PfSense 2.4.3, OpenVPN not connecting to client



  • I finally upgraded to 2.4, and everything works correctly except OpenVPN. I can connect to the router (the icon at the lower left turns green).

    However, when I try to connect to a client (one of the servers on the LAN), Remote Desktop sits there with "Initiating Remote Connection" until it times out.

    So I can access the router, just no clients behind it. What am I doing wrong? Or is there something I need to update? The only thing I can see that's different, the setting under VPN > OpenVPN > OpenVPN Servers in the Client Settings called "Address Pool - Provide a virtual adapter IP address to Clients (see Tunnel Network)" was checked in 2.3, but doesn't exist in 2.4, at least not in the server settings page.

    I feel like it's something simple here, but I'm not seeing it…



  • To add a some more details, here's a layout of our network.

    WAN XXX.XXX.XXX.250 –>  172.16.1.X (LAN)

    WAN XXX.XXX.XXX.251 -->  172.16.2.X (CCTV)

    The WAN .251 for the CCTV is a Virtual IP, both WANs share the same NIC. What I'm trying to do is remotely access the equipment on the LAN network using OpenVPN.

    What makes it difficult for me to troubleshoot is that we:
    1. Added a 2nd virtual WAN for the new CCTV system and
    2. Upgraded pfsense from 2.3.5 to 2.4.3 at the same time

    So I'm not sure if it's an issue with multi-WAN, or if the OpenVPN settings / client settings changed when upgrading to pfsense 2.4.3

    At first, I exported the certificates from 2.3.5 & reimported them into the new pfsense running 2.4.3, however I deleted all of that & set up a new OpenVPN server using the wizard but it still doesn't connect unless I'm on the LAN, which is pointless for remote access.

    So I think with the clean OpenVPN install I've narrowed it down to a multi-WAN issue... hopefully someone can help me here.



  • Hi @lburr , i have the same issue, have you suceed in finding a way to have OpenVPN in pfsense 2.4 functionnal ?



  • What about this (part of a) solution :
    First, use the same pfSense version as we all do - this rules out about forgotten issues that most, if not all, already forgotten about.

    Then : detail all your OpenVPN settings. Show server logs (client logs ! don't say : the icon becomes green - show the logs).
    Detail your local networks.
    Firewall rules on any interface.

    Your'e right about the fact that adding a second WAN will complicate things.
    So what about using having just one WAN, and make it work. Shift to double WAN afterwards.

    This way, we use the same code base, and only your settings will differ. Our settings are ok of course ^^, "because it works".

    Btw : that what I do : I VPN-into my pfSEnse as a road warrior, and then I launch mstsc to connect to a LAN based Windows server.



  • @AlexVP I ended up using only one WAN.

    As soon as I got rid of the second WAN, OpenVPN started working correctly. Under Firewall > Rules, I added rules to both LAN interfaces so they can't access each other. For the WAN interface, I added rules & under NAT > Port Forward I mapped the WAN ports to the CCTV LAN so it works how we need it to.

    I know our network is fairly simple, but if you can make it work with one WAN it'll be a lot easier to manage. If I do set up a second WAN, I'll let you know what I did to make it work.

    Thanks for the tips @Gertjan. If I had added logs it would've made it a lot easier to figure out what I did wrong. I made it work with one WAN, and I'm leaving it that way unless I need to change it.