Can't connect to my own OpenVPN server now
-
No,sadly. I've put fixing it on the back burner until after Christmas, as I am probably going to have to try a fresh install.
-
Are you guys using Android devices to connect? I had the same issue and checked everything in pfsense. It turned out to be a problem with the power-saving feature in an Android update. Turning that off or adding OpenVPN Connect as an exception in power-saving made everything work again. Just a thought.
-
4. Temporarily disabling firewall/NAT allowed the client to connect.
Well post up rules, both on your wan, your floating and your nats.. And your openvpn config.. You sure actually listening on your wan?? Just removing a nat that sent to your lan IP doesn't change vpn to listen on your wan address.
Do a sockstat and lets where pfsense is listening for 1194
example
[2.3.2-RELEASE][root@pfsense.local.lan]/root: sockstat -L | grep :1194 root openvpn 25696 5 udp4 24.13.snipped:1194 *:* [2.3.2-RELEASE][root@pfsense.local.lan]/root: -
I thought I had it cracked when I uninstalled pfBlockerNG and my android phone connected. As I had also relaxed my firewall rules (allow any from any), when I reinstituted the correct firewall rule (allow UDP:34982 on WAN address), it stopped working again. Resetting the any-from-any rule, it no longer connected again.
[2.3.2-RELEASE][admin@ratiro-net.ratiro]/root: sockstat -L | grep :34982 root openvpn 11123 6 udp4 *:34982 *:*I have attached my firewall rules, NAT and openVPN config pages. There are no floating rules defined.
 -
I think that you're trying this via celluar, correct? If so, your carrier wouldn't be T-Mobile would it?
-
I think that you're trying this via celluar, correct? If so, your carrier wouldn't be T-Mobile would it?
Yes to cellular (3G), but no to T-Mobile… it's 2-degrees/vodafone (NZ)
-
I have exactly the same problem. Tried it with android and surface 4. T-Mobile and Vodafone (both LTE) cellular network: I can't connect to the openvpn-server.
Server listens to port 1194:
[2.3.2-RELEASE][root@pfs.local.net]/root: sockstat -L | grep :1194 root openvpn 16667 6 udp4 95.88.x.x:1194 *:* [2.3.2-RELEASE][root@pfs.local.net]/root:WAN-Rule:
(red0 = WAN)
OpenVPN-Rule:
I deactivated my WAN-failover and all outgoing vpn-connections (all on other ports) for testing but it didn't work. :-\
-
Packet capture on RED0 for UDP 1194 and try to connect and verify connection attempts are actually arriving on RED0 Address.
-
I've reset my pfSense setup back to factory default, and just re-set up my openVPN server using the wizard, before setting any other services or firewall rules up.
Glad to report that all is working, using my android phone and linux clients, via a 3G connection.
As I carefully rebuild the rest of my configs, I'll keep checking functionality and may retrospectively be able to figure out what caused the issue in my case. Perhaps there was some stale firewall rule or state. Will report back if I find anything, but in the meantime, thanks for all the suggestions.
-
@sos:
I've reset my pfSense setup back to factory default, and just re-set up my openVPN server using the wizard, before setting any other services or firewall rules up.
Glad to report that all is working, using my android phone and linux clients, via a 3G connection.
As I carefully rebuild the rest of my configs, I'll keep checking functionality and may retrospectively be able to figure out what caused the issue in my case. Perhaps there was some stale firewall rule or state. Will report back if I find anything, but in the meantime, thanks for all the suggestions.
Yesterday, I did the same: reset to factory defaults -> start new configuration with openvpn-server first and now it works ???
After setting up the ovpn-server, I reconfigured all (nat-)rules, snort, webproxy, vpn-clients, outgoing vpn-failover and wan-failover and did a connection test after every single step, without any errors. Now the configuration is exactly the same as before and openvpn-server is reachable. So I
have no idea what the problem might have been.
