pfsense 2.5.1 OpenVPN drop RDP to Windows Machine
-
pfsense 2.5.1 with OpenVPN
I encountered my OpenVPN connection problem, my connection to OpenVPN is connected.
I can ping to all my networks, however, when I want to RDP to Windows machine, the network will down..
Any idea what is the problem? -
If it is multi-wan try:
The only workaround I have found so far(in case someone needs it)
System >> Advanced >> Firewall & NATBypass firewall rules for traffic on the same interface
This is workaround but definitely a bug in 2.5.1
I also swicthed Openvpn to the other WAN
-
Hi, tried enabled "Bypass firewall rules for traffic on the same interface", but still encountered same issues.
My setup is only 1 x WAN, the WAN is private ip address in the Internal Network, it act as the WAN..Because I just want to use pfsense OpenVPN to create OpenVPN tunnel to my Internal Network..
I got another FW in front of pfsense, because that FW do not have SSL VPN features. -
Hi,
I encountered similar problem on two different installations so I decided to not creating another topic.
@wcpoon you description is not so precise, so I don't know if we have same problem.Issue occurred after migrating from 2.4.5p1 to 2.5.1. In both environment I had to rollback to 2.4.5p1.
On 2.5.1 OpenVPN is established correctly, RDP is connected smoothly and all looks ok... for few (up to 10) seconds. After this time RDP freezes and reconnect, after reconnection and few second of normal working it's again hangs. OpenVPN connection itself is stable.
Based on this I started digging around MTU, MSS and fragmentation. I tested in many combination "mssfix", "fragment", "tun-mtu", "link-mtu" and other similar OpenVPN statements. Nothing helped.Then I look closer to MSS and found these topics and bugs 1 2 3 4
After setting MSS on the OpenVPN interface to 1420 issue with RDP vanished.I compare /tmp/rules.debug from 2.4.5p1 and 2.5.1 both look similar, but in my opinion in 2.5.1 it's not working correctly and it need addition manual configuration on VPN interface.
I'll appreciate feedback from someone more familiar with iptables and how '/tmp/rules.debug' is interpreted.
@viktor_g Mayby you will be able to look at it could be connceted with: IPv6 PPPoE MSS incorrect@wcpoon I hope I helped you a little bit.
From my point of view below statements aren't working in 2.5.1, but I cannot prove that. :)
scrub from any to <vpn_networks> max-mss 1398 scrub from <vpn_networks> to any max-mss 1398
Regards.
2.4.5p1
[2.4.5-RELEASE][admin@XXX]/root: grep scrub /tmp/rules.debug scrub from any to <vpn_networks> max-mss 1398 scrub from <vpn_networks> to any max-mss 1398 scrub on $WAN all fragment reassemble scrub on $LAN all fragment reassemble scrub on $V100_10_0_100_0 all fragment reassemble scrub on $V102_10_0_102_0 all fragment reassemble scrub on $V104_10_0_104_0 all fragment reassemble scrub on $VPN_OpenVPN all fragment reassemble [2.4.5-RELEASE][admin@01]/root: grep vpn_networks /tmp/rules.debug table <vpn_networks> { 10.0.16.0/24 10.0.16.0/24 10.150.40.10/32 10.202.91.0/24 10.245.254.0/24 } scrub from any to <vpn_networks> max-mss 1398 scrub from <vpn_networks> to any max-mss 1398 [2.4.5-RELEASE][admin@01]/root:
2.5.1
[2.5.1-RELEASE][admin@02]/root: grep scrub /tmp/rules.debug scrub from any to <vpn_networks> max-mss 1398 scrub from <vpn_networks> to any max-mss 1398 scrub on $WAN inet all fragment reassemble scrub on $WAN inet6 all fragment reassemble scrub on $LAN inet all fragment reassemble scrub on $LAN inet6 all fragment reassemble scrub on $V100_10_0_100_0 inet all fragment reassemble scrub on $V100_10_0_100_0 inet6 all fragment reassemble scrub on $V102_10_0_102_0 inet all fragment reassemble scrub on $V102_10_0_102_0 inet6 all fragment reassemble scrub on $V104_10_0_104_0 inet all fragment reassemble scrub on $V104_10_0_104_0 inet6 all fragment reassemble scrub on $VPN_1 inet all fragment reassemble scrub on $VPN_1 inet6 all fragment reassemble scrub on $VPN_OpenVPN inet all max-mss 1380 fragment reassemble scrub on $VPN_OpenVPN inet6 all max-mss 1360 fragment reassemble [2.5.1-RELEASE][admin@02]/root: grep vpn_networks /tmp/rules.debug table <vpn_networks> { 10.0.16.0/24 10.0.16.0/24 10.150.40.10/32 10.202.91.0/24 10.245.254.0/24 } scrub from any to <vpn_networks> max-mss 1398 scrub from <vpn_networks> to any max-mss 1398 [2.5.1-RELEASE][admin@02]/root:
-
Hi,
my output,
[2.5.1-RELEASE][admin@pfSense.home.arpa]/root: grep scrub /tmp/rules.debug scrub on $WAN inet all fragment reassemble scrub on $WAN inet6 all fragment reassemble [2.5.1-RELEASE][admin@pfSense.home.arpa]/root: grep vpn_networks /tmp/rules.debug table <vpn_networks> { 192.168.77.0/24 }
My connection to RDP after authentication to Windows, the screen blank..
After that my ping will be timed out..
If i close my RDP Windows, the connection will be back after 30 seconds..
I can access to HTTPS, HTTP, SSH without any issues..Just wonder is it the version 2.5.1 bugs..
I will deploy version 2.5.0 to try it out again..