Should look like this when you're done.  

To be clear, netrefer, this is a user forum, where we try to help each other out. This isn't a ticket system for technical support. Developers of the software do post here at times, but no one is obligated is to resolve your issue. If you want help, you need to include relevant information and answer the questions people are asking. To answer one of yours, no you cannot use telnet to connect to a UDP port.

Hi Jonny, Your explanation could use some clarification, what I understand is that you have two subnets and you want them both to be accessable for OpenVPN clients. If that is the case I guess you can just use the "push-route" option like so: push "route 192.168.1.0 255.255.255.0" You wouldn't have to map ports although you will need to create some firewall rules on the OpenVPN interface to allow the traffic you require.

@MrHorizontal: You're mad  ;D But if you really want that, WINS with replication (courtesy of Samba) would do it for you. Why yes, yes I am. :) I would like to do that without running Samba on both sides. Mainly for customers who don't have or want a WINS server. I've tinkered with using Samba for WINS on pfSense as a package, but running Samba on a firewall has always made me feel uneasy.

found the answer on openvpn site. http://openvpn.net/index.php/open-source/documentation/howto.html#security

A follow up on this: Scrapped bridging for now - followed the tip on enabling the Avahi package and I've got the functionality I was looking for. http://forum.pfsense.org/index.php/topic,22561.0.html Hope this helps others out there - Thank you!

Ah I see now. Sorry, I overlooked that.

So you'd want pfSense to hook into your VPN, which is Cisco on the other end? That's a little different, but again it may work in 2.0 as it should support xauth, which is how Cisco's VPN client does the authentication beyond using the psk/group/etc. Not sure if it would work, but it stands a better chance.

Before you edit, run: /etc/rc.conf_mount_rw And then after, run: /etc/rc.conf_mount_ro

Just thought I'd post the eventual solution, in case anyone else ever has the same problem.  I added a static route: Interface  Network  Gateway  Description WAN 216.251.231.64/32 (our gateway) Palmetto in other words, I added an explicit rule to reinforce what should be happening anyway.  And now it works.  What caused the original problem, I don't know…

My problem is solved. Set pfsense_Pc as a  Gateway to all office computer whom you want to connect from remote pc(road warier )

@jimp: I just uploaded a package to add the OpenVPN status page from 2.0 to 1.2.3. Details here: http://forum.pfsense.org/index.php/topic,22301.msg114826.html#msg114826 oh thank you SO much….this is exactly what i needed!

You can add in the field "custom options" all valid options for openVPN to run. Just force the tunnel to use the tun "x" you define.

I figured it out. It was the "keepalive 10 60" option which is put in the server configuration automatically by pfsense. This should really be optional! That option in server mode is equivalent to: ping 10 ping-restart 120 push "ping 10" push "ping-restart 60" This tells the client to restart the connection if it goes 60 seconds without a ping from the server. If client A connects, then client B connects with the same common name, client A loses their connection. However, client A doesn't realize it lost its connection until it never receives a ping from the server, which then results in client A restarting. Then the same happens to client B, then back and forth. Why would this be the default? I had to edit openvpn.inc to remove the "keepalive" option, then push "ping-exit" to the client instead of "ping-restart".

Please read up how firewall rules on pfsense works. Create two rules on the wlan interface. 1: allow, source: wlan, destination NOT lan 2: allow, source: wlan, destination ip_of_pfsense_on_wlan like this everyone can access the internet. People with openVPN will be treated as if they are connected to another interface on the pfsense and will be handles according to the rules you create on this other interface.

Following this thread did not solve everything until I added the addresses of DNS servers in the OpenVPN server configuration page under the "DHCP-Opt.: DNS-Server" option.  In may case I added the addresses for OpenDNS, although I doubt that matters.