WAN Interface OpenVPN Bug question..



  • WAN Interface OpenVPN Bug question..
    i not sure if this is a bug and if i in the right form to ask the pfsense programmers

    i using NordVPN OpenVPN for my secure VPN service.. and i use the OpenVPN for my remote access..

    in WAN Interface if i set to DCHP NordVPN protects my IP but OpenVpn REmote Access to the network does not work..

    if i set WAN interface to PPPOE then NordVPN still logs in but its disabled it no longer protects my IP my real ip shows.. but OpenVPN Remote Acccess to the network works fine... a Reboot does not help.. doesnt solve it..

    so is this a NordVPN issue or is this a bug in Pfsense? or is there something needs to be checked off to make it work

    been struggling days on and off trying to get it to work.... and when i set to DCHP WAN interface i turn off my modems Firewall

    so im frustrated as hell... i also using Bell Canada as my ISP



  • from what NordVPN says there VPN service cant use WAN Interface on a PPPOE connection...
    has to be DHCP
    so that means i cant use remote Access Open VPN

    is there another VPN service i can use that allowes PPPOE on the WAN Interface... or is there a way to get OpenVPN Remote Access to work on a WAN DHCP mode



  • maybe its mtu related ?



  • i not sure what mtu is

    i just learning pfsense i dont know it enough so i learn as go..

    all i know is DHCP works for WAN for NordVPN Service but not PPPOE
    but PPPOE works for Remote Access
    i did a video
    https://youtu.be/x1sbKyaLPWw

    i just didnt show me connecting to the Remote Access



  • and its probably something all vpn services run into or openvpn client i just not good enough yet to understand it all i just try to google information and ask in here. i



  • WAN_PPPOE gateway seems odd to me ... ? its in rfc1918 address space
    also:

    • please post your fw rules
    • post the routing table on dhcp, dhcp_withvpn_enabled, pppoe, pppoe_withvpn_enabled


  • what you mean gateway seems odd to you for PPPOE? whats a rfc1918 address.. you need to explain.. still new to pfsesnse and i dont know what most of it it does etc
    and how you get this routing table i only have 2 routing spots
    3_1532784274286_firewall4.JPG 2_1532784274286_firewall3.JPG 1_1532784274286_firewall2.JPG 0_1532784274286_firewall1.JPG



  • 0_1532784670801_firewall5.JPG



  • from what i was told by NordVPN its a pfsense bug problem its not there sides fault
    that VPN can not get the right ip address from PFsense in PPPOE mode
    ugh one headache after another



  • how do i fix that..
    this is what they wrote me "it seems that once you are connected with the PPPoE, the VPN cannot get the correct gateway to access the Internet and therefore fails. The only proper way to resolve this issue is to use the DHCP on the WAN interface."

    since DHCP mode works for VPN Nord Service.. but i loose Remote Access to the network so cant access my local network.. i seem to only be able to access it via PPPOE but if there is a way to get Remote Access to the network to work on a Local network be great.. as it hangs on me and then gives me TLS error

    Sat Jul 28 12:24:42 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
    Sat Jul 28 12:24:42 2018 Windows version 6.2 (Windows 8 or greater) 64bit
    Sat Jul 28 12:24:42 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
    Sat Jul 28 12:24:46 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]174.94.28.150:1196
    Sat Jul 28 12:24:46 2018 UDP link local (bound): [AF_INET][undef]:1194
    Sat Jul 28 12:24:46 2018 UDP link remote: [AF_INET]x.x.x.x:1196

    and thats all i get but if i set the PPPOE on Wan interface she will connect right in..
    its a frustrating as hell and i try googling but i really dont know what i trying to google as people word things different


  • Netgate

    @comet424 said in WAN Interface OpenVPN Bug question..:

    Sat Jul 28 12:24:46 2018 UDP link local (bound): [AF_INET][undef]:1194
    Sat Jul 28 12:24:46 2018 UDP link remote: [AF_INET]x.x.x.x:1196

    Again, it looks like you bound your local port to 1194. Why?

    0_1532806165415_Screen Shot 2018-07-28 at 12.27.53 PM.png



  • as you can see i didnt set it to 11940_1532806590508_firewall6.JPG



  • i have no idea why 1194 shows up is there another spot for it


  • Netgate

    That is a server, not a client.

    Why are you posting Windows client logs when we're talking about connecting pfSense to a VPN service? Where does windows fit in?



  • what.

    what i wrote at the top is what i said
    2 Issues
    2 problems that need fixing

    1 NordVPN

    1. OpenVPN Remote Access

    both Work in opposite scenarios
    of the WAN Interface

    and like i said.. is this a PFSENSE Bug problem
    that neither NordVPN and OpenVpn Remote Access
    can work together at the same time...

    like i posted in the other form asking similar question

    WAN Interface (DHCP) ------>>> NORDVPN (works) ------>>> OpenVPN Remote Access (Doesnt)

    WAN Interface (PPPOE) ----->>> NORDVPN(doesn work) ----->>> OpenVPN Remote Access (Works)

    thats why i mentioned NordVPN says its a Pfsense problem why NordVPN doesnt work right
    as i want both working in either DHCP or PPPOE



  • thats why the 3rd line of my first post states i dealing 2 issues on Pfsense that seem to be a Bug Problem with Pfsense.. since i asked also if its a Check mark that i have to check off on an option etc..


  • Netgate

    If you are screwing around with static source ports you might very well be creating a conflict there.

    There is no set limitation to running simultaneous clients and servers. Look at your client configurations. You should NOT be setting local ports there.

    You should probably check "Use random local port" when you export the remote access client configurations.

    You are going to have to post complete OpenVPN configurations for the server and all of your clients - or at least the ones you are trying to run.


  • Netgate

    @comet424 said in WAN Interface OpenVPN Bug question..:

    WAN Interface (DHCP) ------>>> NORDVPN (works) ------>>> OpenVPN Remote Access (Doesnt)
    WAN Interface (PPPOE) ----->>> NORDVPN(doesn work) ----->>> OpenVPN Remote Access (Works)

    I have never seen a wan that you can just switch from PPPoE to DHCP. They are provisioned either one way or the other. So I don't know what you're talking about here either.



  • it says it right there click it DHCP or PPPOE on the WAN InterFace0_1532811387562_firewall7.jpg

    like i stated
    Set WAN Interface to DHCP 1 works other doesnt
    Set WAN Interface to PPPOE vice versa



  • thats why i asked is this a Bug issue or is a check off a checkbox issue..
    since NordVPN said its a pfsense problem its not there side problem that Nord VPN cant get the ip address

    also if made sense if you watched my youtube video is shows you exactly the problem you click WAN and choose it.. it was all in that video i posted scroll up
    and like i said it doesnt show the OpenVPN Remote Access for the network just the NordVPN

    4th Message from the Top of the article showed you exactly my issues shows you the video i posted


  • Netgate

    No I get that. But the ISP connection is generally provisioned one way or the other. Your setting has to match the provisioning.


  • Netgate

    Yeah. Not going to be watching any videos. Sorry.



  • not sure what you mean match the provisioning.. but thanks anyways

    so guess back to being i guess a pfsense bug in the software
    here i was hoping it be a Check this box off if you use PPPOE for VPN Services or uncheck this box if you using DCHP

    hopefully someone else might have an answer for this frustrating issue


  • Netgate

    @comet424 said in WAN Interface OpenVPN Bug question..:

    Bell Canada

    Don't forget that you probably have another device in front of the router that might be causing your problems. Some "Home Hub" or something.

    Countless people using OpenVPN clients and PPPoE. Not sure what Nord's problem is. They have to blame something I guess.



  • before the pfsense router is just the ADSL modem.. and i also disabled the firewall on the modem
    and all NordVPN says is "it seems that once you are connected with the PPPoE, the VPN cannot get the correct gateway to access the Internet and therefore fails. The only proper way to resolve this issue is to use the DHCP on the WAN interface."
    after they tried trouble shooting this issue over a week trying this trying that etc



  • i figured it was a firewall issue but OpenVPN Remote access to my network only works when i use PPPOE on pfsense which is directly to the modem.. but then nord doesn/// i disabled what i could in the 2wire Adsl Modem from Bell.. but it didnt help as that be for the DHCP side
    so im baffled.. i googled report a bug and it sent me to Redmine site but nothing to post and the Development page on netgate forum.. so i repost this topic there is hopes one of the development team knows how to fix it..
    its probably some port you gotta play with or such
    as i also want to use my Unraid box for VM to host websites so my dynamic DNS name needs to work too to point to my pfsense and redirect to the Web server.. but thats another subject for a later date lol



  • im just frustrated spent over a week different configurations they having me downgrade pfsense to try older version check this off turn that on NAT this Rule that etc.. and i no better off
    just frustrating


  • Netgate

    They are blaming pfSense when it is probably not pfSense.



  • ya i dunno
    no one trully has an answer for me
    and then i dont know why Pfsense OpenVPN Remote Access only works in PPPOE on the Wan interface and not DHCP mode.. cuz then both would work..
    but no one has an answer for that either... i figured its a check box... or its a Bell restrict ports but when PPPOE its open i guess..
    so no one can answer that either... you just wanna bang your head off the wall

    ill probably re ask question in OpenVPN how do you get OpenVPN Remote Access to your network work on a DHCP Wan interface.. god knows i asked everything else lol



  • @comet424 said in WAN Interface OpenVPN Bug question..:

    before the pfsense router is just the ADSL modem.. and i also disabled the firewall on the modem

    Is your ADSL modem in router or in modem mode?



  • its a combo
    its a wireless wired Modem router...
    Manufacturer: 2Wire, Inc.
    Model: 2701HG-G Gateway
    and i set the firewall settiing to dmz 0_1532819206609_modem1.JPG

    if it ever works its the time ill have a stiff drink lol



  • @comet424 So you have a shitty ISP router in front of your pfSense and it even says "host must be set to DHCP mode to receive the new IP address..."
    Why would you even try setting pfSense's WAN to PPPoE?

    Did you set any additional "Allow individual applications" in that 2wire thingy?



  • this is Bells best modem they offer for ADSL they replace them all with these

    ugh like i said
    when you set WAN to PPPOE thats the only way OpenVPN-Remote Access to the network when you Setup OpenVPN server so you can access your local network from off site.... like i said it only works in PPPOE mode and then NordVPN doesnt work.

    and when i set Pfsense Wan Interface to DHCP.. i get my 192.168.2.10 ip address.
    then NordVPN on the Pfsense works and gets a new VPN location IP Address.. but then the Pfsense OpenVPN Server to access the local network is now not accessable. its hangs for TLS negociating.
    and i use a dynmaic DNS so i get my phyiscal ISP ip but it still gets stuck

    as for allow individual. i not at home right now to test it now
    but i going to do it allows port range so i going to try TCP range 1-65550 and UDP 1-65550 and see if that fixs it after that i out of ideas to try



  • forgot to post it earlier here is the firewall status.. it should be all ports open
    0_1532821432587_firewall8.JPG



  • guess ill see if one of my friends who is on Bell has one of the older modems that has no router built in if that fix's both issues

    but ya i stumped why 1 works 1 way and not the other. that they should both work both ways..
    i appreciate the input least i getting some input



  • It doesn't make sense to set pfSense to PPPoE, just forget about that. It gets an IP via DHCP.
    Firewall status in the 2wire is "active". Didn't you say you switched it off?

    If you want to fly an airplane first get to know how to take-off, maybe?
    Or just get yourself a stiff drink and forget about flying...



  • yes i did say its switched off you seen it says pfsense Allow all ports
    you seen i set it to DMZ as well
    you cant physically shut off the firewall there is no disable it

    i use PPPOE in pfsense because its the ONLY way to use Open VPN Remote Access

    and if i dont use PPPOE in Pfsense then Openvpn Remote access is unaccessable

    like i said i going to try to find a friend who might have a different Bell Canada Router/modem..
    maybe that will fix it..



  • ive also tried Static IP in the WAN and that didnt help either



  • thanks for the input
    i appreciate it.. i quitting for the night on this..

    have a great weekend



  • @comet424 said in WAN Interface OpenVPN Bug question..:

    i use PPPOE in pfsense because its the ONLY way to use Open VPN Remote Access
    and if i dont use PPPOE in Pfsense then Openvpn Remote access is unaccessable

    Forget about PPPoE with pfSense as long as your modem is in router mode. And don't even start thinking about a VPN of whatever flavour until your system is working correctly as router/firewall in the first place.

    Got that?
    Otherwise you're shooting yourself in the foot all the time and we won't see any progress.

    It's probably best to start from scratch and reset pfSense to factory defaults. Configure it (with WAN on DHCP!) to your LAN host's needs so they can use the router for surfing and what have you.
    If that's positive, and only then, start with a simple port forward to some local web server (use a RasPi or such just for testing).
    Post success here.
    Now we can try to setup your VPN client.