Strongvpn connects but firewall blocking incoming traffic
-
So I ran Packet Capture tool with the VPN interface selected, saved the file and loaded in Wireshark. I can see the VPN virtual IP as the source sending TCP packets to the destination Public IP but all the TCP packets are flagged as bad. I can also see some packets from the destination Public IP as the source sending to the VPN IP as the destination (not as many though). Since packets are being sent to the destination IP, does that mean firewall rules are okay, otherwise they would not be showing, is that correct?
When I ran the packet capture for the LAN interface with VPN client up it shows bad TCP packets as well.
-
@silverh22a
Without getting a view to the result and knowing details of your VPN connection it's hard to say, if the communition packets are correct.
Possibly there is an asymmetric routing somewhere, since packets are flagged as bad. You can enable logging and check if you get unexpected blocks.There should be no secrets in the capture result. So it will be save to post it here.
-
Here is packet capture. Could there be an issue with the actual VPN connection itself, perhaps an issue with the client configuration?
-
And what are your VPN connection details? Client-IP, Server-IP?
I expected to see your VPN tunnel is a private range, but I can't see any private IP here.
What is the IP you're trying to talk to? -
The client ip assigned from the StrongVPN OpenVPN server is 100.64.54.3. The public IP I was attempting to connect to is 172.217.1.163 (google). The first column of IP addresses in the log is the source and the second column is destination. You can see that there is some back and forth communication but none if it is sucessful. This is from logging the VPN interface. I'm not very experienced at reading these logs other than I know that black represents a bad transmission.
-
@silverh22a said in Strongvpn connects but firewall blocking incoming traffic:
The client ip assigned from the StrongVPN OpenVPN server is 100.64.54.3
That's a CGN space, strange. Never seen a VPN provider using CGN addresses for the tunnel.
The black marked are retransmissions. Looks to me as your client sends a QUIC packet and as he doesn't get an ACK it tries TCP.
Can you disable QUIC in the browser for testing? -
@viragomann said in Strongvpn connects but firewall blocking incoming traffic:
Can you disable QUIC in the browser for testing?
Here is a snip of the packet capture with QUIC in the browser disabled. Also I noticed under the diagnostics the Gateway log showed a sendto error 55 and Gateway status showed offline with 63% loss
-
@silverh22a said in Strongvpn connects but firewall blocking incoming traffic:
Also I noticed under the diagnostics the Gateway log showed a sendto error 55 and Gateway status showed offline with 63% loss
So there will be another problem you should look for and rectify at first: https://docs.netgate.com/pfsense/en/latest/troubleshooting/gateway-errors.html#sendto-error-55
-
I haven't had any luck troubleshooting the gateway issue. I think it has something to do with the actual OpenVPN config parameters. Every request goes out the VPN interface but doesn't return. StrongVPN tech support has been no help, just advising me to follow the tutorial again.
I'm throwing in the towel on this one. I'm going change providers. It's too bad ibVPN was bought out by strongVPN. My setup worked well with ibVPN.
-
Just an update. I solved my issue. I switched vpn providers and its working. That tells me there was some nuance in the vpn config of strongvpn that didn't work.