OpenVPN server - Timeout

JailBird4

This post is deleted!

Marci

@ab5g I tried it directly via the IP, the result is the same (timeout). I also looked at pfTop, but I did not see any connection attempts.

The OpenVPN interface has the rule from the wizard, see below:
OpenVPN rules
rule details

AB5G

@marci That doesn't make sense. You should at least see a connection attempt on the firewall. Is the OpenVPN server on ?. Try an external website and see if your port is open.

viragomann

@marci
Show your OpenVPN server configuration.

Is there any hint in the OpenVPN log?

Gertjan

Your WAN rukes image :

which means no traffic reached the WAN interface, using port 1194, protocol UDP.

You should see :

See for yourself :

and hit the start button - then re try to connect. Stop to see the results. Was there any traffic ?

What is the IP of your WAN interface ? Some RFC1918 IP and if so, what's in front of your pfSense ? a "ISP" router ? If so ; does this one contain the correct NAT rule ?

Marci

@ab5g I have checked the port with some websites and all report that the port (1194) is closed. If I restore my old pfsense config it is also reported that port 1194 is closed but I can connect to my server.

Marci

@viragomann Here is my server configuration
screenshot

There is no activity in the OpenVPN log.

I also restored my old pfsense config and there I could see the connection in the log.

Marci

@gertjan There is no activity in the packet capture. I also tried it with my old pfsense config (where I can connect) and there I could see according activity.

I have an ISP router in front of pfsense, so my WAN IP is in its network (192.168.0.101).
Since I can connect to the OpenVPN server with my old pfsense config (also using UDP 1194) I think the ISP router should not be a problem, right?

I am puzzled...

Gertjan

@marci said in OpenVPN server - Timeout:

I have checked the port with some websites and all report that the port (1194) is closed.

Checked port 1194 using TCP or UDP ? OpenVPN is using UDP.

@marci said in OpenVPN server - Timeout:

so my WAN IP is in its network (192.168.0.101).

What was the pfSense "WAN" IP uising the old config ? 192.168.0.101 ?
What is the pfSense "WAN" IP using the new config ? If it's not 192.168.0.101, the NAT rule in the ISP should be modified, so that it uses the new pfSense WAN IP.

@marci said in OpenVPN server - Timeout:

There is no activity in the packet capture.

That proofs again that incoming VPN traffic doesn't reach pfSense.
If nothing enters the WAN NIC, you should check the ISP router = the NAT rule in this device.

Marci

@gertjan and @all

Thank you very much for your time and comments!
Indeed the port forwarding on my ISP router was not configured correctly.
That being corrected everything is now working as expected

I wish you a great start into the new year!!