OpenVPN UDP 1194 Port Not Opening



  • Hello All

    First time poster in pfsense forum so i apologise if this has been answered already, im attempting to setup a basic vpn server from my pfsense firewall/router which is connected directly to my ISP i have followed the setup in the video below

    https://www.youtube.com/watch?v=xiy52Hn5bTc

    The setup has run smoothly everything worked as demonstrated, however port 1194 using the udp protocol refuses to open, this port is NOT blocked by my ISP as i have used it before, i opened a different port using the TCP protocol which is working so im at a loss as to why 1194 won't open, any advice would be appreciated

    Kind Regards

    Ryan


  • Rebel Alliance Global Moderator

    Won't open from where??  Maybe they are blocking it?

    Sniff on pfsense wan, try and connect do you see the 1194 UDP packets?  If not then no pfsense can not do anything with them..



  • Do you have the WAN rule setup (1.png) and the OpenVPN rule setup (2.png)?

    Also, I would definitely try watching the packets if they are even coming across on 1194.  Some ISPs may have UDP port 1194 open, and the connection starts but eventually block due to the type of traffic going to it.






  • Yes i have those rules setup, they were created when i ran the openvpn wizard, but for some reason the port still shows as closed


  • Rebel Alliance Global Moderator

    "but for some reason the port still shows as closed "

    Shows closed where?  it is very difficult to test if ports are open via UDP.. So did you do the simple packet capture?  Is your openvpn server log showing any sort of connection attempt, what does your client log say?

    Simple diag, packet capture looking for UDP 1194 and then testing from your client will tell for 100% sure if the packets are getting to pfsense or not..  IF they can not get to your pfsense then no you can not connect to vpn listing on 1194.



  • I'm using a port checker site to test if the port is open


  • Rebel Alliance Global Moderator

    And how does that answer the question.. Did you sniff???  All such a test tells you is they didn't get an answer.. Which can be tricky with udp anyway.

    But does that tell you if you have a issue with pfsense or your isp is blocking the traffic and pfsense never saw it!  You need to do a packet capture!!!  To validate the traffic actually gets there!  If doesn't get there there is nothing you can do on pfsense to fix that!!



  • Thank you for your help i really do appreciate it, i've managed to solve my problem by upgrading from the stable branch to the development release, although external port checker sites such as canyouseeme still say port 1194 is close my VPN setup is working which is all that matters.

    Once again i thank you for your patience i am new to pfsense i hope to be able to contribute something as i learn  :)


  • Netgate

    Port checkers check TCP ports. Not UDP. TCP requires the three-way handshake, which is what the port checkers look for.


  • Rebel Alliance Global Moderator

    " i've managed to solve my problem by upgrading from the stable branch to the development release"

    That sure and the hell was not the issue… Not sure what you did, but upgrading to a nonstable dev release would not be what I would suggest.. So while the process of doing the upgrade - maybe you did a clean install and didn't try and nat your inbound connections.  No idea but running dev your more than likely going to run into other odd issues.