Issues connecting to OpenVPN
-
I had to recreate my VPN after my neighborhood got a random new installation of meters right before I left for college. I come home and I have it all going and connected so long as I use the LAN address of the pfSense box. I'm having issues using my public IP address connecting.
Is the whole issue for this that I'm trying to connect within the network and its too redundant or have I botched using the wizard? I left all settings default other than exporting and using the Public IP as the Hostname for the VPN as it should be. I also changed to remote access with just user auth.
-
If I understand your question correctly, you can connect to your VPN on LAN but not from a public IP. If this is the case, do you have a firewall rule on WAN interface that opens up your OpenVPN port so that it can be connected to from outside? It would look something like this:
Interface: WAN
Source: any
Source Port: anyDestination: WAN
Destination port (1194) or whatever your OpenVPN port your connecting on. -
@ryu945 yes, so if I use the LAN IP address I can connect to the VPN so long as I’m connected to the network. I have the pre done fire wall rules that OpenVPN offered at the end of the wizard.
-
@cmos_battery Is your VPN server set up to be on the LAN or WAN interface?
-
When you log into pfSense, is your WAN address your true public IP address? Or is it something like 192.168.X.X. Whatever number you see there make a note of it. Then Google "What's my IP address?" Is it the same number....cause it better be.
My guess is you could be double NATed. When you say "new installation of meters" what does that mean? Did you get a new modem? Maybe they switched you over to Carrier Grade NAT? Hope that's not the case. If so, your VPN is never going to work.
-
@thatguy no just the power meter, the guy didn’t ask before hand if I needed to turn anything off. Just went house to house unplugging and working. I am having to do double NAT. My ISP at my parents house is the best in the area but stuck us with a terrible gateway device.
The entire system is fiber so it comes to a modem locked outside, then connects to the gateway in the house through Ethernet rather than COAX. The IP of my pfSense WAN is taken from DHCP and in previous setups it worked. Unfortunately I’m sure everyone reading this knows how unreliable equipment of any caliber can be when it has a random blackout in the building.
When I setup the VPN initially I could connect to it using the LAN IP of the pfSense box even from the upstream gateway. Unfortunately when I go to use my true WAN that’s on the gateway box I can no longer connect down to the VPN like I previously had. I can’t say much for the setup, it’s exactly me going through the wizard and following step by step. I have the public network set and the virtual IP address set.
I’ve even gone to the lengths of disabling the blocking of private and bogon networks. Both the WAN and LAN portions of the firewall rules are working so I can’t imagine what at this point is stopping me. I did release and renew my WAN address but that did not help.
-
@cmos_battery
You have to set the OpenVPN server to listen on the WAN interface.
And on the ISP gateway you have to forward OpenVPN traffic to your WAN.You can use the packet capture utility on pfSense to check if the OpenVPN packets arrive on the WAN.
-
Starting to sound like to me you have an ISP using Carrier Grade Nat. When you go to Google and ask "What is my IP address?" What are the first three octets? For example, if you were on a typical LAN you're first three octets could be 192.168.1? There is a good chance if we knew your first three public IP address octets we could tell if you are on Carrier Grade NAT.
If your ISP is using Carrier Grade NAT the ONLY way you could get this to work would be by requesting a static IP from your ISP. And yes, you'll probably have to pay extra for it.
-
@cmos_battery In your settings under VPN -> OpenVPN -> Server ; does it say this?
https://imgur.com/fUgdRch.png
