OVPN client connection kills OVPN server connections
-
I am hoping someone can help point me in the right direction for this very strange issue I am having. I have been using PFSense with OVPN for many many years with the same configuration. I have a "client" OVPN connection to IPVanish. I used these instructions to set that up many moons ago:
https://forum.netgate.com/topic/116235/guide-how-to-connect-pfsense-openvpn-client-to-ipvanish
I have really never had any problems with it at all. I also used to have OVPN setup as a server for my "clients" to have access to my network when they are out and about and all of that always worked perfectly fine. I used a very straight forward configuration using the OVPN server wizzard with a few modifictions like some extra FW rules, etc...
I had been experimenting with wireguard outside of PFSense for quite a while and was very familiar with it so when I installed the 2.5 update I just moved to wireguard and had it up and running quickly and got rid of my OVPN server config. Hindsight that was sadly a big mistake so I of course I ripped out my wireguard config, re-ran the OVPN wizzard and here is where the bizzare issue starts.
If I have the OVPN client connection to IPVanish running and connected, my clients cannot connect to the OVPN server from the WAN side. They can connect to the OVPN server via any internal network just fine. If I stop the OVPN client connection to IPVanish then my OVPN clients can connect to the OVPN server from the internet / WAN no problems. I am not seeing any packets being dropped anywhere on the firewall side and that is confirmed by the fact that I can connect fine when the OVPN connection to IPVanish is turned off. The message on the client (when the IPVanish connection is turned on) is "TLS handshake failed" which is generic but suggests it cannot connect at all.
I'm really not even sure what to post here in terms of logs or configs. I have spent hours reviewing logs and configs and packet captures nothing sticks out that has helped me determine what is going on. It's as if the OVPN client connection somehow "steps" on the inbound OVPN server port 1194 on the WAN side? I don't even know how that would be possible.
If anyone has any ideas of what logs or configs I can look at or even post to get a better idea of what is going on I would be very grateful.
TIA!
-
@uproden22
Did you assign an interface to the OpenVPN client instance? If no, you should do that.Also ensure that you have a firewall rule on the WAN interface allowing the access to your OpenVPN server and that this rule is applied. That means no floating rule and no one on an interface group if applicable must match the incoming OpenVPN connections on WAN 1194.
-
@viragomann You are a life saver! I had a floating rule for 1194 which I didn't remember creating. Thank you so much!