Capturing packets but not making connection
-
Yea sorry about that. I tried to post it directly here but it said it was too big.
For some reason when I check "Redirect IPv4 Gateway" under Tunnel Settings, the "IPv4 local network(s)" field goes away. I unchecked that and set the local network to be my lan and still nothing
-
OK thanks, I had no idea that the local network setting disappears when you force all through the gateway. I would try following the wizard exactly and then changing settings only after you know it's working.
Have you verified that WAN has an allow rule for udp/1194, and that the OpenVPN interface has an allow all rule? Your tunnel network of 192.168.70.0/24 definitely does not overlap with LAN? What about the NCP settings I mentioned? And how are you testing this exactly? Via your phone with an OpenVPN client?
-
Wan and the OpenVPN interface both have the rules described. The tunnel network doesn't overlap with any of my other interfaces. I added all of the NCP Algorithm options. And yes testing via my phone.
-
Anything in the OpenVPN or System log? You may have to increase the verbosity level of the OpenVPN Server log.
Just to confirm, you're saying that you have two routers: your main router is pfSense, and you have some other router behind it. pfSense is your WAN connection, correct?
https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html
-
Nothing in there. Increased the verbosity level. Will try to grab some logs.
Yep the wan goes into pfsense and the other routers wan is pfsense.
No luck with all of the stuff in the troubleshooting guide.
-
Any possibility it's an issue with the client? I've done this many times and it usually just works.
-
I doubt it. I am using the client export tool and moving it straight to my phone and into openvpn connect.
That's what so frustrating about this, I have this super odd scenario that no one has ever been in because it always seems to just work for them so there is like no one who understands whats going on.
-
But it's not that odd. Forget the other router since it's not involved here. Is thee literally anything in the log that even shows the connection attempt? If not, try doing a packet capture on WAN for that traffic and see if your client even hits it.
-
Not seeing anything in the log. Did a packet capture and I am seeing my phones wan ip on port 1194
-
Hmm. All I can think of at this point is to try it with a different client just to rule that out.