OpenVPN Not Connecting - Unable To Contact Daemon
-
@panzerscope said in OpenVPN Not Connecting - Unable To Contact Daemon:
So to make sure I am setting this up, as I have not setup "Internal" group for my interfaces, can I just set the Source address to "LAN Address"
"LAN subnets"!
However, this is the source, not the interface. Since you only have one interface, there no need for an interface group.You have to select "networks" for the type in the alias.
-
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope said in OpenVPN Not Connecting - Unable To Contact Daemon:
So to make sure I am setting this up, as I have not setup "Internal" group for my interfaces, can I just set the Source address to "LAN Address"
"LAN subnets"!
However, this is the source, not the interface. Since you only have one interface, there no need for an interface group.You have to select "networks" for the type in the alias.
Awesome thanks.
I have created the RFC1918 Alias, my Port Forward rule for DNS now looks like :
Checking that is correct before I move ahead with NTP and then the rules for VPN.
I also ensured that the localhost is added to the listening interface for DNS:
-
@panzerscope said in OpenVPN Not Connecting - Unable To Contact Daemon:
Checking that is correct before I move ahead with NTP and then the rules for VPN.
Yes, looks well.
But you will need an additional rule for the VPN devices, as mentioned above.I also ensured that the localhost is added to the listening interface for DNS:
Again, this setting is for pfSense only.
If you want to forward client requests to Cloudflare go to the DNS Resolver settings and check "DNS Query Forwarding".
If you do this with DoT also check the SSL/TLS option below:
-
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope said in OpenVPN Not Connecting - Unable To Contact Daemon:
Checking that is correct before I move ahead with NTP and then the rules for VPN.
Yes, looks well.
But you will need an additional rule for the VPN devices, as mentioned above.I also ensured that the localhost is added to the listening interface for DNS:
Again, this setting is for pfSense only.
If you want to forward client requests to Cloudflare go to the DNS Resolver settings and check "DNS Query Forwarding".
If you do this with DoT also check the SSL/TLS option below:Many thanks for all your help.
So my rules are now as below:
"Valak Server Apps" is the device I am wanting over the VPN as that contains my Plex server.
I would have chosen the PureVPN's DNS servers but they are being a pain about it at the moment, will switch that later.
-
@panzerscope
Exactly this way.I would have chosen the PureVPN's DNS servers but they are being a pain about it at the moment, will switch that later.
Ensure that DNS works on the concerned device.
-
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope
Exactly this way.I would have chosen the PureVPN's DNS servers but they are being a pain about it at the moment, will switch that later.
Ensure that DNS works on the concerned device.
Thanks.
I have checked, I can ping 1.1.1.1 from my VPN connected device (Valak Server Apps). I just wandered over to the Firewall>Rules>LAN Tab and noted the following DNS entry
I assume this is normal? I am fairly sure that has been there since day one, but cannot be confident.
I can also see the rules I just setup on Port forwarding are showing in the same area as well. I assume I do not need to set a specific Gateway for the rules ?
Thanks again.
-
@panzerscope
The first one might be manually added.
The red framed are from the NAT rules.
With your recent rule set they will never be applied, since the are other matching rule above of them.
You can also disable the filter rule association for these rules.
-
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope
The first one might be manually added.
The red framed are from the NAT rules.
With your recent rule set they will never be applied, since the are other matching rule above of them.
You can also disable the filter rule association for these rules.
Many thanks.
Where would I find the "Filter Rule Association" setting ?
-
@panzerscope
In the NAT rule.
If you have this selected pfSense adds a filter rule.
If you select "pass" it lets the traffic pass without a filter rule. -
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope
In the NAT rule.
If you have this selected pfSense adds a filter rule.
If you select "pass" it lets the traffic pass without a filter rule.Thanks.
I may be oversimplifying my next question, but isn't it easer to just set the Filter to "Pass" ?
-
@panzerscope
This depends on your needs. If you let pfSense create a rule you can verify it in your rule set.
If you let it create an "unassociated" rule you can also edit it. For instance, turn it into a policy-routing. -
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope
This depends on your needs. If you let pfSense create a rule you can verify it in your rule set.
If you let it create an "unassociated" rule you can also edit it. For instance, turn it into a policy-routing.Ok thanks, will leave it as it is.
I note that since changing these rules with respect to DNS that my pfBlockerNG is seemingly no longer blocking ads. I have loaded up a few websites now and ads are now displaying. Worth noting that I have killed the VPN connection to make sure it was nothing to do with that.
As we have used the RF1918 in recent DNS rules I am wondering if it is causing issues, I ask as when I go to pfBlockerNG configuration, that the IP and DNSBL use these private addresses for it to operate (as per below screenshots) and wondered if I have inadvertently done something.
Any thoughts ?
-
@panzerscope
This might be due to DNSBL. Is the service even running? If not, try to restart it. -
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope
This might be due to DNSBL. Is the service even running? If not, try to restart it.I restarted it a couple of times and now seems to be resolved.
I am still having a curios issue with the VPN.
I have deleted all my prior VPN related rules to start fresh. What is really odd is if my VPN is connected ALL my devices are being routed through the VPN, despite my LAN rules as shown below should be sending all my traffic through my WAN as there are no VPN related rules in existence and the standard rule for all LAN Subnets being sent through the default gateway (AKA my WAN)
I noted that I could stop this behaviour by going into the VPN client and checking the following option.
Now, with the VPN connected, my clients now use the WAN and not the VPN. However this is no help as I do not want to use a -Rout Up script, and obviously with this setting enabled if I try to use my LAN rules to direct devices out to the VPN, it is not working.
**Sigh, I really do not know why this is such a pain.
-
@panzerscope
You don't have any policy routing rule for the VPN at the moment.
We talked about this all above and you had the rules before. So recreate them again. -
@viragomann said in OpenVPN Not Connecting - Unable To Contact Daemon:
@panzerscope
You don't have any policy routing rule for the VPN at the moment.
We talked about this all above and you had the rules before. So recreate them again.Already done that with a few different rule types, makes no difference .
Plus what I am saying is without a VPN rule, all my LAN devices should NOT be going over VPN, but they do lol.
-
Good news is that it is not sorted and I have the devices split over the VPN and WAN as needed.
Only issue I am having ensuring that the VPN us using the VPN DNS servers. I have the VPN client set to "Pull DNS", however when doing the leak test, it is showing that Cloudflare DNS is being used, which is not too surprising as I use Cloudflare (1.1.1.1) as my remote DNS server.
That being said, earlier in this topic, we created a rule to redirect my VPN clients to 1.1.1.1 as shown below.
So I altered this to the DNS of the VPN provider (5.254.106.2), unfortunately after doing that I cannot get websites to resolve for clients on the VPN. I have confirmed I can ping the VPN DNS servers (When connected/disconnected from VPN), so all is well on that end.
While possibly completely unrelated, I went into the DNS settings and input the DNS servers for the VPN and allocated the VPN DNS entries to use the VPN Gateway as per the below screenshot.
Any suggestions ?