• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN is failing to create the auto rules

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 565 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DonMcCoy
    last edited by May 6, 2018, 4:39 PM

    Hi guys,

    I'm currently setting up OpenVPN all is working like charm I can connect and all, but at the last step in wizard (Firewall Rules auto creation), the wizard is failing to create the firewall rules, and i get the following error in my notification pane:

    
There were error(s) loading the rules: /tmp/rules.debug:223: unknown protocol udp4 - The line in question reads [223]: pass in quick on $WAN reply-to ( em0 91.121.85.254 ) inet proto udp4 from any to 94.23.166.100 tracker 1525560841 keep state label "USER_RULE: OpenVPN Telegram VPN wizard"
@ 2018-05-06 02:40:34

    It looks like OpenVPN is trying to create a rule with protocol udp4 which isn't existing in the firewall at the first place, and it should be udp only, right?

    in my OpenVPN wizard i choosed UDP only and just the default options mostly, weirdly enough I changed the OpenVPN Protocol to other than "UDP on IPv4 only", and the same error mentioned above got triggered.

    My OpenVPN Server:

    Manually creating the rules:

    By looking at the system logs -> Firewall, I have the following blocked connections:

    Note that: 10.0.0.0 is simply the VPN Virtual Address.

    So I tried to create any to any in OpenVPN firewall rules section like the following:

    But sadly that rule still couldn't catch the connections and the connections are still getting blocked.

    to note also, I assigned the ovpns1 to an interface called OPENVPN, i thought first that the firewall is not able to apply my rule because the blocking is coming on ovpns1, so created the interface to test, but all to no avail to be able to allow the connection manually.

    So questions here are:

    1. What is resulting the error above, is it bug or misconfiguration on my side?
    2. Why the firewall ignored my added rules?

    Used versions are:

    2.4.3-RELEASE (amd64)
    built on Mon Mar 26 18:02:04 CDT 2018
    FreeBSD 11.1-RELEASE-p7

    and all packages and repos are updated.

    pfSense runs in an VM inside proxmox, ISP is OVH (SoYouStart).

    Any help is greatly appreciated, and thanks for your time reading my issue :)

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by May 6, 2018, 9:06 PM

      Why don't you use the search function of this forum. There are already dozens of threads to that issue.

      Yes, it's a bug in the actual version. But the faultily rule is that one which is added to the WAN interface by the OpenVPN wizard.
      Edit the "OpenVPN Telegram VPN wizard" firewall rule on WAN and set the protocol to UDP and save it. It should work then.

      1 Reply Last reply Reply Quote 0
      • D
        DonMcCoy
        last edited by May 6, 2018, 10:48 PM

        Thanks for your reply and sorry for rushing on the issue before properly search.

        The rule was not added at all at the first place, however I was able to fix it by adding manually and and correct the udp4 to udp on /tmp/rules.debug file and then running  pfctl -f /tmp/rules.debug
        So the firewall won't report the same notice.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received