Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection Refused

    Firewalling
    2
    4
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xkelly
      last edited by

      Apologies if this is in the wrong forum, but I'm kind of a newb with any router/firewall/appliance beyond a distro'd broadband router.

      I just installed pfSense and have been working to configure the various setting to match what I had previously on my Asus Merlin router when I ran into a problem I can't quite figure out.  I'm getting connection refused for a DDNS address that was working fine earlier. The only I can think I've done since it was working was configure OpenVPN.

      I have DDNS setup and working (ip address is green) for (let's call it) mydomain.net.  I have a webhop set for the domain at dyn.com to redirect to https://ds.mydomain.net:5555 to the identified IP address.  Again, this was working without a problem, but now I'm getting connection refused. The ports are open.  If I use the IP address: https://ipaddress:5555, it works fine.  But using the domain name is not working.  Same thing for other SSL ports I have opened to my local host using port. e.g., port 7001.

      Just to be clear, I've tested this both inside and outside of my network (NAT reflection mode is enabled).  If I try https://mydomain.net, without the sub prefix, I get a NET::ERR_CERT_COMMON_NAME_INVALID error.  The only package I've installed so far is the openVPN config export package.  Services enabled include DHCP Server, OpenVPN, NTP, along with some ports forward to various host.

      Any guidance would be appreciated.  Thanks.

      EDIT: Forgot to mention that I enabled ICMP echo rule so pings would work. I can successfully ping mydomain.net.

      pfSense 2.4
      Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz
      4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
      AES-NI CPU Crypto: Yes (inactive)
      30GB storage
      4GB RAM

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        That has nothing to do with your firewall. Common name invalid means the name on the certificate is ds.mydomain.net and not mydomain.net. That's the expected result in that case.

        1 Reply Last reply Reply Quote 0
        • X
          xkelly
          last edited by

          @cmb:

          That has nothing to do with your firewall. Common name invalid means the name on the certificate is ds.mydomain.net and not mydomain.net. That's the expected result in that case.

          Makes sense. Thanks.  Any thoughts on why the connection would be refused for ds.mydomain.net?

          pfSense 2.4
          Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz
          4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
          AES-NI CPU Crypto: Yes (inactive)
          30GB storage
          4GB RAM

          1 Reply Last reply Reply Quote 0
          • X
            xkelly
            last edited by

            Okay… Seems Chrome is the only browser showing connection refused. Neither Firefox nor Chrome have the problem.  Not sure why Chrome is reacting this way, but I seems it's not pfsense related.

            pfSense 2.4
            Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz
            4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
            AES-NI CPU Crypto: Yes (inactive)
            30GB storage
            4GB RAM

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.