If I'm understanding what you want….

On your WLAN... only create a rule to allow the OVPN connection.
Then you'll push DNS,WINS, and GATEWAY via OVPN
also add a push route to your LAN, if you want a connection there.

I haven't used openvpn yet but I have several locations running ipsectunnels. Biggest network consists of 12 locations that are all connected to each other through the mainoffice (only location that has a static IP) which acts as vpn concentrator. This setup is only using pfSense's everywhere.

I also have another setup where a pfSense CARP cluster has VPN connections to a cisco pix, another pfSense and a sonicwall. Everything works smooth :-) For some examples how to configure the non pfSense systems see http://doc.m0n0.ch/handbook-single/#Example.VPN .

Before you start to set this up you need to do some subnetcalculations. If you use IPSEC for that and need the remote locations to talk to each other through the central location you need to use some bigger subnetmasks at the central unit.

Someone was working on a status page.  Search the forum.

the site 2 site is very simple to set up (with the pdf document)…. but is it also possible to connect 3 pfsense client machines to one openvpnserver-pfsensemachine and routed the networks behind the 3 pfsense machines......(i don't want to open to much external (firewall) ports

PC1                                              PC2
      |                                                |
NETWORK1                                NETWORK2                                NETWORK3
      |                                                |                                          |
OPENVPNCLIENT1                    OPENVPNCLIENT2                        OPENVPNCLIENT3
      |                                                |                                          |
PFSENSE1                                  PFSENSE2                                  PFSENSE3
      |                                                |                                          |
    ---------------------------------------------------------------------
                                                      |                                       
                                            OPENVPNSERVER
                                                PFSENSE4
                                                      |
                                                      PC3

So that PC2 can ping PC1 and PC3 and PC3 can ping PC2 and PC1 and PC1 can ping PC2 and PC3

@Numbski:

billm, I hope you're wrong about this.  Here's why:

I have a client that needed some serious entropy available to an application.  We purchased a hifn card to supplement /dev/random.  FreeBSD does not create /dev/hwrandom, and from all appearances, speed of the customer's application went waaay up, and the deployment passed some certification process that I was not involved in.  So….hmm.

Interesting stuff.  Perhaps I should dig into this further?  BTW, another option if I recall correctly would be to insert a sound card, get the driver working, get the block device for the mic-in, then take and have that constantly dumping to /dev/random too. (don't hold me to that, never personally tried it!)

You're probably correct.

–Bill

Maybe a link in the tutorial to http://www.openvpn.se/mycert/ would be nice too.

Ok…
Thanks... thought so...

then I'll test a little more  :P

cheers,

i will add all solutions & fallbacks to the tutorial
so we can prevent further problems like these.

will be online next week.

kind regards
dairaen

ok scratch that. its fixed

ifconfig tunX destroy

Maybe you could add a "Beware of your gateway" line in the section where you're supposed to test your new VPN tunnel?

done ;)

Your not going to like to hear this but I went with IPSEC vpn's instead.  The interface is much more reliable and pfsense's implementation will allow you to configure the server as a remote client portal.  All the pfsense clients connect as if they were a site to site and it takes care of all routes beautifully.  It doesnt matter if they are dynamic or static ip's with this conifig also.  I will keep checking with OVPN and hopefully they will have all the kinks worked out soon.

After the openvpn tunnel comes up, openvpn launches our script that reloads the filter rules, then it notices tun0 and sets everything up.

Update to the latest 1.0-RCe… Upload a, b,c,d,e.

We changed how OpenVPN is launched now.

Thanks, now its works

Neither on IPSEC in 1.0 if that is the next question.

Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!

I am having the same issue and have recently upgraded to R3 with no help.  I also tried downloading the latest snapshot but the images arent available from the link.  Any ideas?

Yeah, that only works when bridging, and well, you can see the novella being created by my efforts to get that working. :P