Why can't i access my pfsense box over OpenVpn
-
Those have no effect unless you're testing from a local IP that is in a private network or something in the bogons list which is unlikely.
Steve
-
@stephenw10 then what is the problem?kindly help posting firewall logs in a minute
-
We've asked you how the client is resolving the server a number of times here but it seems to be a secret!
That's the first thing I would check. Is the client trying to connect to the correct IP?
If it is then why are the packets not reaching the server? Is there something between them blocking it?
Steve
-
@stephenw10
And No! The client is connecting to the correct Ip via the dynamic Dns.... -
@stephenw10 21:20 Unrecognized option or missing or extra parameter(s) in /data/user/0/de.blinkt.openvpn/cache/android.conf:38: block-outside-dns (2.5_master)
21:20 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.8-0-g168367a5] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 22 2019
21:20 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
21:20 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
21:20 UDP link local (bound): [AF_INET][undef]:1194
21:20 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
21:20 read UDP [ECONNREFUSED]: Connection refused (code=111)
That is how it shows on my vpn client log on Android.Note:xxx is the Ip address -
@OpenWifi this right now
-
Ok, so nothing logged on the server end and that's expected since the firewall rule shows no passed traffic.
Looks like an Android issue I would guess. Can you test from a desktop client to confirm that?
Steve
-
@stephenw10
That is on the desktop -
Ok so failing the same way from the desktop client. I assume you still see no traffic on the WAN OpenVPN rule and nothing in the server logs to show 'peer initiating'?
So something is blocking that traffic before it gets to the pfSense WAN. Or it's being sent to the wrong IP/port by the client.
You could run a packet capture on WAN and filter by UDP port 1194 to be sure.
How is the WAN connected? What sort of connection is it?
Steve
-
Oh, wait the OpenVPN server appears to be listening on 192.168.1.2. Is that behind another router? Have you setup port forwards in that router?
Steve
-
Double NAT is my guess as well..
-
@stephenw10 yes it is behind the main router that my isp provided
-
@stephenw10 No! I havent setup any port forwards should i set it on the main router or the pfsense box
-
@OpenWifi said in Why can't i access my pfsense box over OpenVpn:
@stephenw10 No! I havent setup any port forwards should i set it on the main router or the pfsense box
Truthfully it would be best for you to set your internet connection device to bridge mode and let the pfsense get the public address on its WAN.
But yes otherwise anything that you want to make it through would have to be forwarded first to the pfsense box from the first router.
-
@chpalmer thank you. So i port forward 1194 to pfsense from the router.Thanks. And would bridging affect a person using the first router as wifi, because i have a laptop using Wifi on the first router
-
@chpalmer hello guys should i port forward on my router or on my pfsense box
-
@chpalmer Thank you Guys,it worked.i portforwarded and it worked!!!!.Thanks alot
-
Yes, setting the other router to whatever bridge mode it might have available would affect anything using it directly.
Really you should look at using pfSense instead of that router and having a separate wireless access point behind it. You may be able to use the ISP router for that purpose:
https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.htmlIt depends what sort of connection you have and whether it has a separate modem.
Steve
