pfSsh.php playback gitsync RELENG_2_0
reinstall package
profit even more (since fixes after 2.0.3 shipped are included in the gitsync)

I don't have your answer, but I did notice that the page linked is for openvpn access server,  which iirc is the commercial offering and is not the open source package that is used in pfsense and other linux distros.

So the first thing you will want to determine is if your feature is also available in the open source edition.  Sorry for the non answer but since nobody else had replied maybe you will find this helpful.

Thanks for the reply, where can i find it?

Resolved the issue by saving the file in /etc/ and as file type .txt.

That's exactly the help I needed, thanks so much Jeff!!!

@phil.davis:

You are having a "road warrior" server at Site A to "dial-in", then a site-to-site link from an OpenVPN client at site A to an OpenVPN server at site B.
The tunnel network for "road warrior" and "site-to-site" have to be different subnets - what is in the original post is fine. (I think marvosa has misread your post, as I did when I first looked at it quickly)
The local network at site A and site B have to be different and not overlapping. e.g. 10.0.0.0/16 and 10.1.0.0/16
Then it is all standard stuff, no real challenge for pfSense. Put the appropriate things in local and remote network fields of the VPN settings, allow stuff in firewall rules, go.

All right, it mean that i`m on the right way to apply this. i will give it another try and may also check the firewall settings - the problem could be there..
many Thanks!

@phil.davis:

For site-to-site links connecting private subnets at multiple locations, and servers for road-warriors connecting in, then you don't need an interface assigned. You can do it all with ordinary OpenVPN config - putting private subnets in the appropriate "local network" and "remote network" fields of the GUI, adding client-specific overrides for site-to-site with multiple clients from remote sites connecting in to 1 server… The GUI fields result in the necessary routes being created, then you use the general OpenVPN tab to allow traffic - often you only want/need to allow traffic between your various private IP subnets.

As doktornoktor says, if you are OpenVPNing out to a server somewhere for general internet access, then you probably need to add a gateway on the link, and direct certain (or all) public internet traffic over the link... and that needs the interface assigned.

If you are providing roadwarrior access with openvpn, you could use squid and squidguard to speed up your connections, so in this case you need the interface also assigned.

I was having the same issue and opened a ticket with PIA on it.  I was basing my config off what was provided in the client support site and their instructuctions for pfsense https://www.privateinternetaccess.com/pages/client-support/#pfsense_openvpn and the openvpn config files.  What I learned was to ignore their instructions – i told them they should update them after we realized they were wrong.

===

The first major issue I notice is that we don't use TLS auth, and LZO compression appears to be disabled, could you go ahead and correct these two things and try again? You should also only need to Auth-User-Pass line, everything else under advanced can be removed, as it's handled purely in the main configuration window.

Thank you,
Alexander B

Tier II Technical Support/CSM

Private Internet Access™
https://www.privateinternetaccess.com/

=======

Attached is a copy of my config that is working.

config.txt

Well, if you cannot reboot, then wait.

Leave it on TCP unless you travel far far away - hundreds of miles or more.
After that, switch over to UDP.
Pretty much all devices will allow multiple configurations and are easily selectable via GUI in the clients.
So, just run 2 instances of openvpn on your server.
This is good idea for anyone really - Just to guarantee access with multiple accessible ports/protocols.

I'll add it to my PortableApps thumbdrive I keep handy for when I'm forced to go slumming on a windows machine  :)

Its in their repo - I added it.

Post your server1.conf and client1.conf.

Just out of curiosity, what kind of device is on the server-side?

Ok, so PFsense on both sides?  Lets take a look at your config…post your server1.conf and client1.conf.

Thanks for the advice!

I have to wait until after hours to make changes but hopefully will get to it tonight.

-j

No. The pfSense box is the client (I already have it running just fine as a server using the method you describe).

I have imported the external CA certs and client cert etc but the tunnel won't establish. I'll pull some logs together and post here.

@GruensFroeschli:

How are you testing this?
If you test by downloading from a windows share, then this does in no way reflect the speed the tunnel is capable of.

Are you using TCP or UDP as transport protocol?
In general you will have better performance when using UDP.

Yeah that what I was thinking. Windows share shows about 600k/s and when I look at the WAN interface charts I do see it uploading at all 5Mb/s. I use UDP.