OpenVPN is failing to create the auto rules



  • Hi guys,

    I'm currently setting up OpenVPN all is working like charm I can connect and all, but at the last step in wizard (Firewall Rules auto creation), the wizard is failing to create the firewall rules, and i get the following error in my notification pane:

    
    There were error(s) loading the rules: /tmp/rules.debug:223: unknown protocol udp4 - The line in question reads [223]: pass in quick on $WAN reply-to ( em0 91.121.85.254 ) inet proto udp4 from any to 94.23.166.100 tracker 1525560841 keep state label "USER_RULE: OpenVPN Telegram VPN wizard"
    @ 2018-05-06 02:40:34
    
    

    It looks like OpenVPN is trying to create a rule with protocol udp4 which isn't existing in the firewall at the first place, and it should be udp only, right?

    in my OpenVPN wizard i choosed UDP only and just the default options mostly, weirdly enough I changed the OpenVPN Protocol to other than "UDP on IPv4 only", and the same error mentioned above got triggered.

    My OpenVPN Server:

    Manually creating the rules:

    By looking at the system logs -> Firewall, I have the following blocked connections:

    Note that: 10.0.0.0 is simply the VPN Virtual Address.

    So I tried to create any to any in OpenVPN firewall rules section like the following:

    But sadly that rule still couldn't catch the connections and the connections are still getting blocked.

    to note also, I assigned the ovpns1 to an interface called OPENVPN, i thought first that the firewall is not able to apply my rule because the blocking is coming on ovpns1, so created the interface to test, but all to no avail to be able to allow the connection manually.

    So questions here are:

    1. What is resulting the error above, is it bug or misconfiguration on my side?
    2. Why the firewall ignored my added rules?

    Used versions are:

    2.4.3-RELEASE (amd64)
    built on Mon Mar 26 18:02:04 CDT 2018
    FreeBSD 11.1-RELEASE-p7

    and all packages and repos are updated.

    pfSense runs in an VM inside proxmox, ISP is OVH (SoYouStart).

    Any help is greatly appreciated, and thanks for your time reading my issue :)



  • Why don't you use the search function of this forum. There are already dozens of threads to that issue.

    Yes, it's a bug in the actual version. But the faultily rule is that one which is added to the WAN interface by the OpenVPN wizard.
    Edit the "OpenVPN Telegram VPN wizard" firewall rule on WAN and set the protocol to UDP and save it. It should work then.



  • Thanks for your reply and sorry for rushing on the issue before properly search.

    The rule was not added at all at the first place, however I was able to fix it by adding manually and and correct the udp4 to udp on /tmp/rules.debug file and then running  pfctl -f /tmp/rules.debug
    So the firewall won't report the same notice.