1. Home
  2. pfSense® Software
  3. OpenVPN
  4. OpenVPN Server Behind 1:1 NAT

OpenVPN Server Behind 1:1 NAT

  • R

    I've set up several OpenVPN connections between Viscosity and pfSense without much trouble but I find myself in a new situation and have not been able to establish a tunnel. The difference with this connection is that although the ISP has provided a static public IP address for their customer the ISP is doing 1:1 NAT to a private IP address. Therefore the pfSense box WAN interface has a private address.

    I went through the OpenVPN configuration as normal using the Wizard and then exported the inline configuration using the package openvpn-client-export as I always do. After importing the configuration into Viscosity I edited the connection to change from the private IP address to the public IP. However, when trying to connect I see TLS errors in the Viscosity log file.

    I tried an alternate method when exporting the client configuration with pfSense. Under Client Connection Behavior I usually select Interface IP Address but in this case I changed it to Other and entered the public IP address into the Host Name box. With this method I didn't have to change the IP in Viscosity but it still failed with TLS errors.

    So is there a flaw in my logic that I should be able to set things up just as I have done when 1:1 NAT is not used, and then change the IP address in Viscosity?

    Thanks,

    Rob

    0 N 1 Reply
  • N

    @robpur 1:1 nat is not a problem for openvpn.
    tls errors manifest a connectivity problem.
    Check your firewall rules on wan.
    Also verfy if there is another firewall upstream.

    nmap -sU -p 1194 should tell you
    expect to see
    PORT STATE SERVICE
    1194/udp open|filtered openvpn

    or just filtered if its not working

    0
  • R

    Thanks for the help netblues. I learned about nmap and found that I had to move to port 1197. All is working now. I appreciate your assistance.

    Also, I found that if I changed the IP in Under Client Connection Behavior as I described in my first post that it would not connect. I had to export the config from pfSense with the private IP and then change it to the public IP in Viscosity.

    0 N 1 Reply
  • N

    @robpur There is no reason for the one export method not to work versus the other. Most probably some typo.. Anyway if it works...

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy