OpenVPN Configuration
-
Hi Netgate Community,
A customer is having trouble making their OpenVPN work. Can you help us with this?
Please see attached zip file for reference. It includes their current network setup and the steps they did to configure their OpenVPN.
OpenVPN.zipBest Regards,
-
@Tiger-0
I see two obvious issues , there might be more ... later.1: Your modem is prob not forwarding TCP 1194 to the pfsense Wan ip.
If true the pfSense never sees any OpenVPN packets , from the clients.2: Your Client export uses the pfSense wan (192.168.245.135) , as connect ip address not your modems public ip.
A remote client willl NEVER be able to connect to an RFC1918 address via the internet.Fix those issues , and it will prob work.
Ps: You did notice your Server cert expires looong time before your Client cert
PPs: Why did you choose TCP 1194 , and not UDP 1194 (as normally used) ?
Someone else have to explain how to "convince pfSense OpenVPN Server" or maybe just OpenVPN Client export , how to specify the Modems Public IP as the connect IP adress , instead of the RFC1918 Wan IP.
@kiokoman
Any wise words ?/Bingo
-
Found a hint here (from RICO in 2019)
https://forum.netgate.com/post/829478Seems like you manually have to edit your "Client export ovpn config file"
And replace your RFC1918 WAN ip with the modem's public ip.See post further down.
/Bingo
-
why me?
based on what I see, your current.png draw is wrong you are doing double nat so you have a modem with 192.168.254.254 and your pfsense wan is 192.168.254.135 with a LAN set to 192.168.200.0/24? you must be sure you are port forwarding everything to pfsense from your modem. the best would be to put the modem in bridge and let pfsense handle the public IP, follow @bingo600 suggestions -
@Tiger-0
Seems like you can convince the Client Export to use "Other IP"Try to select "Other" , and enter the Modem public ip in the host Name field
/Bingo
-
-
They followed the tutorial given and it works (Locally when LAN Connected to Firewall) Lawrence Systems: https://www.youtube.com/watch?v=PgielyUFGeQ&t=1177s
What they trying to achieve is for User can access the local system(server) at home/anywhere using the OpenVPN.
Plus: They don't have a Public IP but their ISP provided a Static IP, does their router AP Mode from need to change from Route to Bridge Mode? if it is not needed can you give us other options.
They tried to change the WAN configuration aligned to our Static IP (120.28.x.x) but this process ain't working.Pls see also their updated network diagram
-
Packet capture the pfSense WAN Interface to check if the OpenVPN traffic even hit pfSense or not.
Your problem could be completely upstream (ISP related), you should check this first.-Rico