Thats the way openVPN in routing PKI mode behaves.
rtm on http://openVPN.net

Wake on lan won't work for routed subnets. You have to be in the same layer2 subnet. Version 1.3 will have a user manager where you can add webgui users with specific rights (for example only access to the wake on lan page). This way you could allow your users to wake up the machines from the webgui.

Just had a weird thought but maybe it will work:

enable the captive portal at an interface that you don't use (could be even a vlan). generate and upload a php page that has the remote machines listed and that uses the php script to wake up the clients (just copied a link from a client that I created in my webgui): services_wol.php?mac=01:23:45:67:89:00&if=lan

"mac" is obviously the macadress of the client and "if" the interface name that the client sits behind. You also could try to just embedd the code of services_wol.php in your page.

users can access the page by going to http://<captive-portal-interface-ip>:8000. You can make that easier by adding some nice dns name like "http://caffeine:8000"  ;)

For this to work make sure that you route the traffic to the captive portal IP through the tunnel as well.

Btw, if you get this working please provide the code of the php page that you use for your captive portal  :)</captive-portal-interface-ip>

We'll see that feature sooner or later and I would guess it will be sooner than later  ;)

I see that you have in your current config tls-auth:
If you really "need" that you need to add the tls-file manually.
I think there is somewhere a thread around from someone that did that.
Not sure if/how that worked.
(could you leave it away?)

EDIT: found it Smiley
Enable TLS Auth support: http://forum.pfsense.org/index.php/topic,2747.0.html
How do I make my ta.key permanent? http://forum.pfsense.org/index.php/topic,7956.0.html

Thanks for all your help. I got all the tls stuff under wraps, I've already had a read about all that.

Very cool  ;D

You could send it in to be linked :)

@http://blog.pfsense.org/?p=183:

First a user from the forum who has replaced his Cisco PIX firewall with pfSense. This is far from the first person who has replaced a PIX with pfSense, we know of numerous others ranging from the small office PIX 501 to the enterprise class PIX 535. In most networks, pfSense can do everything the PIX can, and at a significantly lower cost even with commercial support.

Another person with a blog entry with a nice multi-WAN howto.

Write up something about pfSense on your site you would like to share? mailto:coreteam@pfsense.org a link to us, we’d be glad to link it here.

Study the man pages of the OpenVPN documentation.

Take a look at the possible flags of the redirect command.

The conflict is that you DIDN'T set the virtual interface IP to a 10.10.10.0/24 IP but to a 192.168.9.0/24 IP
–>"Interface IP" field on the client

read the stickies or one of the many threads regarding this problem ;)
http://forum.pfsense.org/index.php/topic,7001.0.html (the red part below)

I again searched the threads and found a lot of stuff, I did not have seen before. So, finally I could manage to route all the traffic through the firewall.

i got it going thanks to GruensFroeschli's tip - you just need to follow the steps like this:
1,2,5,3,4,6,7

instead of the assumed:
1,2,3,4,5,6,7

Do you push the route to the remote location of the site-to-site connection to the RoadWarriors?

(The man pages to OpenVPN: http://openvpn.net/index.php/documentation/manuals/openvpn-20x-manpage.html )

Yes it can.
Take a look at the stickies as there are how-to's on site-to-site and roadwarrior-setups.

In your case you can have multiple site-to-site connections (Shared Key Infrastructure)(multiple instances on the server),
or you have a single server and all clients connect to this one (Public Key Infrastructure).

In the second case you can/need add client-specific commands that automatically add/pushes the right routes.

Please open a ticket at cvstrac.pfsense.org

http://openvpn.net/index.php/documentation/howto.html

Copy the files to a safe place. You could copy them carefully into something like KeePass from http://keepass.info where the keys can be stored encrypted.

Update!

I managed to get it all working as I wanted, but ended up cheating in the end…

I added routes to 0.0.0.0/1 and 128.0.0.0/1 via the OpenVPN Tunnel!

One of these days, when I have some time, I'll try get it working the correct way!

GruensFroeschli, thanks very much for all the assistance. I would still have been stuck without your help!

i was playing with that push option, true no need fot that one (ifconfig-push)
i will try to set it with shared key, thx

Could you post the log-output when the tunnel comes up?
Also the config-files on the server and the client would help.