Open VPN wih ddns

baspax1 · Sep 29, 2016, 4:12 PM

Hi i have successfully setup my PFsense to create my pc to Openvpn server..
first of all im little confused about IP's,
PFsense has local ip is 192.168.1.1, Wan of pfsense has 192.168.2.157(dhcp) witch is on ip range of my home local network 192.168.2.0 (1) my routers gateway.
i thought that the wan is the wide area network address that come out to the internet(host ip)
although
i created a VPN settings with support from some videos, i opened 1194 with the router ip and second try with local address of pc that i connected the pfsense but nothing happened..
If i export settings to my local pc and run openvpn localy then i connecting succesfully on my openvpn!! the problem is remotely…
the second strange is that i have insert ddns on pfsense and looks ok but if i try to connect remotely on pfsense portal then i login into gateway of my royter!!that already has ddns enable with different host...
please help my i spend few hours without results...

Modem:tplink w9980(192.168.2.1)
PC with pfSense(192.168.1.107)
pfsense lan (192.168.1.1)
pfsense wan(192.168.2.157)

viragomann · Sep 29, 2016, 9:56 PM

@baspax1:

PFsense has local ip is 192.168.1.1, Wan of pfsense has 192.168.2.157(dhcp) witch is on ip range of my home local network 192.168.2.0 (1) my routers gateway.
i thought that the wan is the wide area network address that come out to the internet(host ip)

You should switch your tplink into bridge mode or PPPoE, so you get the public IP on pfSense WAN. All other devices have to be connected to the pfSense LAN interface.
So you can configure DDNS on pfSense.

@baspax1:

If i export settings to my local pc and run openvpn localy then i connecting succesfully on my openvpn!! the problem is remotely…
the second strange is that i have insert ddns on pfsense and looks ok but if i try to connect remotely on pfsense portal then i login into gateway of my royter!!that already has ddns enable with different host...

If you want to drive pfSense this way with double NAT, you have to give it a static WAN IP and forward port 1194 UDP on your router to this IP.
Also the DDNS has to be set up at the router. pfSense gets no public IP in this mode, so it can't work with DDNS.

baspax1 · Sep 30, 2016, 6:52 AM

First of all Thanks for quick response,
My router is already switch into PPPoE , How can i connect all device to pfsense lan ?
the lan of pfsense is a virtual ethernet adapter of my pc, all devices is on TP-link router.
http://prntscr.com/co1yan

baspax1 · Oct 3, 2016, 2:44 PM

I try to insert manual the wan ip on login settings but nothings happend
i get this error : TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 03 17:41:44 2016 TLS Error: TLS handshake failed

I cant find solutions please help me.

viragomann · Oct 3, 2016, 10:52 PM

So you insist on driving your router in NAT-router mode.

@baspax1:

I try to insert manual the wan ip on login settings but nothings happend
i get this error : TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 03 17:41:44 2016 TLS Error: TLS handshake failed

Seems the vpn server is not reachable.

Has the pfSense a static WAN IP now?
Have you unchecked "Block private networks" in the WAN interface settings?
Have you forwarded OpenVPN traffic on your router to pfSense?
Is there a firewall rule on pfSense WAN which allow the access?

If you have everything answered with yes, go to Diagnostic > Packet capture and check if the OpenVPN packets reach the pfSense WAN interface.

baspax1 · Oct 4, 2016, 6:35 AM

I have all of these i think except the wan ip that was dhcp … tommorow i make a succesfuly conection ! but i dont know how.. on client in config remove iport0 and i put directly my host ip and connected! today after restart (with the same host ip) i try again but nothing...
look at my settings

http://prntscr.com/cpkjr4
http://prntscr.com/cpkjz0
http://prntscr.com/cpkkg2
http://prntscr.com/cpkkih
http://prntscr.com/cpkl10
http://prntscr.com/cpkl49
http://prntscr.com/cpkl9a
http://prntscr.com/cpkli4

viragomann · Oct 4, 2016, 10:02 AM

In the WAN interface settings you have to correct the network mask and the upstream gateway is missing. Set the routers LAN address 192.168.2.1 as gateway here.

baspax1 · Oct 4, 2016, 10:46 AM

I changed to 192.168.2.1/24 but after of this i lost wan ip on pfsense, but i can ping it..
http://prntscr.com/cpnhll
http://prntscr.com/cpnjdk