Let's assume the SiteA RoadRunner tunnel is 10.42.42.0/24 On SiteB site-to-site Remote Networks put 10.0.0.0/16,10.42.42.0/24 On Site A RoadRunner server Local Network/s put 10.0.0.0/16,192.168.0.0/16 Then routing will work. Make sure rules on OpenVPN at SiteA and SiteB allow the traffic to/from those subnets. Then firewalling will allow the traffic. I connect in like this all the time, to 1 office, and use the whole internal network across lots of offices.

@cmb: Choose the WAN interface you want it to use in the Interface drop down, and don't specify nobind, that'll give you what you're looking for. Ok that's what I have already so I will leave it as is. Thanks

I just tried restarting the VPN and it now works but the other issues of links going down and what not are still pending.  I'll have to see how long this stays connected for.

Hi Yes Ive dont it and i have it to do load balancing just search for my name and HMA and a nice chap suggested how to do it but create 2 clients create 2 interfaces go to routing add your two interfaces and give it a group name set your fail over rule and user the group name as the gateway sorry I cant give you the full detail but Im late and I need a beer . if you need any help just let me know and if I can I will

Thanks for the Help Jimp. Point 1 and 3 Soled. now i am gonna work on no.2 … will revert back once i have it working. regards

Verify you have Inter-client communication checked in the "tunnel settings" section: [image: inter-clientcommunication_zpsfff947b8.jpg] And then the usual… check that windows firewall isn't blocking it.

OK, now I see what you are doing. The floating rule will work because it applies on all interfaces. Now I understand the interfaces you have, I am surprised that what you did at first did not work. Anyway, happy that it is going now.

I'm bumping this topic because I still haven't found a solution. I have done some more troubleshooting and discovered that the problem lies with the home pfsense gateway not forwarding ip traffic from the tunnel (ovpn interface) to the LAN interface. Basically, everything goes just fine for a while, and then suddenly, the pfSense router ceases to forward the traffic to the LAN. This means that the router itself has full access to the work network. It also means that all work network machines have full access to the pfSense home router on the tunnel IP address. But there is zero connectivity between the home LAN and the work LAN. Any ideas?

You have to set your real WAN connection as the default gateway and then use a firewall rule to point all your LAN traffic to the VPN tunnel. In the system DNS settings you need tohave the IP's of opendns (or your ISP) set. This will get the tunnel working reliably. Now go into your DHCP server LAN settings and enter the opendns IP's into the DNS settings. DHCP clients will now use opendns trough the tunnel instead of the DNS forwarder in pfsense. So no more DNS leak. :) The downside is that not using the forwarder might resolve addreses slower and that you will not be able to use local dns names for devices on your lan. If you really need local dns names you could always setup a DNS server and DHCP server on your LAN using another machine. The main point to remember is to not set the VPN as the default gateway for pfsense itself. The pfsense box needs a working internet connection first, THEN you build the vpn tunnel. The reason it works on bootup in your case is because pfsense will skip to the next tier of gateway if the default is down. After openvpn starts running and creates the VPN interface you have the catch-22 problem you describe.

Known issue at the moment, creator working on a fix. https://forum.pfsense.org/index.php?topic=74948.msg409848#msg409848

wunderbar! Yeah, I have a few other rules but they were created from NAT, and DMZ rules were created by me guided by the pfsense community. The only rules in Lan tab is the anti-lockout rule and the default Lan rule. Now all I have to do is update pfsense to 2.1.2 tonight and hopefully no surprises. Thank you so much.

@goodbyte: Dec 22 23:48:23    openvpn[7866]: ERROR: FreeBSD route add command failed: external program exited with error status: 1 I had the exact same issue a bit earlier and it was driving me nuts as it seem only to happen when I was adding a 2nd VPN connection. The first exactly configured the same was working fine. I rebootet pfSense and all worked like a charm

You either need to stop using same certificate for both connections, or check the proper checkbox in OpenVPN configuration to allow this.

If you are using the exact same certificate on all of those, make sure you checked "Duplicate Connections" on the server config.

@phil.davis: You still do not know if 192.168.3.33 can correctly route back to 10.0.8.0/24. From 192.168.3.33 do a "traceroute 10.0.8.1" and see how that goes. The path it takes and where it stops will help you find the device/s that do not know how to route to 10.0.8.0/24. OK, will be next week at the location and will be able to perform the test. Thanks a lot for help, stay in touch for replies next week ;-)

@jimp: Yeah I'm doing that right now actually. Going to move it to 2.3.3. I'll bump the export pkg version when I'm done. Export should be OK now – https://forum.pfsense.org/index.php?topic=74948.0

@BradWaite: For others with this issue, be sure to add a pass rule on the OpenVPN interface. The firewall rules for traffic inside the VPN has no relation to the outside of the VPN, that would have been a coincidence or otherwise unrelated.