to deal with a much lower MTU, and genereally have more overhead, but there isn't any technical reason why that wouldn't work if the traffic is allowed across the 'outer' tunnel. Definitely need to use UDP tunnels, I can't imagine the nightmare you'd have from TCP retransmissions and compounded loss using nested TCP VPN tunnels… shudder

In that case you need to set up the adapter to bridge (TAP) instead of route (TUN). Hint: it starts by changing "Device Mode" under your OpenVPN server settings. https://community.openvpn.net/openvpn/wiki/BridgingAndRouting http://en.wikipedia.org/wiki/TUN/TAP happy reading  ;)

I'm not exactly an expert on this but when should't you use NAT: Outbound instead of NAT: 1:1

Have going through the VPN the default and make specific firewall rules that route your traffic elsewhere before the rule that gives you internet.  The computers you want to bypass the VPN should be on static DHCP leases so you can specifiy them in the rule.  Tell me if this response is not detailed enough.

Thanks anyway!

Hi thankx i can access to my network from my house, all this no problem. i install with local domain but when i try login to my domain appearme that the domain no found. Is necessary create access with LDAP?

Anyone?

This is how you set up multiple VPNs.  Tell me if I need more details. Set up all your VPNs 2)  Choose one as default and restart them until your router uses that.  It may help if your defaults outbound NAT rules for default VPN are on top. 3)  Assign static DHCP leases for clients using t he other VPNS 4)  Add fire wall rules above the rule that gives you internet to your random DHCP leases that specifically ports that static DHCP lease through an alteernate VPN.  The rule looks something like this. Interface: LAN Source:  <static dhcp="" lease="" number="">(single host or alias) Destination: Any Gateway: <alternative vpn=""></alternative></static>

openvpn route-nopull will avoid the openvpn-client to force its default route upon pfsense. then you can work with gateway(groups) to configure what client must go where. the downside is that you'd have to add the necessary routes for the tunnel yourself

To specify which DNS server you want used.  Go to System -> General Setup.  Then add your the DNS server you want used. You may also find this useful://www.privateinternetaccess.com/forum/index.php?p=/discussion/2114/ipv6-leak-dns-leak-e-mail-ip-leak/p1