Thanks for the info.

@GruensFroeschli:

The OpenVPN interface is not firewalled.
The virtual OpenVPN interface is treated like a normal interface, just without the firewalling capabilities.

To be able to NAT from the OpenVPN subnet to the internet:
http://forum.pfsense.org/index.php/topic,7001.0.html

Thank for your reply but I still don't understand/analyze the configs/directives that i'm missing.

Do I have mo add a LAN interface alias (192.168.10.1 ) for my openvpn segment or just having advance Nat  192.168.1.0/24 & 192.168.10.0/24 for my LAN & openvpn will suffice? or do I have to do both?

I need to be precise in my configs because my box is running in the production and I dont want to encounter system downtime, that's why I'm analyzing my situation carefully.

Again thank and good day.

tnx. all.

solved

recreated everything once again, like http://forum.pfsense.org/index.php?topic=7840.msg44065, just created a few ovpn_client files
and it works.

Thank you! ;D
Not so good with all that code…

It created 3 files test.crt
test.csr
test.key

All normal?

What is the csr for anyway?

I will try it later and let you know

Thank you very mutch

No, I don't have that option in the client configuration, today I've changed again the configuration this time using UDP as protocol with LZO compression and some specified ports besides 1194 and voila, it's working  ;D
I can see that the client used port 1194 instead of any random port, weird, right? Anyways it's working and that is what matters!  ;D

Hi

err….address pool.... :P

cheers,

With so little information, I doubt it.

Can you provide a simple network diagram, showing the networks and the IP ranges.

Thank You sir!  :)

@GruensFroeschli:

Also please provide the config-files of the server and the client.
http://forum.pfsense.org/index.php/topic,7001.0.html

Mostly the file of the client since you seem to have missconfigured something there.

Hello

I had the same problem as you, change port from UDP 1194 to TCP 1194 for both client and server and it worked.

try it.

Edward

How would you connect to the pfSense?
Does each client install OpenVPN or do you have another firewall solution?

they all had different certificate but the common name was the same in the certificate.

I hate myself sometimes! ::)

I'm checking settings trying to connect from Net2 to Net1 - of course the only way is to route this through Net0 using both VPNS. Now it should be easier to understand. The main VPN server in Net0 is pfSense

Well that explains it heh - havent messed arround much with VPN at all -

Anyway it worked with \ip number –

I will also try messing arround with the WINS server.

Thanx alot for all the help -

/DaK

OK, the plugin started working when I added OpenVPN from package.

Thanks GruensFroeschli ! I will see what I can do.

So you only want to access services FROM the roadwarriors withing your existing network and not TO your roadwarriors.

I Think you can just enable advanced outbound NAT and NAT from the roadwarrior-subnet to your existing network.
For servers in your existing network it would seem as if the connections come from the IP of the pfSense-machine:
http://forum.pfsense.org/index.php/topic,7001.0.html