Incomming connection issue when using openvpn
-
I have tried that, but pfsense still select the wrong interface for reply-to
-
This stuff works, man. pfSense is only doing what you're telling it to do.
Use the diagram in my sig to detail exactly what you're doing and I'll build it tonight. Please be specific.
-
ok using you diagram
pfsense A
connected with 2 wan, 2 openvpns
connectes in/out works ok on wan
connection works fine from lan and opt1
connections going out from opt1 host A2 is redirected to ovpnc2 works fine
connections comming in from internet ocer ovpnc2 to host A2 does not work
port 53 is configured be redirected to host but packages are comming threre but reply is sent over wan
I just created that config on my firewall as the only config there and it did not work
-
You can't NAT on the openvpn tab. It has to be an assigned interface. I don't see ovpnc2 in that firewall output at all.
-
I have tried that today, assigned it to an interface, got teh interface up with the ip, still not possible to get traffic in only out, in comming traffic are still routed back over default route not the rule's reply-to
-
post screenshots of all your rules.
-
ok screen shots of all my interfaces and rules comming up
WAN interface default gateway
WAN2 interface, in use if first fails
openvpn client1
nothing forwarded here works, the reply is send back over default gw
openvpn client2
same as above
DMZ
NAT
interface assignment
This is the setup I like to have working and that was working with pfsense 2 but does not work with 2.2
-
Please post the rules on the OpenVPN tab.
-
openvpn tab
-
Get rid of that. In order to have things like Reply-To working, the OpenVPN tab cannot match the traffic. I would just not put any rules on OpenVPN tab. Put them on the appropriate assigned interface instead.
-
Note my first post on this thread.
-
So, what's this?
nat on $VPN from 10.0.80.0/24 to any port 500 -> 10.103.1.6/32 static-port
Your IPsec overlaps with OpenVPN. This will never work.
-
Note my first post on this thread.
Thank you, I dont know how I missed that all the when ever I checked, that rule should of cause have a limited source address range, adding that it works perfect
, thank you again
