Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No traffic on UDP tunnel

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 510 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bigan
      last edited by

      I've got a weird issue.

      I've set up OpenVPN on pfSense. My goal is to use UDP port 443 and have TCP port 443 as a backup.

      Environment
      Cisco ASA sitting at network edge.
      This device does all NATing and firewalling for the network. I have access to this device but I cannot remove it. (Government network)

      PfSense 2.5.2

      I've got the ports forwarded from the upstream Cisco ASA to the internal "WAN" IP of pfSense and OpenVPN is set up using PKI.

      TCP 443 connects and works perfectly.
      UDP 443 will connect just fine but will not allow traffic across the VPN.

      These two servers are set up identical to each other. The only difference is the protocol.

      I've created rules in pfsense to allow the required traffic through. I've turned on firewall logging to see if the firewall was blocking the traffic. (It's not)

      The Cisco ASA does not show any ACLs blocking UDP ports. I tried moving to UDP 1194 but I have gotten the same results.

      TCP 443 connects and passes traffic just fine. UDP 443 or UDP 1194 will connect, give the client the correct IP from the pool, and add routes for local networks.

      I've done a packet capture for both UDP ports with pfSense. I am getting UDP packets from both directions.

      I know the Cisco ASA is not causing the issue because I can connect to the internal IP of pfSense and I get the same results.

      Has anyone run into this issue?
      WAN rules.JPG

      VPN rules.JPG

      VPN servers.JPG

      1 Reply Last reply Reply Quote 0
      • B
        bigan
        last edited by

        I've found that if I redirect all traffic through the VPN, traffic works normally across the VPN.

        I used the following in the server config.
        push "redirect-gateway def1"

        So is this a client issue?

        Route print on the client shows the local networks correctly in the clients routing table when I push "route x.x.x.x x.x.x.x"

        But no traffic will traverse when when I push route. It only works when I push "redirect-gateway def1"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.