Cannot connect through dynamic ip

GruensFroeschli

I assume you have another router in front of the pfSense.
Did you open the firewall onthis device as well?
Do you have any firewall-log entries on the pfSense regarding blocked traffic?

reyntjensw

The ports on that firewall are also open.
What I don't notice is that the tcp/udp request on port 1194 doesn't arrive at my router(not in the blocked list nor in the access list).

If I open the vpn connection from inside the lan, that works just fine. (even if I connect to the wan address (83…..))

GruensFroeschli

If you don't even see the packets arrive on the WAN-port of the pfSense they obviously get blocked somewhere on the way.
I would double check if the firewall in front of the pfSense really doesn't block the OpenVPN traffic.

reyntjensw

Is there some website or service which can check if a port is open on my router?
Port 1194 tcp and udp and forwarded it to the wan ip of the pfsense.

Cry Havok

Try forwarding 53/UDP or 443/TCP (depending on what you use) and a high numbered port (say 31194).  See if you have more luck with those ports.

reyntjensw

i've opened port 53 and 443 on my router and did change the vpn port to 8090, but that didn't do the job.

Cry Havok

Forward, not open.  You need to forward the ports to the pfSense host, not open the ports.

Assuming that was what you did, then you need to go back and look at your configuration.  If you want more help you'll need to post a simple network diagram with IP addresses to help people understand what you're doing and why it isn't working for you.  For instance, my setup looks like:

Internet – Gateway (192.168.0.1/24) --- (192.168.0.2/24) pfSense (192.168.1.1/24) --- LAN
                                                                                    -- OpenVPN (10.0.0.1/29)

I've forwarded 53/UDP from Gateway to pfSense, opened 53/TCP on pfSense and configured OpenVPN to listen on port 53/UDP.  I use it regularly and it works fine.

reyntjensw

This is my setup :

Internet – Gateway (192.168.123.254/24) --- (192.168.123.142/24) pfSense (192.168.1.1/24) --- LAN
                                                                                    -- OpenVPN (192.168.2.1/24)

I've checked my settings and the ports are forwarded and not open. They are forwarded to the .142 wan adres of pfSense

I've used port 8090 udp for my openvpn connection. I'm thinking that it has something to do with my router not doing what it's suppose to do. I'll try a new router tomorrow.

The ports on my pfsense are configured in the firewall to be passed.

Cry Havok

Try plugging something between the gateway and the pfSense host.  If you can connect to OpenVPN from there (using 192.168.123.142 as the server IP) then you know that the pfSense host is correctly configured.

reyntjensw

I'll try that this evening, thanks for the tip

Edit : I can connect to my machine with the ip address given by the router. But when I tried to connect using the public ipaddress, but that didn't work.

Cry Havok

To confirm:

1. When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?

2. When outside your network you can't connect using the public IP (WAN) address?

If that is so, then your problem is with your gateway's port forwarding/firewall rules.

reyntjensw

@Cry:

To confirm:

1. When you connect between the gateway and pfSense you can connect to OpenVPN using 192.168.123.142?

2. When outside your network you can't connect using the public IP (WAN) address?

If that is so, then your problem is with your gateway's port forwarding/firewall rules.

That's correct, the strange thing is that some rules do work. For example if I open port 8080 for a webserver, that does work perfectly.

Edit : It looks like it's fixed, I did a firmware upgrade of my gateway and it's working just fine:)

Thanks for the help