Question about dropped packets and firewall rules…openvpn



  • So been using pfsense for awhile but needed to get openvpn up and working, I'm network guy by day and play with stuff at night, linux user.  So i created all my certs and stuff and configure the openvpn piece and added a rule to allow anyone to  access port 1194 (openvpn), this rule shows up after the block private and block bogon and is my only pass rule.  So after I applied my changes I have tried on several occasions to connect but I am getting connection refused and looking at the firewall logs I see the packets going to 1194 being dropped by the default deny rule….wonder what I am missing.  Just so you know I am running the vmware image and using the 1.2.3RC1 image.  Any suggestions would be great, thanks.



  • Which interface are you trying to connect on and which interface is the rule on?



  • Hmm, well the pass rule that I added it to was the wan interface and that is where I see it showing up on the firewall logs…..



  • And you're trying to connect from the WAN interface?

    Are you using UDP or TCP for OpenVPN (it should be UDP)?  Does this match the firewall rule?



  • @Cry:

    And you're trying to connect from the WAN interface?

    Are you using UDP or TCP for OpenVPN (it should be UDP)?  Does this match the firewall rule?

    Yes trying to connect to the WAN interface, I've tried it both ways, I actually have the rule set to tcp/udp right now to accept either while I test, i started off with straight udp in the rule set.  Gonna do some more testing tonight, first time I created the rule I disabled it, cause I was ready to test.  Wondering now if when I re-enable it if it really did, because it acts as though the rule is not even there…..



  • Nevermind….fubar'd the rule, source AND destination ports were set to 1194....sometimes you cant see the forst for the trees.....lol....Thanks.


Log in to reply