Connecting to pfSense OpenVPN from inside LAN
-
I can successfully connect to my pfSense 1.2.3 server through OpenVPN from a remote computer, but not from LAN the server belongs to.
I get the following error in the logs: TCP/UDP: Incoming packet rejected from 192.168.10.1:1194[2], expected peer address: XX.XXX.XX.XXX:1194 (allow this incoming source address/port by removing –remote or adding --float)
I don't have the --remote option in the client config.
Please help! -
Did you check the checkbox "Dynamic IP"?
Allow connected clients to retain their connections if their IP address changes.
-
I didn't as i have a static WAN IP. Should it be on?
it doesn't resolve my issue. -
You're mixing up where you have dynamic and where you have static IPs.
This option is to allow dynamic clients to connect.OpenVPN notes what the IP of a certain client is/was. If the source IP of the client changes, the server throws an error.
You explicitly have to allow that the source IP of the client can change.I suggest you read the OpenVPN man-page on the available option.
The GUI of pfSense does nothing more than generate an OpenVPN config file.
You can look at this file under /var/etc/ -
Thanks for the tip, but switching this option on doesn't change anything, I still get the same error
-
Did you look at the generated config file?
-
I can successfully connect to my pfSense 1.2.3 server through OpenVPN from a remote computer, but not from LAN the server belongs to.
I get the following error in the logs: TCP/UDP: Incoming packet rejected from 192.168.10.1:1194[2], expected peer address: XX.XXX.XX.XXX:1194 (allow this incoming source address/port by removing –remote or adding --float)
I don't have the --remote option in the client config.
Please help!same problem I had also. when i was using UDP Port. But if you use TCP. You can connect your opnvpn client to your openvpn server from lan.
I dont know the reason why i couldnt use UDP. BUt same setting if i use tcp It works.
make sure your opnvpn client config file has those lines…...float
port 1194
dev tun
dev-node tap0
proto tcp-client
remote your wan ip
1194
ping 10
persist-tun
persist-key
tls-client
client
ca ca.crt
cert whatever your clint name.crt
key whatever your clint name.key
ns-cert-type server
comp-lzo
verb 4
I hope it will help you....