Thanks for the reply. I can indeed do that but the underlying problem still remains with the transition. I am transitioning from one gateway to another. I think the packets dont like going out via pFsense and back via the MPLS firewall/router. So, as it currently stands, I would have to go all or nothing in the move from one gateway to another. I can make the transition, one office at a time by temporarily adding routes to ALL of our servers for remote office subnets that are not on the new gateway, but I thats a messy solution.

https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Enable_Mobile-One-Time-Password_.28OTP.29_support Probably you need to make sure that the correct version of bash is installed on pfsense since the mOTP script needs bash - or your rewrite the script to work with pfsense's basic shell.

Your free to use whatever client you want to use that has openvpn support. If you want to use openvpn connect, sure - I use it on my ipad without any issues. Are you wanting the openvpn connect client as a download option in the export package?  The server used in pfsense is not the access server..  You can grab the connect client from any access server.. Grab the access server package if you want it, etc. Example just download https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu And your connect dmg is in this path openvpn-as-2.0.7-Ubuntu13.amd_64\data.tar\data\usr\local\openvpn_as\etc\exe openvpn-connect-2.0.7.100.dmg

I downgraded to 2.1.2 (backup restore) but the OpenVPN service does not start because of the same error. I upgraded again to 2.1.3 and the problem has now been solved.

Sorry, You're going to have to use a little longer explanation, to explain your problem. I'm guessing that we're fighting a language barrier  :P If you can give a clear explanation of your problem, someone here will try to help.

I added comment to your post on the other forum. I have v6-over-v4 working with this configuration: push "redirect-gateway-ipv6 def1"; push "route-ipv6 2000::/3";    <<<-----  Global Unicast Address Of course the IPv6 prefix (in the screen shot) is unique from the LAN.  I get a /60 from DHCP-PD. Just FYI:  I also have a second OpenVPN instance running for v4-over-v6.  One thing I found was that you need to use tcp6.  If you use udp6, there is very nasty interface looping. [image: ovpn.jpg_thumb] [image: ovpn.jpg]

You have a strange VPN setup. VPN1: 10.2.6.0/29 VPN2: 10.0.0.0/8 ????? VPN1 is part of VPN2! Why is VPN2 as large? I can't believe that your hardware can manage as many connections. Why is VPN1 as small? By default the server allocates a /30 net for each client. You should clean up this at first.

Add an additional rule to LAN interface underneath the one that directed PC #1 over VPN, that blocks any traffic from this PC to anywhere. If you have additional subnets on other interfaces that should be accessible you have to exclude this. This rule is applied only if VPN id down.

@jimp: Not that I'm aware of, no. Not unless you manually setup a mesh of tunnels. You might look into Tinc. I see, i will take a look =).

Thanks for the reply We have a bunch of servers and for security we limited access to them to a specific group of ip address. Our WAN ip addresses. They are not located in the same location as our PFSense box so we have to go over the internet to connect to them. So when people need to connect to them from home they have to connect to the VPN first. I didn't know that it went through the default gateway so that is good to know. I went ahead and added a rule to the openvpn tab as you suggested and I got the desired effect. My brain thanks you! You are the man!  

It was the firewall on the remote windows machine, I totally forgot that windows blocks shares outside the subnet by default. Thanks a lot!

Glad it all worked out. Like many others around here I find the forums to be a wealth of excellent information for pfsense. It may take a little time, but searching and asking polite questions seems to yield great results (at least for me). Good luck  :D

We use OpenVPN Access Server at work on a dedicated server which replaced our old Microsoft VPN server.  The "engine" is basically the same with exception that the GUI is provided to manage it.  There is one thing I do like about OpenVPN Access Server is the Web GUI for users to install the pre-packaged OpenVPN client created specifically for that user and their certs are generated on the fly.  Long as the users are part of the "OpenVPN" security group in Active Directory they can easily use it. In PfSense I have to pretty much have to install it for each user manually.  It's not big of a deal for a small office using the OpenVPN export add-on but 200+ users it would take awhile.  But once it's installed users don't have to do anything other than launch the client and log on. This is little more what you were asking about but wanted to point out a couple of key differences in terms of deployment. I prefer using PfSense as I don't have to deal with licensing nightmare and very flexible in network configurations.

I was just coming back after taking some time off of work and going to post something.  Thanks for fixing this guys!

I did try that first and only the openvpn server settings were restored, no certs.

Do your showing a public IP there 197.130.x.x how do you think your going to talk to 10.0.2.15.. How exactly are you talking to 192.168.56.107? Where are you VM interfaces on this PC?  What VM software are you running exactly? What exactly are you trying to accomplish here?  Are you trying to run your PC behind the VM pfsense connected to your internet for a firewall between your PC and the internet?  If so that does not have anything to do with a vpn connection.. It wouldn't be needed from your pc to pfsense.

And I forgot to mention, before testing the client I removed the default gateway addy from the TAP adapter.  Even though Windows moved the connection to Public, I could still access what I needed to on our work network.