Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN over UDP on client behind pfSense

    Firewalling
    2
    2
    103
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HolyK last edited by

      Hi!

      I have OpenVPN client on one of my workstations behind pfSense and i am not able to connect to VPN server over UDP. When i use TCP it works just fine. I've traced both UDP and TCP connections - see bellow.

      Could someone please help me what i am missing here?

      I've checked FW logs as well and there are no blocks but allowed outgoing connections:

      TCP:
      May 10 02:39:11 ► 1_WAN let out anything from firewall host itself (1000008011) xxxxxxxxx:yyyy zzzzzzzzz::443 TCP:S

      UDP:
      May 10 02:35:43 ► 1_WAN let out anything from firewall host itself (1000008011) xxxxxxxxx:yyyy zzzzzzzzz:1194 UDP

      TCP - all OK

      [2019-05-10 00:11:12.059][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447072,ADD_ROUTES,,,,,,
[2019-05-10 00:11:12.059][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447072,CONNECTED,SUCCESS,xxxxxx,xxxxxx,yyyyy,xxxxxx,yyyy
[2019-05-10 00:11:16.020][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3093,11826	
[2019-05-10 00:11:21.054][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3093,14698
[2019-05-10 00:11:26.069][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3151805,236816
[2019-05-10 00:11:31.000][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3297275,246054
[2019-05-10 00:11:37.123][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:4270518,311323
[2019-05-10 00:11:42.565][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:4270727,311453
[2019-05-10 00:11:47.155][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:4271393,312491

      UDP - Fails

      [2019-05-10 00:13:39.307][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447219,ADD_ROUTES,,,,,,
[2019-05-10 00:13:39.308][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447219,CONNECTED,SUCCESS,xxxxxxxx,xxxxxxx,yyyy,,
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 Route addition via IPAPI succeeded [adaptive]
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 Initialization Sequence Completed
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 MANAGEMENT: >STATE:1557447219,CONNECTED,SUCCESS,xxxxxxxx,xxxxxxx,yyyy,,
[2019-05-10 00:13:41.288][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3065,9086
[2019-05-10 00:13:46.291][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3065,14506
[2019-05-10 00:13:49.028][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:49 2019 us=28073 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
[2019-05-10 00:13:49.309][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:49 2019 us=309675 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
[2019-05-10 00:13:51.845][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3103,15424
[2019-05-10 00:13:51.845][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:51 2019 us=845333 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
[2019-05-10 00:13:51.870][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:51 2019 us=870335 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
      1 Reply Last reply Reply Quote 0
      • Rico
        Rico LAYER 8 Rebel Alliance last edited by

        Show the Firewall Rules for the Interface this Client is connected to.

        -Rico

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy