the WebIF for the OpenVPN client lacks support for "tls-auth $TAKEY 0|1" - you only have the possibility to choose the TLS Authentication key but not the direction. I manually added the '1' in the /var/etc/openvpn/client1.conf so that it looks like
tls-auth /var/etc/openvpn/client1.tls-auth 1
Now everything works as expected. Okay, this option can be added to the advanced configuration section - but a button looks nicer und you have to take a look on the console first about what client definition is used… ;)
Okay, now another one:
After creating my OpenVPN client definition and bringing up the tunnel successfully I have some routing issues and don't know where to look first. I've created a MultiWAN setup on my box with two WAN connections, running in failover mode. Out VPN server pushes lots of routes to the client - I can see all of them on the console with "netstat -nr" - but they are only used on the pfSense machine itself? Coming from the LAN subnet none of my packets are routed through the VPN tunnel? tcpdump shows me the traffic going to the WAN interface (sis0 on my Soekris) and not to my ovpnc1 interface? Any help here would be nice. Thanks in advance.