Someone was working on a status page.  Search the forum.

the site 2 site is very simple to set up (with the pdf document)…. but is it also possible to connect 3 pfsense client machines to one openvpnserver-pfsensemachine and routed the networks behind the 3 pfsense machines......(i don't want to open to much external (firewall) ports PC1                                              PC2       |                                                | NETWORK1                                NETWORK2                                NETWORK3       |                                                |                                          | OPENVPNCLIENT1                    OPENVPNCLIENT2                        OPENVPNCLIENT3       |                                                |                                          | PFSENSE1                                  PFSENSE2                                  PFSENSE3       |                                                |                                          |     ---------------------------------------------------------------------                                                       |                                                                                    OPENVPNSERVER                                                 PFSENSE4                                                       |                                                       PC3 So that PC2 can ping PC1 and PC3 and PC3 can ping PC2 and PC1 and PC1 can ping PC2 and PC3

@Numbski: billm, I hope you're wrong about this.  Here's why: I have a client that needed some serious entropy available to an application.  We purchased a hifn card to supplement /dev/random.  FreeBSD does not create /dev/hwrandom, and from all appearances, speed of the customer's application went waaay up, and the deployment passed some certification process that I was not involved in.  So….hmm. Interesting stuff.  Perhaps I should dig into this further?  BTW, another option if I recall correctly would be to insert a sound card, get the driver working, get the block device for the mic-in, then take and have that constantly dumping to /dev/random too. (don't hold me to that, never personally tried it!) You're probably correct. –Bill

Maybe a link in the tutorial to http://www.openvpn.se/mycert/ would be nice too.

Ok… Thanks... thought so... then I'll test a little more  :P

cheers, i will add all solutions & fallbacks to the tutorial so we can prevent further problems like these. will be online next week. kind regards dairaen

ok scratch that. its fixed

ifconfig tunX destroy

Maybe you could add a "Beware of your gateway" line in the section where you're supposed to test your new VPN tunnel? done ;)

Your not going to like to hear this but I went with IPSEC vpn's instead.  The interface is much more reliable and pfsense's implementation will allow you to configure the server as a remote client portal.  All the pfsense clients connect as if they were a site to site and it takes care of all routes beautifully.  It doesnt matter if they are dynamic or static ip's with this conifig also.  I will keep checking with OVPN and hopefully they will have all the kinks worked out soon.

After the openvpn tunnel comes up, openvpn launches our script that reloads the filter rules, then it notices tun0 and sets everything up.

Update to the latest 1.0-RCe… Upload a, b,c,d,e. We changed how OpenVPN is launched now.

Thanks, now its works

Neither on IPSEC in 1.0 if that is the next question.

Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!

I am having the same issue and have recently upgraded to R3 with no help.  I also tried downloading the latest snapshot but the images arent available from the link.  Any ideas?

Yeah, that only works when bridging, and well, you can see the novella being created by my efforts to get that working. :P

Ah didn't figure that out - must be missing the "both" keyword in the "ports" keyword description. Thanks for pointing out. Yeah, right, the tunnel is supposed to be established between the two devices on the same port on both ends, as that makes maintaining the firewall ports easier and more transparent.

That howto needs some additional work. Seems there are some things not completely correct. You won't open up your network to the whole internet, only to authenticated clients that then have an encrypted connection to your site.