OpenVPN over UDP on client behind pfSense

HolyK

Hi!

I have OpenVPN client on one of my workstations behind pfSense and i am not able to connect to VPN server over UDP. When i use TCP it works just fine. I've traced both UDP and TCP connections - see bellow.

Could someone please help me what i am missing here?

I've checked FW logs as well and there are no blocks but allowed outgoing connections:

TCP:
May 10 02:39:11 ► 1_WAN let out anything from firewall host itself (1000008011) xxxxxxxxx:yyyy zzzzzzzzz::443 TCP:S

UDP:
May 10 02:35:43 ► 1_WAN let out anything from firewall host itself (1000008011) xxxxxxxxx:yyyy zzzzzzzzz:1194 UDP

TCP - all OK

[2019-05-10 00:11:12.059][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447072,ADD_ROUTES,,,,,,
[2019-05-10 00:11:12.059][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447072,CONNECTED,SUCCESS,xxxxxx,xxxxxx,yyyyy,xxxxxx,yyyy
[2019-05-10 00:11:16.020][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3093,11826	
[2019-05-10 00:11:21.054][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3093,14698
[2019-05-10 00:11:26.069][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3151805,236816
[2019-05-10 00:11:31.000][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3297275,246054
[2019-05-10 00:11:37.123][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:4270518,311323
[2019-05-10 00:11:42.565][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:4270727,311453
[2019-05-10 00:11:47.155][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:4271393,312491

UDP - Fails

[2019-05-10 00:13:39.307][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447219,ADD_ROUTES,,,,,,
[2019-05-10 00:13:39.308][080c][openvpn.mgmt][connection.cpp:408][debug] >STATE:1557447219,CONNECTED,SUCCESS,xxxxxxxx,xxxxxxx,yyyy,,
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 Route addition via IPAPI succeeded [adaptive]
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 Initialization Sequence Completed
[2019-05-10 00:13:39.308][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:39 2019 us=307587 MANAGEMENT: >STATE:1557447219,CONNECTED,SUCCESS,xxxxxxxx,xxxxxxx,yyyy,,
[2019-05-10 00:13:41.288][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3065,9086
[2019-05-10 00:13:46.291][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3065,14506
[2019-05-10 00:13:49.028][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:49 2019 us=28073 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
[2019-05-10 00:13:49.309][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:49 2019 us=309675 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
[2019-05-10 00:13:51.845][080c][openvpn.mgmt][connection.cpp:408][debug] >BYTECOUNT:3103,15424
[2019-05-10 00:13:51.845][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:51 2019 us=845333 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy
[2019-05-10 00:13:51.870][080c][openvpn.stdout][connection.cpp:385][debug] Fri May 10 02:13:51 2019 us=870335 Recursive routing detected, drop tun packet to [AF_INET]xxxxxxxxxxx:yyyy

Rico

Show the Firewall Rules for the Interface this Client is connected to.

-Rico