OpenVPN does not work on bridged PFsense router
-
I am using Tunnelblick to connect.
How is it able to connect on a mobile network though if it's indeed a problem with the certificate?
Also, which client info are you referring to?
-
@george1116 What is your goal? RDM? Access a NAS?
-
@JonathanLee Purely RDM, I want to be able to manage my network from other locations.
-
@george1116 You have different export wizards in OpenVPN for different machines. Also if you open that file in a text editor you may see udp4 if you have a ipv6 hotspot it will need that disabled change it to udp only.
Export and try this also change to just udp, I had an issue that was not letting my use my iphone yesterday when it was set to udp4 because the iphone could not understand that it just wanted it set to udp
remote f.q.d.n (your ip address will show here) 1194 udp
not
remote f.q.d.n (your ip address here) 1194 udp4 -
@george1116 That is good it works already so we know it's mostly some setting in the client export profile file.
Are you using pfsense for OpenVPN? if not you need to set it to forward the traffic to the device that has the vpn software set up on.
If you only use VPN software on the mac pfsense needs to reroute that port to that machine
You might need to NAT port foward port 1194 to that machine if that is where your VPN software is located.
Here is an example I use port forward for my AP for syslogs to pfsense so ap 192.168.1.2:514 ----> 192.168.1.1:5140
-
@george1116 is OpenVPN used in pfSense or just VPN software on the mac is uses and pfSense does not have VPN software installed on it?
-
yes, I am using pfsense for OpenVPN. By default, it accepts all UDP connections on the WAN port.
Also, this is what part of my config file looks like, it is already setup like yours.
-
@george1116 change it to just udp and save it import it and try again
-
Please help me understand, what am I changing to UDP only. it's already set to only use UDP, so I am a little confused right now.
-
@george1116 it says udp4 that is upd ipv4 some systems cannot understand it like my iphone it just wants it to say udp.
-
Modified and it didn't work either
still failing at
2024-01-03 09:53:25.497694 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2024-01-03 09:53:25.497766 TLS Error: TLS handshake failed -
@george1116
What shows the server log? -
@george1116 dang
-
@george1116 Hold on ...
@george1116 said in OpenVPN does not work on bridged PFsense router:
I then installed openVPN on my pfsense router, but when I am connected directly to my home router (the bridged router) openVPN is not able to connect, however, when I connect via tethering to my mobile device hotstpo OpenVPN connects successfully.
Are you attempting to connect while you are on the private network that has pfSense??
That won't work if that is what you are doing, this is for when you are not home and want to access your NAS or home network.
Are you connected to your hotspot on your laptop? And this works?
After you test connected to your LAN and VPN to your device correct and this is when it fails?
If this is the case, you need a rule for your LAN to route that traffic you want for your VPN too, right now it is set up for WAN VPN access..
Example: ( I am working on a Java program at home it's huge I debug it at work and or school and I want to work on the same file so I have it saved on my NAS, I access my VPN and work on that same file remotely on the NAS)
-
@viragomann Same error from the server
-
@george1116
The client tries to connect via IPv6.
Is this, what you intend? -
No not at all, I just wanted to paint a picture of my setup.
I am attempting to connect while on my home router wifi, the LAN port from that modem-router is bridged and I have pfsense connected to the LAN port.
-
@george1116 it's an IPV6 issue see it in the logs....Do you have that enabled in pfsense?
Change it to upd6 see if that works it was set to udp4 but upd should have set it to auto
-
@viragomann We changed the remote mode to udp so it makes sense that it's trying to connect with ipv6 and ipv4.
-
@george1116
The protocol has nothing to do with the IP version.
Is the server even configured for IPv6?Just try to connect to the IPv4 to see if it makes a difference.
