OpenVPN connection fails unless appliance has static IP WAN

Reply to OpenVPN connection fails unless appliance has static IP WAN on Mon, 02 Aug 2021 01:26:41 GMT

JKnott — Mon, 02 Aug 2021 01:26:41 GMT

@abinition said in OpenVPN connection fails unless appliance has static IP WAN:

Away you go...

What about IPv6?

Reply to OpenVPN connection fails unless appliance has static IP WAN on Mon, 02 Aug 2021 00:25:56 GMT

abinition — Mon, 02 Aug 2021 00:25:56 GMT

Solved!

For those with ATT Uverse Arris NVG599 router and a block of 5 static IP's, the key to getting OpenVPN to connect is as follows:

Leave WAN interface in DHCP mode. Ex: 192.168.1.199
Add a static route for the x.y.z.48/29 network
Add 5 CARP VIP's 49,50,51,52,53
Use OpenVPN wizard to generate WAN address service
Confirm RULE also written for port 1194 WAN address
Add NAT to translate x.y.z.53 for port 1194 to WAN address 192.168.1.99
Export openvpn config.
Edit the config and change 192.168.1.199 to x.y.z.53

Away you go...

Reply to OpenVPN connection fails unless appliance has static IP WAN on Sun, 01 Aug 2021 20:47:47 GMT

abinition — Sun, 01 Aug 2021 20:47:47 GMT

I stand corrected: the WAN setting via the console or via the web gui are the same thing.

But, the provider router is an ATT Uverse Arris NVG599. It can be a DHCP server of the static sub-net, so it can assign the pfsense router one of those static IPs. When that happens, how I don't know exactly, things will work great, including openvpn.

But if the pfsense appliance get's assigned a 192.168 DHCP IP, then there seems no way to contact the OpenVPN server. But all the CARP VIP's work just great.

If the pfsense is assigned one of the static IPs, then no remote connections, including HTTP,SSH,OpenVPN seem to get thru on the other VIPs.

Maybe tell the NVG599 router about the mac address of the pfsense appliance and have it allocated one of the static IPs to that.