@naughtyusmaximus:

Does anyone know if a 500MHz AMD Geode (LX800) will have enough processing power to handle being an OpenVPN client for three-five people?  I have a satellite office that I want to send an enclosed unit to, but don't want to buy it, configure it, ship it off, only to find out that it doesn't have enough processing power to do the job…

I just setup my alix.2c3 (LX800) and I'm able to push about 15Mbit over an OpenVPN tunnel.

Hi,

If you're interested in pinging across the link, I advise you change your rule to allow Protocol -> ANY, instead of TCP/UDP.  Pinging requires ICMP traffic.

Wow, I've been struggling with this for a while and actually saw the persist-remote-ip option in the config but couldn't think how to remove it but still maintain float. Thanks!!!

I'm trying to think though where this combination could be used if you want site-to-site. I presume the diff is that float allows diff machines to connect with diff ips but persist-remote-ip only allows the same machine to connect with it's previous address. So I think it's more suited to multiple remote clients where you wouldn't use the 'remote network' setting.

But perhaps there should be a settting for this then eg. checkbox for dynamic ip and checkbox for site-site with dynamic client.

Regards

Robby

@GruensFroeschli:

http://forum.pfsense.org/index.php/topic,7001.msg39657.html#msg39657

or do you want just "some" addresses and not all?

Thanks but I just want some addresses and not all traffic to vpn tunnel ;)

Hi,

the LAN rule did the trick!

Many thanks.

oh i see… i missed that one.  :-[
thanks for your info.

yes.

http://openvpn.net/howto.html#revoke

On pfsense there is below the fields to set the server key and certificate a field to put your CRL in.
No need to mess around with copying files manually and modify the config files.
Just use the field which is already in the GUI.

Got it.  LZ0 compression is on in the config file supplied with the how-to in the wiki, but i did not have it turn on @ the pfsense.  Removed the LZ0 line from the client config, and everything seems ok.

I want to have a LAN Party with remote locations.  I would like to avoid lag (unless the lag only hits them and I can win easier!)  ;D.  We tried to use the Sony servers and could not get on…I guess they are selling a ton of playstations.

@noitalever:

I have on the client side: (which is the 192.168.250.1 Lan)

Protocol  TCP
Server address :70.xxx.xxx.xxx
Server port :1193
Interface IP  192.168.10.0/24
Remote network  192.168.252.0/24

and on the server side,

Protocol  TCP
Dynamic IP  is checked
Local port  1193
Address pool: 192.168.10.0/24
Use static IPs  not checked
Local network  blanked,
Remote network  192.168.250.0/24

I think that this could help, you should set a rule a for a push route so the client side know what is what on the server side? (email servers Domain controllers?)

push "dhcp-option DNS x.x.x.x";push "dhcp-option WINS x.x.x.x"

that was the old school way now they have a fill in the boxes with your needed servers ip

also shouldn't you fill in the local network in the upperbox?

Ok,

I will give it a try on monday, and check if the routing table changes after I fail WAN1 and my clients reconnect through WAN2.

I'll post my findings here,

Thanks a lot!

Regards,

Diego Bendlin

ooookee…..
Without any information (and you provided next to nothing in your last post) i wont be able to help you.

But as a prelimary nogo: using different subnets on the same tunnel is bad.

I have a problem with: "reading before posting"

I read the Pfsense and OpenVPN for new users tutorial and managed to configure it.

The thing is that i was trying to make road warrior work as site-to-site.

I will keep in mind "search before ask" in the future.

Thanks GruensFroeschli for your time anyway

Hi Gruens,

Thanks for  your inputs. Here is what I'm planning to setup, install Pfsense as firewall in all of the sites and configure the OpenVPN client/server setup. The subnet is a trusted subnet, and the scenario would be e.g., clients on site 1 will able to see/share files on the Head Office subnet and vice versa.

LAN subnet
    |
    |
pfsense HeadOffice
OpenVPN server
    |
    |
pfsense remote site 1
    |
    |
Remote LAN

Regards,

Jan

many thanks :)

Humm, today I gave up and installed IPCOP. OpenVPN works fine on IPCOP and has been solid so far, any ideas on what could be causing this with pfsense?

It is obviously not hardware.

Thanks
Keith