he has info on how to setup a vpn with the windows xp client now he wants to replace windows xp with pfsense if i read him corect pfsense can't make a conection to a ptpp vpn server it can be one it self but can't connect to a other one

Make your pool something like 10.8.0.0/24 don't use a 1 at the end like in your previous post. You want a 0

the usermanager of the captiv portal is storing it usernames and ww in the config.xml file

Thanks - I'll see how I get on with that.

Guess not. :( I went awol there for a while, so I know for fact that I'm not. :P

You are probably wanting something like http://sourceforge.net/projects/sslexplorer/

I solved it by making a NAT-rule from OPT2 interface to the same with another port, and all packages goes back the same way. Ugly hack but it works. Couldnt get the policybased routing to work with Openvpn, works great with everything else.

Anyone know anything about doing this with the embedded version?  I'm gonna give this a try because I would like another point of security before going production with my openvpn setup.

I have same problems only I apply firewall filter to stop blocking tun1

Very many thanks, Daniel. I think EVERYTHING you've said is right "on-the-button" - including your speculation that the NetBios packets don't get through. The IP-address is acceptable for these tests. In the proposed "live" site, WINS, etc, is running, so the overall setup should be a little nicer. Thank you again,   - Mike

@daniell: Hi, you can push your WINS-Servers IP to the Roadwarrior using the DHCP-Options. These Options can be configured in the pfsense GUI /VPN/OpenVPN/OpenVPN: Server (Edit your OpenVPN-Server config)/custom options. We use: push "dhcp-option DNS xxx.xxx.xxx.xxx"; push "dhcp-option WINS xxx.xxx.xxx.xxx"; The first option is for pushing the DNS-Servers IP, the second Option is for pushing the WINS-Servers IP to the client. Exchange xxx.xxx.xxx.xxx with the IP-Address of your DNS- or WINS-Server. You may push other DHCP-Options as well. Seperate the options with ; Hopefully this will improve network browsing for you. Regards, Daniel Hi, Thanks for that.  I put in the various settings and was able to pick up the WINS server through my OpenVPN connection. (see below), but for some reason, the neighborhood of computers still does not appear (only the client machine).  I'm a bit puzzled by this.  Would the fact that OpenVPN requires that you assign a separate subnet to your LAN be part of the problem?  As far as I know, this should work unless I need a rule for some sort of broadcast stuff… Anyhow, it's not a big deal because I can still access network shares through OpenVPN.  I just need to know the name of the computer that I want. Ethernet adapter OpenVPN: Connection-specific DNS Suffix  . :         Description . . . . . . . . . . . : TAP-Win32 Adapter V8         Physical Address. . . . . . . . . : 00-FF-3B-2B-69-CB         Dhcp Enabled. . . . . . . . . . . : Yes         Autoconfiguration Enabled . . . . : Yes         IP Address. . . . . . . . . . . . : 192.168.16.6         Subnet Mask . . . . . . . . . . . : 255.255.255.252         Default Gateway . . . . . . . . . :         DHCP Server . . . . . . . . . . . : 192.168.16.5         DNS Servers . . . . . . . . . . . : 192.168.67.1         Primary WINS Server . . . . . . . : 192.168.67.5         Lease Obtained. . . . . . . . . . : 19 February 2007 20:14:23         Lease Expires . . . . . . . . . . : 19 February 2008 20:14:23

I tried it out with the box hosting the VPNs for us and it works great for just checking to see if the box is up and rebooting if not.  We just tested it running it and unplugging the WAN.  On the WRAP I tried this on though, the /var/db/hosts file was cleared on reboot.  I made something in /usr/local/etc/rc.d recreate it though. The only problem is that I guess I have the syntax right.  For just checking up and down, it works fine though. Here's the error I get: PROCESSING 192.168.75.7|4.2.2.2|10|/tmp/shutdown.sh|/tmp/up.sh|999|999 Processing 4.2.2.2 PING 4.2.2.2 (4.2.2.2) from 192.168.75.7: 56 data bytes 64 bytes from 4.2.2.2: icmp_seq=0 ttl=247 time=16.167 ms 64 bytes from 4.2.2.2: icmp_seq=1 ttl=247 time=15.761 ms 64 bytes from 4.2.2.2: icmp_seq=2 ttl=247 time=16.309 ms 64 bytes from 4.2.2.2: icmp_seq=3 ttl=247 time=18.847 ms 64 bytes from 4.2.2.2: icmp_seq=4 ttl=247 time=25.969 ms 64 bytes from 4.2.2.2: icmp_seq=5 ttl=247 time=26.756 ms 64 bytes from 4.2.2.2: icmp_seq=6 ttl=247 time=14.858 ms 64 bytes from 4.2.2.2: icmp_seq=7 ttl=247 time=23.865 ms 64 bytes from 4.2.2.2: icmp_seq=8 ttl=247 time=14.006 ms 64 bytes from 4.2.2.2: icmp_seq=9 ttl=247 time=14.264 ms –- 4.2.2.2 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 14.006/18.680/26.756/4.708 ms Checking ping time 4.2.2.2 Ping returned 0 [: 18.664: bad number Checking wan ping time nan [: nan: bad number but yeah, that script is hella useful for OpenVPN tunnels.  Maybe it'll fix the tunnel dying problem we're having

@nexusone: I did search but didnt see any clear answers on why this problem exists. With that said, what is the simplest and most preferred alternative to PPTP that will support multiple users? OpenVPN works good.

@talong99: Where could I manually add such rules so that they would be loaded the same time as the rules specified in the UI? There are no facilities for this.

Thanks. I got it to work when I rebooted pfSense. Not sure why that needs to happen.

Hi, tnx for the quick answer, i've just tried to set openvpn with the remote subnet as you say, but the problem remain. Still no routing… probably i'm missing some settings on the openvpn server to route traffic of the openvpn tunnel through the ipsec tunnel. I'll investigate a little more  (or could give a try to pptp  :-\ ) Yes, I know that with the actual config only local office (192.168.200.0/24) can access through every other subnet, but for now is what we want. Do you think this could be a problem for the mobile user? tnx for your help PS: does anyone know if it's possible do configure openvpn client with username/password?

I think OpenVPN can accomodate your needs. pfSense provides a wonderful implementation of OpenVPN. There are still some kinks to be ironed out, namely the firewall rules for the OpenVPN interface, but they will get it working. Regardless, it works anyway with some manual steps. I recommend that you go to www.openvpn.net and read-up on OpenVPN before jumping into it. It is a very powerful and versatile package and along with that comes a bit of a learning curve.