Can connect to VPN from LAN but not from WAN



  • Hi,

    So I've just setup my VPN tunnel on PFSense 2.4.4-RELEASE-p3 (amd64) following a tutorial online. My problem is that I can connect to the VPN with my phone and my laptop when I'm connected to my wifi on LAN but when I connect to my hotspot on my phone or with my phone with the app OpenVPN I can not connect to my VPN anymore?

    I tried to post info from my log files but the post was blocked as spam. I'll post this and see if I can post more later...

    Thanks for any help!



  • @sonnyboy said in Can connect to VPN from LAN but not from WAN:

    Hi,

    So I've just setup my VPN tunnel on PFSense 2.4.4-RELEASE-p3 (amd64) following a tutorial online. My problem is that I can connect to the VPN with my phone and my laptop when I'm connected to my wifi on LAN but when I connect to my hotspot on my phone or with my phone with the app OpenVPN I can not connect to my VPN anymore?

    I tried to post info from my log files but the post was blocked as spam. I'll post this and see if I can post more later...

    Thanks for any help!

    From /var/log/openvpn.log on PFSense server when I successfully connect from within the LAN with IP 192.168.1.50. I would get the same result if I connected from my phone:

    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_VER=2.4.7
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_PLAT=linux
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_PROTO=2
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_NCP=2
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_LZ4=1
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_LZ4v2=1
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_LZO=1
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_COMP_STUB=1
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_COMP_STUBv2=1
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 peer info: IV_TCPNL=1
    Oct 19 09:58:15 pitbull openvpn[487]: 192.168.1.50:39175 [pitbullvpn] Peer Connection Initiated with [AF_INET]192.168.1.50:39175
    Oct 19 09:58:15 pitbull openvpn: user 'pitbullvpn' authenticated
    Oct 19 09:58:16 pitbull openvpn[487]: MULTI_sva: pool returned IPv4=10.101.1.2, IPv6=(Not enabled)



  • @sonnyboy said in Can connect to VPN from LAN but not from WAN:

    Hi,

    So I've just setup my VPN tunnel on PFSense 2.4.4-RELEASE-p3 (amd64) following a tutorial online. My problem is that I can connect to the VPN with my phone and my laptop when I'm connected to my wifi on LAN but when I connect to my hotspot on my phone or with my phone with the app OpenVPN I can not connect to my VPN anymore?

    I tried to post info from my log files but the post was blocked as spam. I'll post this and see if I can post more later...

    Thanks for any help!

    From /var/log/openvpn.log on PFSense server when I unsuccessfully connect from iPhone from WAN side. I would get the same result if I connected from my laptop connected to the phones hotspot:

    Oct 19 10:05:26 pitbull openvpn[55881]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Oct 19 10:05:26 pitbull openvpn[55881]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 19 10:05:26 pitbull openvpn[55881]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1194
    Oct 19 10:05:26 pitbull openvpn[55881]: UDPv4 link local (bound): [AF_INET]xx.xxx.xxx.xxx:0
    Oct 19 10:05:26 pitbull openvpn[55881]: UDPv4 link remote: [AF_INET]xx.xxx.xxx.xxx:1194
    Oct 19 10:05:26 pitbull openvpn[487]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Oct 19 10:05:26 pitbull openvpn[487]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xxx.xxx.xxx:37900
    Oct 19 10:05:28 pitbull openvpn[487]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Oct 19 10:05:28 pitbull openvpn[487]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xxx.xxx.xxx:37900
    Oct 19 10:05:33 pitbull openvpn[487]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Oct 19 10:05:33 pitbull openvpn[487]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xxx.xxx.xxx:37900
    Oct 19 10:05:41 pitbull openvpn[487]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Oct 19 10:05:41 pitbull openvpn[487]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xxx.xxx.xxx:37900
    Oct 19 10:05:57 pitbull openvpn[487]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Oct 19 10:05:57 pitbull openvpn[487]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xxx.xxx.xxx:37900
    Oct 19 10:06:26 pitbull openvpn[55881]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    Oct 19 10:06:26 pitbull openvpn[55881]: SIGUSR1[soft,ping-restart] received, process restarting



  • @sonnyboy said in Can connect to VPN from LAN but not from WAN:

    Hi,

    So I've just setup my VPN tunnel on PFSense 2.4.4-RELEASE-p3 (amd64) following a tutorial online. My problem is that I can connect to the VPN with my phone and my laptop when I'm connected to my wifi on LAN but when I connect to my hotspot on my phone or with my phone with the app OpenVPN I can not connect to my VPN anymore?

    I tried to post info from my log files but the post was blocked as spam. I'll post this and see if I can post more later...

    Thanks for any help!

    Screenshot_20191019_130703.png



  • Post your server1.conf (/var/etc/openvpn)



  • Certainly!
    Screenshot_20191020_115911.png



  • @sonnyboy , is your issue is resolved, i am asking because, facing the same issue



  • @neyamt , unfortunately the issue is not yet solved. I'm away from the server for another 2 weeks and I can not look into the problem right now. If you find a solution please post it here. I'm starting to suspect there i something wrong with the firewall rules?



  • @sonnyboy said in Can connect to VPN from LAN but not from WAN:

    rules

    yes, i think its firewall rule issue only with wan interface in new 3p update of pfsense, there was no issue in previews update, i have practiced and implemented more than 10 time before this update, but now i am not able to get successed with same steps and documents which i was following before, i tried more than 10 time with 3p patched update of pfsense but no luck!, again i am searching and practicing to find the issue.


Log in to reply