Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot connect through dynamic ip

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 3 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reyntjensw
      last edited by

      Hi there,

      I'm trying to use pfsense with openvpn to connect office to home but I can't connect to the vpn machine.
      I've forwarded the port 1194 (udp and tcp) from the router to the pfsense machine.

      My setup is based on this tutorial : http://forum.pfsense.org/index.php/topic,7840.0.html
      I've tried changing form udp to tcp, but that didn't work as well.

      Does someone know what I'm doing wrong?

      Edit : My isp doesn't block any port

      
      Sun Mar 01 19:17:24 2009 us=781776   client = ENABLED
      
      Sun Mar 01 19:17:24 2009 us=781795   pull = ENABLED
      
      Sun Mar 01 19:17:24 2009 us=781805   auth_user_pass_file = '[UNDEF]'
      
      Sun Mar 01 19:17:24 2009 us=781818   show_net_up = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=781827   route_method = 0
      
      Sun Mar 01 19:17:24 2009 us=781835   ip_win32_defined = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=781843   ip_win32_type = 3
      
      Sun Mar 01 19:17:24 2009 us=781852   dhcp_masq_offset = 0
      
      Sun Mar 01 19:17:24 2009 us=781860   dhcp_lease_time = 31536000
      
      Sun Mar 01 19:17:24 2009 us=806583   tap_sleep = 0
      
      Sun Mar 01 19:17:24 2009 us=806608   dhcp_options = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=806618   dhcp_renew = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=806626   dhcp_pre_release = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=806634   dhcp_release = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=806646   domain = '[UNDEF]'
      
      Sun Mar 01 19:17:24 2009 us=806664   netbios_scope = '[UNDEF]'
      
      Sun Mar 01 19:17:24 2009 us=806672   netbios_node_type = 0
      
      Sun Mar 01 19:17:24 2009 us=806688   disable_nbt = DISABLED
      
      Sun Mar 01 19:17:24 2009 us=806710 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
      
      Sun Mar 01 19:17:24 2009 us=806828 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
      
      Sun Mar 01 19:17:24 2009 us=806846 WARNING: --ping should normally be used with --ping-restart or --ping-exit
      
      Sun Mar 01 19:17:24 2009 us=812946 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
      
      Sun Mar 01 19:17:24 2009 us=837427 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
      
      Sun Mar 01 19:17:24 2009 us=837486 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
      
      Sun Mar 01 19:17:24 2009 us=837500 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
      
      Sun Mar 01 19:17:24 2009 us=837531 Local Options hash (VER=V4): 'db02a8f8'
      
      Sun Mar 01 19:17:24 2009 us=837548 Expected Remote Options hash (VER=V4): '7e068940'
      
      Sun Mar 01 19:17:24 2009 us=837587 Attempting to establish TCP connection with 83.101.12.x:1194
      
      Sun Mar 01 19:17:45 2009 us=878038 TCP: connect to 83.101.12.x:1194 failed, will try again in 5 seconds
      
      
      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        I assume you have another router in front of the pfSense.
        Did you open the firewall onthis device as well?
        Do you have any firewall-log entries on the pfSense regarding blocked traffic?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          reyntjensw
          last edited by

          The ports on that firewall are also open.
          What I don't notice is that the tcp/udp request on port 1194 doesn't arrive at my router(not in the blocked list nor in the access list).

          If I open the vpn connection from inside the lan, that works just fine. (even if I connect to the wan address (83…..))

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            If you don't even see the packets arrive on the WAN-port of the pfSense they obviously get blocked somewhere on the way.
            I would double check if the firewall in front of the pfSense really doesn't block the OpenVPN traffic.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • R
              reyntjensw
              last edited by

              Is there some website or service which can check if a port is open on my router?
              Port 1194 tcp and udp and forwarded it to the wan ip of the pfsense.

              1 Reply Last reply Reply Quote 0
              • Cry HavokC
                Cry Havok
                last edited by

                Try forwarding 53/UDP or 443/TCP (depending on what you use) and a high numbered port (say 31194).  See if you have more luck with those ports.

                1 Reply Last reply Reply Quote 0
                • R
                  reyntjensw
                  last edited by

                  i've opened port 53 and 443 on my router and did change the vpn port to 8090, but that didn't do the job.

                  1 Reply Last reply Reply Quote 0
                  • Cry HavokC
                    Cry Havok
                    last edited by

                    Forward, not open.  You need to forward the ports to the pfSense host, not open the ports.

                    Assuming that was what you did, then you need to go back and look at your configuration.  If you want more help you'll need to post a simple network diagram with IP addresses to help people understand what you're doing and why it isn't working for you.  For instance, my setup looks like:

                    Internet – Gateway (192.168.0.1/24) --- (192.168.0.2/24) pfSense (192.168.1.1/24) --- LAN
                                                                                                        -- OpenVPN (10.0.0.1/29)

                    I've forwarded 53/UDP from Gateway to pfSense, opened 53/TCP on pfSense and configured OpenVPN to listen on port 53/UDP.  I use it regularly and it works fine.

                    1 Reply Last reply Reply Quote 0
                    • R
                      reyntjensw
                      last edited by

                      This is my setup :

                      Internet – Gateway (192.168.123.254/24) --- (192.168.123.142/24) pfSense (192.168.1.1/24) --- LAN
                                                                                                          -- OpenVPN (192.168.2.1/24)

                      I've checked my settings and the ports are forwarded and not open. They are forwarded to the .142 wan adres of pfSense

                      I've used port 8090 udp for my openvpn connection. I'm thinking that it has something to do with my router not doing what it's suppose to do. I'll try a new router tomorrow.

                      The ports on my pfsense are configured in the firewall to be passed.

                      1 Reply Last reply Reply Quote 0
                      • Cry HavokC
                        Cry Havok
                        last edited by

                        Try plugging something between the gateway and the pfSense host.  If you can connect to OpenVPN from there (using 192.168.123.142 as the server IP) then you know that the pfSense host is correctly configured.

                        1 Reply Last reply Reply Quote 0
                        • R
                          reyntjensw
                          last edited by

                          I'll try that this evening, thanks for the tip

                          Edit : I can connect to my machine with the ip address given by the router. But when I tried to connect using the public ipaddress, but that didn't work.

                          1 Reply Last reply Reply Quote 0
                          • Cry HavokC
                            Cry Havok
                            last edited by

                            To confirm:

                            1. When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?

                            2. When outside your network you can't connect using the public IP (WAN) address?

                            If that is so, then your problem is with your gateway's port forwarding/firewall rules.

                            1 Reply Last reply Reply Quote 0
                            • R
                              reyntjensw
                              last edited by

                              @Cry:

                              To confirm:

                              1. When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?

                              2. When outside your network you can't connect using the public IP (WAN) address?

                              If that is so, then your problem is with your gateway's port forwarding/firewall rules.

                              That's correct, the strange thing is that some rules do work. For example if I open port 8080 for a webserver, that does work perfectly.

                              Edit : It looks like it's fixed, I did a firmware upgrade of my gateway and it's working just fine:)

                              Thanks for the help

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.