Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with openvpn server

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KR
      last edited by

      I have OpenVPN client connecting to a VPN service which is my WAN.

      When I try creating an OpenVPN server in pfsense, the following auto-generated OpenVPN firewall rule breaks port forwarding I have set up with the vpn provider.

      States  Protocol  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description                 
      2 /916 B    IPv4 *  *          *  *                  *  *          none      OpenVPN  MYOpenVPN-Server wizard

      When I disable the above, port forwarding is reinstated.  Why?  Any help would be appreciated, thanks.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        More info needed.

        What port is forwarded to where?

        What interface is the firewall rule you quoted on?

        There seems to be a spate of people using the wrong wizard for the wrong purpose and getting correct results that are wrong for their purposes. The only wizard I see is one to create a remote access server. That has nothing to do with setting up a client to connect to an OpenVPN service provider.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • K
          KR
          last edited by

          Understood.

          This wizard was used so I can create a remote access server to connect to my LAN remotely over openvpn.

          The port forwarding is for accessing Plex over my VPN connection with the provider who port forwards.  This works fine until I run the above wizard.

          The interface above is labeled OpenVPN.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You want to look up assigned interfaces and assign them to both that openvpn client and the server. Then remove the rules from the openvpn tab and place the correct rules for your circumstance on the specific interface tabs instead.

            The OpenVPN client should be treated like a WAN, with just the rules for the incoming port forward.

            The OpenVPN server should pass whatever traffic you want to pass from the clients connecting to the server, which is quite possible any/any.

            There should probably be no rules on the OpenVPN tab in that case.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • K
              KR
              last edited by

              Okay, thanks.  I will give it a try.

              Why would the server automatically create a rule on an "OpenVPN" interface?  Is it because it doesn't know that one already exists?

              1 Reply Last reply Reply Quote 0
              • K
                KR
                last edited by

                Update - The VPN client has already been assigned to an interface and is working properly.

                How do I configure the interface for the Openvpn server?  Do I need to specify an IP? I would think the VPN server would take care of that given there is an option under VPN/OpenVPN/Servers/MyOpenVPNServer/Tunnel Settings.

                I tried starting the OpenVPN server but it fails.  I have logging set to recommended but don't see anything in the OpenVPN logs for some reason…

                1 Reply Last reply Reply Quote 0
                • K
                  KR
                  last edited by

                  Nevermind, I rebooted and I see the service started.

                  When I try to connect via my OpenVPN client on my phone, I see it trying to resolve my hostname in the logs but it's IPv6 which I disabled in the server, so I'm not sure why I see anything UDPv6 related in the client logs…

                  I should mention I have port forwarding on my VPNWAN interface to open the custom OpenVPN Server port I specified.

                  I am obviously missing something...

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    You rarely need a port forward to an OpenVPN server. You need a rule passing the traffic, but not a port forward.

                    The only exceptions to that that I can think are:

                    1. It is sometimes better to tell your OpenVPN server to listen on localhost and port forward there in an HA cluster environment.

                    2. If your OpenVPN server is inside another router, that outside router would probably have to port forward to it.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • K
                      KR
                      last edited by

                      Ok, in this case the outside router is my vpn provider and I have port forwarding set up there.

                      I'll poke around some more, thanks.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.