Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues connecting to OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 4 Posters 829 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CMOS_BATTERYC
      CMOS_BATTERY
      last edited by

      I had to recreate my VPN after my neighborhood got a random new installation of meters right before I left for college. I come home and I have it all going and connected so long as I use the LAN address of the pfSense box. I'm having issues using my public IP address connecting.

      Is the whole issue for this that I'm trying to connect within the network and its too redundant or have I botched using the wizard? I left all settings default other than exporting and using the Public IP as the Hostname for the VPN as it should be. I also changed to remote access with just user auth.

      R 1 Reply Last reply Reply Quote 0
      • R
        Ryu945
        last edited by Ryu945

        If I understand your question correctly, you can connect to your VPN on LAN but not from a public IP. If this is the case, do you have a firewall rule on WAN interface that opens up your OpenVPN port so that it can be connected to from outside? It would look something like this:

        Interface: WAN

        Source: any
        Source Port: any

        Destination: WAN
        Destination port (1194) or whatever your OpenVPN port your connecting on.

        CMOS_BATTERYC 1 Reply Last reply Reply Quote 0
        • CMOS_BATTERYC
          CMOS_BATTERY @Ryu945
          last edited by

          @ryu945 yes, so if I use the LAN IP address I can connect to the VPN so long as I’m connected to the network. I have the pre done fire wall rules that OpenVPN offered at the end of the wizard.

          R 1 Reply Last reply Reply Quote 0
          • R
            Ryu945 @CMOS_BATTERY
            last edited by

            @cmos_battery Is your VPN server set up to be on the LAN or WAN interface?

            1 Reply Last reply Reply Quote 0
            • T
              ThatGuy
              last edited by

              @CMOS_BATTERY ,

              When you log into pfSense, is your WAN address your true public IP address? Or is it something like 192.168.X.X. Whatever number you see there make a note of it. Then Google "What's my IP address?" Is it the same number....cause it better be.

              My guess is you could be double NATed. When you say "new installation of meters" what does that mean? Did you get a new modem? Maybe they switched you over to Carrier Grade NAT? Hope that's not the case. If so, your VPN is never going to work.

              ThatGuy

              CMOS_BATTERYC 1 Reply Last reply Reply Quote 0
              • CMOS_BATTERYC
                CMOS_BATTERY @ThatGuy
                last edited by CMOS_BATTERY

                @thatguy no just the power meter, the guy didn’t ask before hand if I needed to turn anything off. Just went house to house unplugging and working. I am having to do double NAT. My ISP at my parents house is the best in the area but stuck us with a terrible gateway device.

                The entire system is fiber so it comes to a modem locked outside, then connects to the gateway in the house through Ethernet rather than COAX. The IP of my pfSense WAN is taken from DHCP and in previous setups it worked. Unfortunately I’m sure everyone reading this knows how unreliable equipment of any caliber can be when it has a random blackout in the building.

                When I setup the VPN initially I could connect to it using the LAN IP of the pfSense box even from the upstream gateway. Unfortunately when I go to use my true WAN that’s on the gateway box I can no longer connect down to the VPN like I previously had. I can’t say much for the setup, it’s exactly me going through the wizard and following step by step. I have the public network set and the virtual IP address set.

                I’ve even gone to the lengths of disabling the blocking of private and bogon networks. Both the WAN and LAN portions of the firewall rules are working so I can’t imagine what at this point is stopping me. I did release and renew my WAN address but that did not help.

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @CMOS_BATTERY
                  last edited by

                  @cmos_battery
                  You have to set the OpenVPN server to listen on the WAN interface.
                  And on the ISP gateway you have to forward OpenVPN traffic to your WAN.

                  You can use the packet capture utility on pfSense to check if the OpenVPN packets arrive on the WAN.

                  1 Reply Last reply Reply Quote 0
                  • T
                    ThatGuy
                    last edited by ThatGuy

                    Starting to sound like to me you have an ISP using Carrier Grade Nat. When you go to Google and ask "What is my IP address?" What are the first three octets? For example, if you were on a typical LAN you're first three octets could be 192.168.1? There is a good chance if we knew your first three public IP address octets we could tell if you are on Carrier Grade NAT.

                    If your ISP is using Carrier Grade NAT the ONLY way you could get this to work would be by requesting a static IP from your ISP. And yes, you'll probably have to pay extra for it.

                    ThatGuy

                    1 Reply Last reply Reply Quote 0
                    • R
                      Ryu945 @CMOS_BATTERY
                      last edited by

                      @cmos_battery In your settings under VPN -> OpenVPN -> Server ; does it say this?

                      https://imgur.com/fUgdRch.png

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.