Can't connect to OpenVPN on Pfsense box over WAN but can on LAN



  • I've installed OpenVPN on an SG-3100 box by following the instructions on this youtube video https://www.youtube.com/watch?v=xiy52Hn5bTc. I can connect from my laptop to the OpenVPN server as long as I'm on the LAN. However, if I try to connect from outside the LAN, it fails to connect. The connection has a timeout failure. I do have Dyndns set up correctly and working.

    I'm a newbie to configuring Pfsense firewalls, what setting needs to change to make outside LAN connections work?



  • So you've also a dynamic WAN address?
    What have you selected in the client export utility at "Host name resolution"?



  • Thank you.

    Can you point me in the right direction to find out where this setting is? I've looked in "VPN" > "OpenVPN" > "Servers" > Edit my VPN. Under here I can't find any such settings.



  • In the client export utility, as mentioned. VPN > OpenVPN > client export.
    When exporting the config you can set the remote name here for the client config file (.ovpn).

    You may also look in you client config file what host name you find in the "remote" line.


  • Netgate

    In the VPN settings did you select WAN or LAN as the interface?

    Is there a firewall rule on WAN passing the necessary traffic? (default: UDP/1194 source any dest WAN address)



  • @viragomann

    The host name resolution under "Client Export" is correct. It's my .com that I'm using with dyndns



  • @Derelict:

    In the VPN settings did you select WAN or LAN as the interface?

    It is a WAN interface

    Is there a firewall rule on WAN passing the necessary traffic? (default: UDP/1194 source any dest WAN address)

    The SG-3100 firewalls have not been touched. They are set to their default factory settings.


  • Netgate

    How can they be default if there is an OpenVPN server or client configured?

    Is there a firewall rule passing the OpenVPN traffic into WAN? It's not going to work from the outside if not.



  • @Derelict:

    How can they be default if there is an OpenVPN server or client configured?

    Is there a firewall rule passing the OpenVPN traffic into WAN? It's not going to work from the outside if not.

    Forgive me, for I'm a newb to all of this. I followed the instructions posted on youtube tutorial ( how to setup OpenVPN on Pfsense ). That tutorial is linked in my first post. In that tutorial they never tweaked the firewall. That's what I mean when saying the firewall is set to "factory defaults". At this point, what exactly needs to be done to setup the firewall to connect from outside the LAN?  A step-by-step explaination of how to do this would be much appreciated. Thanks so much to this point.


  • Netgate

    Yeah no time to watch some (probably incorrect) tutorial on YouTube. Sorry.

    Like this?

    https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server



  • @Derelict:

    Yeah no time to watch some (probably incorrect) tutorial on YouTube. Sorry.

    Like this?

    https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

    Yes the instructions I followed were very similar.

    Also, the instructions you listed said to check the firewall settings. Those pics are attached. They look right.

    Any other settings to check in pfsense?





  • Netgate

    Edit that OpenVPN rule on WAN, set the protocol to UDP, and save it again.



  • That DID it! You are a lifesaver. Thank you so much!