Connects on TCP 443 But No Ping or Access [SOLVED]
I am using a Windows 10 client to remotely connect to the OpenVPN on TCP 443 on my pfSense box.
I connect successfully, but is unable to ping or access anything through the VPN. I used the Wizard to create the OpenVPN server for both UDP 1194 and TCP 443.
Connecting via UDP works fine, but I just can't seem to get TCP 443 working. The Wizard did create a separate rule on the WAN interface for the TCP 443 VPN. I also moved the WebGUI for pfsense to port 444 prior to creating the OpenVPN for TCP 443. All settings between UDP 1194 and TCP 443 are the same except for the protocol and port.
Did I miss any other steps to get OpenVPN on TCP 443 working?
![WAN Rules.jpg](/public/imported_attachments/1/WAN Rules.jpg)
![WAN Rules.jpg_thumb](/public/imported_attachments/1/WAN Rules.jpg_thumb)
![OpenVPN Rules.jpg](/public/imported_attachments/1/OpenVPN Rules.jpg)
![OpenVPN Rules.jpg_thumb](/public/imported_attachments/1/OpenVPN Rules.jpg_thumb)
I stopped and restarted the OpenVPN TCP 443 service and these are the log entries:
May 18 19:04:33 openvpn 23139 Initialization Sequence Completed May 18 19:04:33 openvpn 23139 TCPv4_SERVER link remote: [undef] May 18 19:04:33 openvpn 23139 TCPv4_SERVER link local (bound): [AF_INET]126.96.36.199:443 May 18 19:04:33 openvpn 23139 Listening for incoming TCP connection on [AF_INET]188.8.131.52:443 May 18 19:04:33 openvpn 23139 /usr/local/sbin/ovpn-linkup ovpns2 1500 1560 10.16.10.1 255.255.255.0 init May 18 19:04:33 openvpn 23139 ERROR: FreeBSD route add command failed: external program exited with error status: 1 May 18 19:04:33 openvpn 23139 /sbin/ifconfig ovpns2 10.16.10.1 10.16.10.2 mtu 1500 netmask 255.255.255.0 up May 18 19:04:33 openvpn 23139 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 May 18 19:04:33 openvpn 23139 TUN/TAP device /dev/tun2 opened May 18 19:04:33 openvpn 23139 TUN/TAP device ovpns2 exists previously, keep at program end May 18 19:04:33 openvpn 23139 Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file May 18 19:04:33 openvpn 23139 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 18 19:04:33 openvpn 22804 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10 May 18 19:04:33 openvpn 22804 OpenVPN 2.3.14 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Feb 15 2017
Could the ERROR about route add command line be the problem?
I modified the IPV4 Tunnel Network to be different from the OpenVPN UDP 1194 service and that got rid of the route add command error. I was using the same for both the UPD and TCP OpenVPN servers.
Looks like my mistake was to assign both the UDP and TCP OpenVPN servers the same IPV4 Tunnel Network. By assigning each OpenVPN servers a different network, I can now connect and ping by IP address.
However hostnames are not being resolved. I am unable to ping by hostnames (works fine for the UDP instance). When I perform an nslookup, it looks like the correct DNS server is used, but I get a Query refused error.
Solved my DNS query refused by adding the correct ACL to the DNS Resolver for OpenVPN. Funny how the UDP VPN connection worked without any ACL.