OpenVPN Server setup issues



  • Hi everyone,

    Having some trouble with setting up an OpenVPN Server.

    My setup:
    One WAN interface (igb0 ipv4 DHCP from internet provider) and one LAN interface with pfSense DHCP Server handing out IPs (ipv4) to all connected clients, 192.168.0.0/24.

    I used the OpenVPN wizard to set everything up, following the info provided here:
    https://marvintan.me/blog/configure-pfsense-as-openvpn-remote-access-server

    Tunnel network used in the wizard was: 192.168.100.0/24

    At the end of the wizard, I ticked the boxes for "Firewall Rule" and "OpenVPN Rule" to be created by the wizard.

    This is a fresh install of pfSense so I don't have a bunch of other firewall rules, just the defaults.  The only exception to this are the rules created by the OpenVPN Server wizard for the WAN and OpenVPN interfaces.

    Issues:

    When I try to connect to the VPN from an external network (LTE data connection on my mobile phone, via OpenVPN Connect client for Android), the connection log for the OpenVPN Connect client shows that it keeps trying to connect but is never successful.

    My pfSense web interface shows the following alert/error that is likely related:

    There were error(s) loading the rules: /tmp/rules.debug:159: unknown protocol tcp4 - The line in question reads [159]: pass in quick on $WAN reply-to ( igb0 xxx.xxx.123.1 ) inet proto tcp4 from any to xxx.xxx.124.191 tracker 1522539021 keep state label "USER_RULE: OpenVPN openvpntcp443 wizard"
    @ 2018-04-01 08:22:51
    
    

    xxx.xxx.123.1 is the WAN gateway ip from my isp
    xxx.xxx.124.191 is my dhcp assigned wan ip

    Appreciate any ideas anyone has based on the info provided and the error shown above.

    Thanks.



  • Any ideas about where to start troubleshooting, based on the error identified above?

    Thanks.



  • The OpenVPN rule seems to be flawed. Delete that rule and set it again manually.


  • LAYER 8 Netgate

    https://redmine.pfsense.org/issues/8391

    Edit the created rule on WAN, change the protocol from any to TCP.



  • Thank you both so much for the clues!  I edited the existing rule created by the wizard on WAN, changing to protocol from "any" to "tcp" and that fixed it up.

    Really appreciate the help.


Log in to reply