If you dont do anything, the openVPN server will bind to all interfaces to which it can bind.

Can you view the Bindings anywhere?

I'm sorry.
I didnt read right.
kpa describes it a bit better than i did :)

What i mean: in a shared key setup: you have on the server-log something like

openvpn[2560]: /sbin/ifconfig tun0 172.16.40.1 172.16.40.2 mtu 1500 netmask 255.255.255.255 up
and on the client something like
openvpn[2560]: /sbin/ifconfig tun0 172.16.40.2 172.16.40.1 mtu 1500 netmask 255.255.255.255 up

While in a PKI setup the client usually has something like
openvpn[2560]: /sbin/ifconfig tun0 172.16.40.6 172.16.40.5 mtu 1500 netmask 255.255.255.255 up

Yes, making the client use the company dns through the tunnel should usually be enough.

Yes, I saw this today.

I edited the configuration today and made a mistake.
I moved it to the previous configuration but I still had the same problem.

I redid the vpnconfig from source, I reconfigured the Rule and I found a bug in my config (one device used a gateway who wasn't anymore in use).

I managed to get it working. So it was a silly mistake of me.

Thank you anyway for the help.

Thats the way openVPN in routing PKI mode behaves.
rtm on http://openVPN.net

Wake on lan won't work for routed subnets. You have to be in the same layer2 subnet. Version 1.3 will have a user manager where you can add webgui users with specific rights (for example only access to the wake on lan page). This way you could allow your users to wake up the machines from the webgui.

Just had a weird thought but maybe it will work:

enable the captive portal at an interface that you don't use (could be even a vlan). generate and upload a php page that has the remote machines listed and that uses the php script to wake up the clients (just copied a link from a client that I created in my webgui): services_wol.php?mac=01:23:45:67:89:00&if=lan

"mac" is obviously the macadress of the client and "if" the interface name that the client sits behind. You also could try to just embedd the code of services_wol.php in your page.

users can access the page by going to http://<captive-portal-interface-ip>:8000. You can make that easier by adding some nice dns name like "http://caffeine:8000"  ;)

For this to work make sure that you route the traffic to the captive portal IP through the tunnel as well.

Btw, if you get this working please provide the code of the php page that you use for your captive portal  :)</captive-portal-interface-ip>

We'll see that feature sooner or later and I would guess it will be sooner than later  ;)

I see that you have in your current config tls-auth:
If you really "need" that you need to add the tls-file manually.
I think there is somewhere a thread around from someone that did that.
Not sure if/how that worked.
(could you leave it away?)

EDIT: found it Smiley
Enable TLS Auth support: http://forum.pfsense.org/index.php/topic,2747.0.html
How do I make my ta.key permanent? http://forum.pfsense.org/index.php/topic,7956.0.html

Thanks for all your help. I got all the tls stuff under wraps, I've already had a read about all that.

Very cool  ;D

You could send it in to be linked :)

@http://blog.pfsense.org/?p=183:

First a user from the forum who has replaced his Cisco PIX firewall with pfSense. This is far from the first person who has replaced a PIX with pfSense, we know of numerous others ranging from the small office PIX 501 to the enterprise class PIX 535. In most networks, pfSense can do everything the PIX can, and at a significantly lower cost even with commercial support.

Another person with a blog entry with a nice multi-WAN howto.

Write up something about pfSense on your site you would like to share? mailto:coreteam@pfsense.org a link to us, we’d be glad to link it here.

Study the man pages of the OpenVPN documentation.

Take a look at the possible flags of the redirect command.

The conflict is that you DIDN'T set the virtual interface IP to a 10.10.10.0/24 IP but to a 192.168.9.0/24 IP
–>"Interface IP" field on the client

read the stickies or one of the many threads regarding this problem ;)
http://forum.pfsense.org/index.php/topic,7001.0.html (the red part below)

I again searched the threads and found a lot of stuff, I did not have seen before. So, finally I could manage to route all the traffic through the firewall.

i got it going thanks to GruensFroeschli's tip - you just need to follow the steps like this:
1,2,5,3,4,6,7

instead of the assumed:
1,2,3,4,5,6,7

Do you push the route to the remote location of the site-to-site connection to the RoadWarriors?

(The man pages to OpenVPN: http://openvpn.net/index.php/documentation/manuals/openvpn-20x-manpage.html )

Yes it can.
Take a look at the stickies as there are how-to's on site-to-site and roadwarrior-setups.

In your case you can have multiple site-to-site connections (Shared Key Infrastructure)(multiple instances on the server),
or you have a single server and all clients connect to this one (Public Key Infrastructure).

In the second case you can/need add client-specific commands that automatically add/pushes the right routes.

Please open a ticket at cvstrac.pfsense.org