Problem with openvpn server



  • I have OpenVPN client connecting to a VPN service which is my WAN.

    When I try creating an OpenVPN server in pfsense, the following auto-generated OpenVPN firewall rule breaks port forwarding I have set up with the vpn provider.

    States  Protocol  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description                 
    2 /916 B    IPv4 *  *          *  *                  *  *          none      OpenVPN  MYOpenVPN-Server wizard

    When I disable the above, port forwarding is reinstated.  Why?  Any help would be appreciated, thanks.


  • Netgate

    More info needed.

    What port is forwarded to where?

    What interface is the firewall rule you quoted on?

    There seems to be a spate of people using the wrong wizard for the wrong purpose and getting correct results that are wrong for their purposes. The only wizard I see is one to create a remote access server. That has nothing to do with setting up a client to connect to an OpenVPN service provider.



  • Understood.

    This wizard was used so I can create a remote access server to connect to my LAN remotely over openvpn.

    The port forwarding is for accessing Plex over my VPN connection with the provider who port forwards.  This works fine until I run the above wizard.

    The interface above is labeled OpenVPN.


  • Netgate

    You want to look up assigned interfaces and assign them to both that openvpn client and the server. Then remove the rules from the openvpn tab and place the correct rules for your circumstance on the specific interface tabs instead.

    The OpenVPN client should be treated like a WAN, with just the rules for the incoming port forward.

    The OpenVPN server should pass whatever traffic you want to pass from the clients connecting to the server, which is quite possible any/any.

    There should probably be no rules on the OpenVPN tab in that case.



  • Okay, thanks.  I will give it a try.

    Why would the server automatically create a rule on an "OpenVPN" interface?  Is it because it doesn't know that one already exists?



  • Update - The VPN client has already been assigned to an interface and is working properly.

    How do I configure the interface for the Openvpn server?  Do I need to specify an IP? I would think the VPN server would take care of that given there is an option under VPN/OpenVPN/Servers/MyOpenVPNServer/Tunnel Settings.

    I tried starting the OpenVPN server but it fails.  I have logging set to recommended but don't see anything in the OpenVPN logs for some reason…



  • Nevermind, I rebooted and I see the service started.

    When I try to connect via my OpenVPN client on my phone, I see it trying to resolve my hostname in the logs but it's IPv6 which I disabled in the server, so I'm not sure why I see anything UDPv6 related in the client logs…

    I should mention I have port forwarding on my VPNWAN interface to open the custom OpenVPN Server port I specified.

    I am obviously missing something...


  • Netgate

    You rarely need a port forward to an OpenVPN server. You need a rule passing the traffic, but not a port forward.

    The only exceptions to that that I can think are:

    1. It is sometimes better to tell your OpenVPN server to listen on localhost and port forward there in an HA cluster environment.

    2. If your OpenVPN server is inside another router, that outside router would probably have to port forward to it.



  • Ok, in this case the outside router is my vpn provider and I have port forwarding set up there.

    I'll poke around some more, thanks.