UDP traceroute doesn't work ICMP does from WAN to LAN to OpenVPN Server

  • I'm having trouble passing traffic from the WAN to the OpenVPN server set up in pfSense. 
    I can see the UDP packets from the end user hitting the WAN, but the packets don't make it to the OpenVPN server. 
    I can ping WAN to LAN, WAN to OpenVPN, and LAN to OpenVPN and vice versa.  If I do a traceroute, it will work with ICMP packets, but not with UDP packets.

    My firewall rules are the auto generated rules for the OpenVPN, and the bogon and private network blocks on the WAN.  LAN has the default allows and an OpenVPN port 1194 rule.  The floating rules has an OpenVPN rule as well.

    I'm sure it's something ridiculous that I'm overlooking.  Any more info that I can provide, please let me know.

  • LAYER 8 Global Moderator

    "LAN has the default allows and an OpenVPN port 1194 rule"

    Why would lan have 1194 rule??

    Post up your wan rules!  What do you mean they don't make it to the openvpn server.. Is the openvpn server on something other then pfsense?

  • I have attached the floating rules, WAN rules and LAN rules.

    The OpenVPN server is on the pfSense server, but it doesn't seem to be communicating out.  I have also attached a packet capture of traffic going to the WAN and the OpenVPN logs from that time.

    I appreciate your time in helping me out.

    ![unfiltered packet capture.png](/public/imported_attachments/1/unfiltered packet capture.png)
    ![unfiltered packet capture.png_thumb](/public/imported_attachments/1/unfiltered packet capture.png_thumb)
    ![OpenVPN log.png](/public/imported_attachments/1/OpenVPN log.png)
    ![OpenVPN log.png_thumb](/public/imported_attachments/1/OpenVPN log.png_thumb)

  • I nuked the install and started fresh.  It works just fine now.  Not sure what happened in the configuration that messed everything up, but it seem fine now.  I appreciate the help.

Log in to reply