Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't connect to OpenVPN on Pfsense box over WAN but can on LAN

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bitttybit
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        So you've also a dynamic WAN address?
        What have you selected in the client export utility at "Host name resolution"?

        1 Reply Last reply Reply Quote 0
        • B
          bitttybit
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            In the client export utility, as mentioned. VPN > OpenVPN > client export.
            When exporting the config you can set the remote name here for the client config file (.ovpn).

            You may also look in you client config file what host name you find in the "remote" line.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              In the VPN settings did you select WAN or LAN as the interface?

              Is there a firewall rule on WAN passing the necessary traffic? (default: UDP/1194 source any dest WAN address)

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • B
                bitttybit
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • B
                  bitttybit
                  last edited by

                  @Derelict:

                  In the VPN settings did you select WAN or LAN as the interface?

                  It is a WAN interface

                  Is there a firewall rule on WAN passing the necessary traffic? (default: UDP/1194 source any dest WAN address)

                  The SG-3100 firewalls have not been touched. They are set to their default factory settings.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    How can they be default if there is an OpenVPN server or client configured?

                    Is there a firewall rule passing the OpenVPN traffic into WAN? It's not going to work from the outside if not.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • B
                      bitttybit
                      last edited by

                      @Derelict:

                      How can they be default if there is an OpenVPN server or client configured?

                      Is there a firewall rule passing the OpenVPN traffic into WAN? It's not going to work from the outside if not.

                      Forgive me, for I'm a newb to all of this. I followed the instructions posted on youtube tutorial ( how to setup OpenVPN on Pfsense ). That tutorial is linked in my first post. In that tutorial they never tweaked the firewall. That's what I mean when saying the firewall is set to "factory defaults". At this point, what exactly needs to be done to setup the firewall to connect from outside the LAN?  A step-by-step explaination of how to do this would be much appreciated. Thanks so much to this point.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Yeah no time to watch some (probably incorrect) tutorial on YouTube. Sorry.

                        Like this?

                        https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • B
                          bitttybit
                          last edited by

                          @Derelict:

                          Yeah no time to watch some (probably incorrect) tutorial on YouTube. Sorry.

                          Like this?

                          https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

                          Yes the instructions I followed were very similar.

                          Also, the instructions you listed said to check the firewall settings. Those pics are attached. They look right.

                          Any other settings to check in pfsense?

                          ovpn.png
                          ovpn.png_thumb
                          wan.png
                          wan.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            Edit that OpenVPN rule on WAN, set the protocol to UDP, and save it again.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • B
                              bitttybit
                              last edited by

                              This post is deleted!
                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.