Cannot connect through dynamic ip
-
Hi there,
I'm trying to use pfsense with openvpn to connect office to home but I can't connect to the vpn machine.
I've forwarded the port 1194 (udp and tcp) from the router to the pfsense machine.My setup is based on this tutorial : http://forum.pfsense.org/index.php/topic,7840.0.html
I've tried changing form udp to tcp, but that didn't work as well.Does someone know what I'm doing wrong?
Edit : My isp doesn't block any port
Sun Mar 01 19:17:24 2009 us=781776 client = ENABLED Sun Mar 01 19:17:24 2009 us=781795 pull = ENABLED Sun Mar 01 19:17:24 2009 us=781805 auth_user_pass_file = '[UNDEF]' Sun Mar 01 19:17:24 2009 us=781818 show_net_up = DISABLED Sun Mar 01 19:17:24 2009 us=781827 route_method = 0 Sun Mar 01 19:17:24 2009 us=781835 ip_win32_defined = DISABLED Sun Mar 01 19:17:24 2009 us=781843 ip_win32_type = 3 Sun Mar 01 19:17:24 2009 us=781852 dhcp_masq_offset = 0 Sun Mar 01 19:17:24 2009 us=781860 dhcp_lease_time = 31536000 Sun Mar 01 19:17:24 2009 us=806583 tap_sleep = 0 Sun Mar 01 19:17:24 2009 us=806608 dhcp_options = DISABLED Sun Mar 01 19:17:24 2009 us=806618 dhcp_renew = DISABLED Sun Mar 01 19:17:24 2009 us=806626 dhcp_pre_release = DISABLED Sun Mar 01 19:17:24 2009 us=806634 dhcp_release = DISABLED Sun Mar 01 19:17:24 2009 us=806646 domain = '[UNDEF]' Sun Mar 01 19:17:24 2009 us=806664 netbios_scope = '[UNDEF]' Sun Mar 01 19:17:24 2009 us=806672 netbios_node_type = 0 Sun Mar 01 19:17:24 2009 us=806688 disable_nbt = DISABLED Sun Mar 01 19:17:24 2009 us=806710 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Sun Mar 01 19:17:24 2009 us=806828 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sun Mar 01 19:17:24 2009 us=806846 WARNING: --ping should normally be used with --ping-restart or --ping-exit Sun Mar 01 19:17:24 2009 us=812946 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ] Sun Mar 01 19:17:24 2009 us=837427 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Sun Mar 01 19:17:24 2009 us=837486 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sun Mar 01 19:17:24 2009 us=837500 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Sun Mar 01 19:17:24 2009 us=837531 Local Options hash (VER=V4): 'db02a8f8' Sun Mar 01 19:17:24 2009 us=837548 Expected Remote Options hash (VER=V4): '7e068940' Sun Mar 01 19:17:24 2009 us=837587 Attempting to establish TCP connection with 83.101.12.x:1194 Sun Mar 01 19:17:45 2009 us=878038 TCP: connect to 83.101.12.x:1194 failed, will try again in 5 seconds
-
I assume you have another router in front of the pfSense.
Did you open the firewall onthis device as well?
Do you have any firewall-log entries on the pfSense regarding blocked traffic? -
The ports on that firewall are also open.
What I don't notice is that the tcp/udp request on port 1194 doesn't arrive at my router(not in the blocked list nor in the access list).If I open the vpn connection from inside the lan, that works just fine. (even if I connect to the wan address (83…..))
-
If you don't even see the packets arrive on the WAN-port of the pfSense they obviously get blocked somewhere on the way.
I would double check if the firewall in front of the pfSense really doesn't block the OpenVPN traffic. -
Is there some website or service which can check if a port is open on my router?
Port 1194 tcp and udp and forwarded it to the wan ip of the pfsense. -
Try forwarding 53/UDP or 443/TCP (depending on what you use) and a high numbered port (say 31194). See if you have more luck with those ports.
-
i've opened port 53 and 443 on my router and did change the vpn port to 8090, but that didn't do the job.
-
Forward, not open. You need to forward the ports to the pfSense host, not open the ports.
Assuming that was what you did, then you need to go back and look at your configuration. If you want more help you'll need to post a simple network diagram with IP addresses to help people understand what you're doing and why it isn't working for you. For instance, my setup looks like:
Internet – Gateway (192.168.0.1/24) --- (192.168.0.2/24) pfSense (192.168.1.1/24) --- LAN
-- OpenVPN (10.0.0.1/29)I've forwarded 53/UDP from Gateway to pfSense, opened 53/TCP on pfSense and configured OpenVPN to listen on port 53/UDP. I use it regularly and it works fine.
-
This is my setup :
Internet – Gateway (192.168.123.254/24) --- (192.168.123.142/24) pfSense (192.168.1.1/24) --- LAN
-- OpenVPN (192.168.2.1/24)I've checked my settings and the ports are forwarded and not open. They are forwarded to the .142 wan adres of pfSense
I've used port 8090 udp for my openvpn connection. I'm thinking that it has something to do with my router not doing what it's suppose to do. I'll try a new router tomorrow.
The ports on my pfsense are configured in the firewall to be passed.
-
Try plugging something between the gateway and the pfSense host. If you can connect to OpenVPN from there (using 192.168.123.142 as the server IP) then you know that the pfSense host is correctly configured.
-
I'll try that this evening, thanks for the tip
Edit : I can connect to my machine with the ip address given by the router. But when I tried to connect using the public ipaddress, but that didn't work.
-
To confirm:
-
When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?
-
When outside your network you can't connect using the public IP (WAN) address?
If that is so, then your problem is with your gateway's port forwarding/firewall rules.
-
-
@Cry:
To confirm:
-
When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?
-
When outside your network you can't connect using the public IP (WAN) address?
If that is so, then your problem is with your gateway's port forwarding/firewall rules.
That's correct, the strange thing is that some rules do work. For example if I open port 8080 for a webserver, that does work perfectly.
Edit : It looks like it's fixed, I did a firmware upgrade of my gateway and it's working just fine:)
Thanks for the help
-