Hi, thanks for reading this I've been able to establish an open vpn tunnel between a pfsense 10.2-rc1 machine at work and my linux box at home (which uses an ADSL modem/bridge and has a static IP).
10.0.0.0/24--lan--PFSENSE ~~~~~~~ LINUX--lan--192.168.0.0/24 the openvpn server settings on pfsense are to have a On pfsense I see this interface: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet6 fe80::21b:21ff:fe01:245a%tun0 prefixlen 64 scopeid 0x16 inet 10.50.102.1 --> 10.50.102.2 netmask 0xffffffff Opened by PID 11694 and this route: 192.168.29 10.50.102.2 UGS 0 6 tun0 but when I try and ping the local tunnel I get an error... # ping 10.50.102.1 PING 10.50.102.1 (10.50.102.1): 56 data bytes ping: sendto: No buffer space available --------- On linux box I see this: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.50.102.2 P-t-P:10.50.102.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:38 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:3192 (3.1 Kb) and I see this route in my table: 10.0.0.0 10.50.102.1 255.255.255.0 UG 0 0 0 tun0 --------- If I run "tcpdump -i tun0" at each end and ping the other, I can see the icmp packets leave but nothing coming back; I have made sure my linux box. If on my linux box I ping a node at work LAN I see the ping going into tun0, no reply, and likewise if on the pfsense box I ping the LAN address on my machine at home it too goes down the tunnel. My questions are this. 1/ how can I find out why the tunnel isn't passing traffic 2/ how do I define firewalling rules on the pfsense box to determine what the openvpn clients can access? Although I can add a rule and specify the interface as WAN,LAN,PPTP,PPOE,IPSEC or my sync and DMZ interfaces, there doesn't appear to be an option for openvpn clients; if I do create a rule for ipsec it "disappears", as there's no tab for that "interface". thanks very much Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]