Thank you very much deltalord. It works very well.

Gladly:

I can confirm the problem is fixed.
The connection was successfully tested with remote clients with windows 7 and 8 and openVPN gui version 2.3

Try looking at the following, found by random Google searching:
http://forums.freebsd.org/archive/index.php/t-26035.html

http://www.linuxquestions.org/questions/linux-newbie-8/error-pem-routines-pem_read_bio-no-start-line-pem_lib-c-644-expecting-trusted-certif-654698/

http://forums.freebsd.org/showthread.php?t=26035

http://www.question-defense.com/2009/07/08/litespeed-ssl-error-error0906d06cpem-routinespem_read_biono-start-line

http://stackoverflow.com/questions/3617293/openssl-pkey-get-public-not-open-public-key-no-start-line-error

I ended up using an OPT interface in pfsense and giving it a seperate subnet from my lan.  Just setup a rule in opt interface firewall rules  to allow traffic from the opt subnet through the openvpn gateway.

I should also add that i'm using two nics on the machine i'm routing through the vpn.  I also use forcebindip to force binding applications i want to to the nic connected to the opt interface.

I am trying to do the same as you and it works as expected if the VPN is up.. However if the VPN is down or you disable the service it seems to route through the default gateway regardless of rules. Do you see this as well?

Jimp to the rescue!

Thank you, that was it. I did not check it because computers were connecting fine.

Best regards

Kostas

Use Diagnostics->Routes to see what routes are on each pfSense. If you have the local network and emote network in the OpenVPN config correctly, then there should be routes on each box to the opposite LAN.
And yes, the WAN of each pfSense should be fine pointing to your D-Link router 192.168.0.1 - in your test environment, 192.168.0.0/24 is playing the role of the real internet.

@johnpoz:

So your fully working and functional now, even to your window boxes, which I take it were running firewalls blocking the traffic you wanted to allow.

So you get your browselist working, or live without that MS nonsense ;)

As you said (without that MS nonsense)…thank you man your a hero .

Need more specifics to troubleshoot.

Which guide did you follow to set up the tunnel?
Post your Server openvpn config
Post your client openvpn config (site b)
And I have to ask… but is there a PFsense box on both ends?
Post screen shots of firewall rules on both ends on the openvpn tab

I figured out the answer to my problem.

I needed to add a route to the gateway at B for the subnet IP's being assigned the the vpn users

The OpenVPN Forum thread is:

Involvement of FOX-IT in OpenVPN
https://forums.openvpn.net/topic10180.html

I saw it in a Wilders Security Forum thread:

Involvement of FOX-IT in OpenVPN
https://www.wilderssecurity.com/showthread.php?p=2196713

The Wikipedia page on FOX-IT:

http://en.wikipedia.org/wiki/Fox-IT

Edit: The AirVPN forum admin just said this:

Basically the statements by Sommerseth hold and Yonan's analysis, as well as the OpenVPN community work and
the peer-review of OpenVPN after 4 months from that thread, show that there's no such vulnerability neither on
OpenVPN 2.2.x nor on OpenVPN 2.3.0. Additionally, Palatinux team members have proved unable to support their
claims, even after a clear invitation to do so by Bakker from PolarSSL (see his message on the very same thread).
Unless Palatinux provides evidence of their claims (and in 4 months they failed to do so), all the stuff is just an
attempt to inject FUD (Fear, Uncertainty and Doubt) for purposes we are not willing to comment.

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=8070&Itemid=142

It might be bad form to answer your own question but I wanted ensure that this thread has closure.

I found the solution. I had to manually create an interface for VPN (OPT1) and bridge it to the LAN interface. I had assumed that the wizard & settings would have done this automagically like it is on other firmwares.

This worked like a charm, Thanks!  It makes a lot more sense now.

Have a good one.

While connecting through ubuntu client system following error occured
NOTE: unable to redirect default gateway – Cannot read current default gateway from system
Is it causing the issue.Can any one help me.........