If you are going to run a SIP server, remember to forward port 5060 OK?  I read some places it helps.

Reinstalling the package worked. I have no idea why it didn't grab the package during the upgrade. anyway thanks guys! life savers. :)

I provide the IP of my DNS forwarder (The LAN IP in my case) because I force all traffic through the client.

Ok my fault. I was talking about 800kb/s throughput when running openvpn on the dd-wrt router.
I tought this was clear due to the advice in the previous post.
Thats why i want to use the ubuntu-server.

i installed certificates, but there are some config lines , namely

nobind auth-retry nointeract tls-client ns-cert-type server keepalive 10 30 tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH persist-key persist-tun tun-mtu 1500 mssfix passtos verb 3

which i paste in "Advanced" section in https://192.168.1.1/vpn_openvpn_client.php?act=new

but it still dont work, any ideas?
why i cannot just upload .conf to config directly?

Sounds like you have it all worked out then.  :D

Thank you phil.davis, that's exactly what I did.

Everything is working now.

@kejianshi:

Yeah - Does Win7 sell an upgrade pack to upgrade from Win8 up to Win7?  I'm pretty sure lots would buy it. ;)

Actually it's included with Pro and Enterprise. Just not the media, but many resellers already sell laptops preupgraded to W7 with W8 license.  ;D :D

Yes, a graphical representation of your network (also unmask all the private subnets), e.g. here's a simple one for my home network:

Internet -> PFsense (192.168.50.1/24) -> switch -> LAN

Once we get your network map maybe we'll have a clearer picture, but just a couple things that look weird:

Your config says your WAN IP on PFsense is 192.168.17.107, but then you go on to push DNS on the WAN subnet, which doesn't make sense.  (I'm guessing you want something on the 14.x side, since that's what you are routing thru the tunnel)

Post a network map, so we can troubleshoot further.  Also, make sure your firewall rules (openvpn tab) are any/any for now.

@jg3:

The LAN host here, is 1:1 NAT'ed behind a public IP (not the firewall's).    That's the only thing I can imagine is problematic, but I'm not sure how to pinpoint / fix it.

Fixed!  Thanks for the help johnpoz, your questions set me in the right direction (finally).

I disabled a 1:1 NAT rule I had created that applied to the LAN host on the OpenVPN interface and now the LAN machine can reach the VPN clients.  Great.

I had implemented this rule to cover a corner case of no-split VPN clients needing NAT reflection, discussed here:
http://forum.pfsense.org/index.php/topic,65793.msg359377.html

Hi,

I found the mistake.
It was a firmwarebug in the router. The forwarding was not working.

rgds,

Its a good idea…  Would be great if the keys changed constantly and if the last key used would be the only key accepted for the beginning for the next session also.  I guess...    :-\

I'm guessing you would be using blowfish?  I'm guessing....  I'd never suggest not to use AES...

AES is NSA approved after all, so it must be awesomely unbreakable?

I just a way to allow users to direct traffic to the VPN or a gateway that the VPN sets up. What I want to be able to do is share a Anonymising VPN between more clients. I guess a proxy is probably the way to do it but it would be nice to have an interface of some sort. If all else fails I may setup one of the extra Raspberry Pis or something for a Socks proxy and have it direct to a gateway, but I don't know if the performance would work well.

So any idea??

Thanks

http://forum.pfsense.org/index.php?topic=29944.0

http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/

This is windows?

Do you know the IP of the computers with the share you wish to access?

If so in a file manager, type:

\IpOfComputerWithShare

Like

\192.168.1.10

If thats not working, verify that you don't have firewall rules messing things up.  Also verify that you don't have a subnet range in use in more than one place.