Rule error after OpenVPN Wizard Setup
-
pfSense 2.4.3-Release
WAN is Static IPV4 with 4 Virtual IPs, no IPV6
LAN is Static IPV4, No IPV6Main IP is xxx.xxx.xxx.18, but mail server and surveillance system use .19 and .21 respectively.
I do have a hybrid outbound nat with a custom rule that takes any data from the IP of the mail server/32 to go out .19
No other weird configs. Just the mailserver so the outbound goes out a different IP than the normal internet traffic.
I also have it connected to pfMonitor, but the errors started showing before that.
I did OpenVPN wizard and then I started getting an error:
There were error(s) loading the rules: /tmp/rules.debug:178: unknown protocol udp4 - The line in question reads [178]: pass in quick on $WAN reply-to ( igb0 xx.xx.xx.1 ) inet proto udp4 from any to xx.xx.xx.18 tracker 1526061252 keep state label "USER_RULE: OpenVPN XXXSSLVPN1194UDP wizard"
@ 2018-05-11 14:40:09It does seem to come back to a bug, but back in 2.4.2 and I thought fixed in 2.4.2-p1. Did 2.4.3 regress…
My other 50 or so pfSense firewalls are all on 2.4.3 but had OpenVPN set up before 2.4.3. I have seen no errors on them.
This was a re-purposed firewall that was reset to defaults and upgraded to 2.4.3 and then configured.
-
…
I did OpenVPN wizard ....Oh-ho. That trip-wired a small bug present in the OpenVPN Wizard : https://redmine.pfsense.org/issues/8391
@MeeleIkon:There were error(s) loading the rules: /tmp/rules.debug:178: unknown protocol udp4 - The line in question reads [178]: pass in quick on $WAN reply-to ( igb0 xx.xx.xx.1 ) inet proto udp4 from any to xx.xx.xx.18 tracker 1526061252 keep state label "USER_RULE: OpenVPN XXXSSLVPN1194UDP wizard"
@ 2018-05-11 14:40:09Yep, that's the one. The forum has it mentioned everywhere.
No need to path or repair or wait for a new pfSense version , just re-do the WAN openvpn Wizard-generated rule and you're ok.
-
Well, that did work….
Also curious and shame on me for not looking at the auto-generated ruled more closely, it had the port as * and not 1194 UDP....