We can close this issue. Jimp you are right. The problem why the IP-Address 192.168.11.2 doesn't response my requests was the gateway. I tried antother IP and I could see all things are working. The Push command brings up the solution - THANKS !!!

so…yesterday i uppgraded my firewall to 1.2.3 and now the tun interfaces (OpenVPN interfaces) show up in the GUI. I've adde them as optional interfaces. The thing is when i create rules for these interfaces nothing happens so i guess this is not supported? But...when i look in the firewal logs, i can se the occational packet beeing blocked on the tun0 or tun1 interface? Is there anyone who can bring some light as to why the tun interfaces show up in 1.2.3 and if they can be filtered? I just ran the command "pfctl -sr" on my pfsense box and it seems that the rules i've created for the tun interfaces are there. I'm no master of pf so i will have to spend some time decoding this printout.

I've kind of found a way to do this: 1)  Create a client config called DEFAULT.  This is parsed by OpenVPN when a CN is not matched elsewhere. 2)  Click the "Blocked" option in the config. What I'm not sure of is the downside of doing this… The blocked option specifically says that the option shouldn't be used "due to key or password compromise", which seems to imply that it has weaknesses the a CRL does not. Any thoughts?

Hi Dave, For the multiple client connections that you were trying to create, did each client have a different key and cert, or were they using the same client certificate pair to connect to the server?

Great!  I'll be sure to add that fact next time I update the howto.

The WebGUI works fine for configuring OpenVPN.  If you want to create the keys on the pfSense host then there are stickies that you've already been directed to: http://forum.pfsense.org/index.php/topic,4807.0.html http://forum.pfsense.org/index.php/topic,2057.0.html Otherwise, as GruensFroeschli said, if you don't say what you're trying to do it's impossible to help you - crystal balls are still on back order.

I'm not sure what you're trying to do (your choice of white font for the network diagram doesn't help ;) ).  Why don't you just configure the LAN hosts to use the DMZ IP address to access the server?  I can't see why you're using OpenVPN when the network between the hosts appears to be trusted.

Look at the log: status –> system log --> openvpn alternative you can enable the managment interface of the openVPN isntance: http://forum.pfsense.org/index.php/topic,5282.msg31843.html#msg31843

you coudl go ahead and install in. pfsense runs on freeBSD which is a *nix environment. I havn't look at the requirements however this shoudn't be too hard to implement yourself :) It will probably break the pfsense GUI openvpn configs though

I've tried both - still the same thanks

have you set up NetBIOS properly in your pfsense openvpn settings? These should be set to your domain controller

Anyone?

I think these routes are the problem: 192.168.1.1 192.168.1.2 UH 1 0 1500 tun0 192.168.2.0/24 192.168.1.1 UGS 0 190 1500 tun0 First, the gateway for 192.168.2.0/24 should be the other endpoint of the OpenVPN tunnel, 192.168.254.1. Not sure what the other route is about, but it's weird. I haven't used OpenVPN in pfSense though, so I'm not sure what you'd need to change to fix this.

@Cry: To confirm: When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142? When outside your network you can't connect using the public IP (WAN) address? If that is so, then your problem is with your gateway's port forwarding/firewall rules. That's correct, the strange thing is that some rules do work. For example if I open port 8080 for a webserver, that does work perfectly. Edit : It looks like it's fixed, I did a firmware upgrade of my gateway and it's working just fine:) Thanks for the help

Finally i got it to work :D I tried changing the DNS address to what you suggested but that didn't work. So i added a custom entry to Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)) and that got it to work.

No one that has any idea to what bravo83 and I are doing wrong?

What you're say is only possible if you missconfigured or missmanipulated someting. Please refer to the openVPN documentation on http://openVPN.net on how to set up a CA correctly and build the files.