openvpn client not connecting
-
Dear sharp brains,
I have configured open vpn in my pfsense with noip ddns and trying to connect the open vpn client from another geo location and its not connecting. Attached the log from open vpn client.
My setup is as like this:=>
FTTH Router>Pfsense>LANPlease anyone help.
If anymore details needed, I am more than happy to give. Please ask.Openvpn CLIENT error.txt
OpenVPN Log from PFSENSE.txt
-
@Cleetus-Antony said in openvpn client not connecting:
My setup is as like this:=>
FTTH Router>Pfsense>LANSo you there is a router in front of pfSense and the WAN is in a private network?
Did you forward Port 1194 UDP (probably) on the router?
-
@viragomann
There is FTTH router before pfsense. Getting internet on PPOE method ie; WAN is in private network.I didnt do any configuration in FTTH router for openvpn (for Port 1194 UDP)
-
@Cleetus-Antony said in openvpn client not connecting:
Getting internet on PPOE method
The FTTH router or pfSense?
If pfSense use PPPoE and it gets a private address, this would mean, you're in an CG-NAT and there will be no way to run a server on your site. You would not get any incoming traffic. -
@viragomann
Sorry sir. I told FTTH router is getting internet from the ISP via ppoe. WAN of pfsense is connected to the LAN of FTTH router. -
@Cleetus-Antony
So you have to forward the OpenVPN traffic to pfSense on the router. -
You showed :
which means : traffic with destination port 1194 using UDP reached the pfSense WAN interface.
So the OpenVPN, listening on this WAN interface (using port 1194) is waiting for you.I guess you should have a look at your "FTTH Router", and add a NAT rule that accepts traffic, port 1194 UDP to the FTTH based LAN device, the WAN IP of pfSense.
Then the packet counters (shwon yellow) will start to count, as your OpenVPN now reaches pfSense. -
Thank you for the advise.
I did the port forwarding in the FiberToTheHome Router(Broadband router). Still neither connecting nor increasing the bits count in the WAN of pfsense.
192.168.10.1 is the LAN IP of the Broadband router
192.168.10.10 is the WAN IP of pfsensePlease advise if I am missing anything or any misconfiguration in the VPN settings side ?
-
This :
should probably be 'any' as the IP you use to 'call in' could by 'anything' (and for sure not 192.168.10.10).
-
@Cleetus-Antony
In the port forwarding you have to state the origin destination IP and then the redirect target.
The origin destination might not be the LAN address of the router, rather WAN. -
In my broadband router, there is no option I can see like any source ip to any destination ip in the port forwarding section.
-
@Cleetus-Antony
I expect, that you can at least set the routrs WAN address as destination.
Any for the redirect target might not be possible. -
@Cleetus-Antony said in openvpn client not connecting:
pfsense log 11.11.24.txt
That's your OpenVPN server starting, and it 'binds' to 192.168.10.10, your WAN IP, using port 1194, protocol UDP.
No trace of any incoming connection !
Which is the same info as :
I've the same startup sequence :
Where 192.168.10.4 is my WAN IP. I'm also using UDP and 1194, which is default.
My pfSense OpenVPN server WAN interface firewall rule :
and because 192.168.10.4 is RFC1918 = I have an upstream ISP router, so I had to place a NAT rule also in this router :
The Internal and external port number are both '1194'.
The protocol is UDP
The internal IP (= my WAN IP pfSense) is 192.168.10.4 - but my router uses his internal 'DNS' name for it, the field 'Equipement'.
The external IP (IP Externe) is set to "All" (or "Toutes" in French).When I connect to my VPN with my phone I see this is my VPN logs (read from bottom to top) :
where 92.184.98.214 is the IP of my phone (5G connected, not Wifi !!! ( !!! ))
My phone got the 192.168.3.2 VPN network IP.These start going up fast now :
as traffic reaching and entering my pfSense, handled by the listing OpenVPN server.
On the pfSense dash board I see :
-
Thank you for the well explained reply. Appreciate it.
For some reason, my ISP router doesnt have the port forwarding explicitly for ports only(1194 to 1194). IP fields are mandatory so I am not getting any to any option.
@viragomann
For setting the destination as WAN IP of ISP RTR, the same is on ppoe which changes more often rt ? -
@Cleetus-Antony said in openvpn client not connecting:
doesnt have the port forwarding explicitly for ports only(1194 to 1194). IP fields are mandatory so I am not getting any to any option
"Only ports" can't exist.
After all, a 'any' IP to 'any' IP doesn't make sense.It's nearly always "from any Internet IP possible" (as you don't know what IP you will be using when your out there using some random IPv4 (so = "any")) but the redirection has to go to a known IP : the pfSense WAN IP - and not some other "random LAN IP" (where LAN IP is an IP on your ISP LAN network, pfSense is using one of them, 192.168.10.10 - redirecting to for example 192.168.10.11 doesn't make sense, it has to be 192.168.10.10)
-
@Cleetus-Antony said in openvpn client not connecting:
For setting the destination as WAN IP of ISP RTR, the same is on ppoe which changes more often rt ?
There should be an alias for the random WAN IP, I think.
I noted, that your router has a DMZ option. Maybe it also works if you state the pfSense WAN IP as DMZ.
Normally this should forward any incoming traffic then. -
@viragomann said in openvpn client not connecting:
Normally this should forward any incoming traffic then.
@Cleetus-Antony
This implies that you need a 'good' firewall after your ISP device ^^
And that's the case : you use a pfSense
I tend to see the "DMZ" often present in ISP boxes as a "no-brains super NAT rule" : Address Translate all in coming connection (ICMP, UDP, TCP, whatever) to the designated IP, which will be the pfSense WAN IP.
This will surely do the trick. -
Does all this means that my ISP router is not functioning well in terms of port forwarding to reach the openvpn traffic to pfsense. ? Do I need a replacement ? My current brand is GX Earth-4222 Router
-
@Cleetus-Antony
This rather means, that setting a pfSense as DMZ on the ISP router is the common way to configure it, when you intend to run services in your network.This forward all incoming traffic to pfSense and you can control it there, which gives you better and more options.
-
@viragomann
I configured the DMZ section of the ISP router with the destination of WAN IP of the pfsense and it didnt make any difference.
