OpenVPN traffic being blocked by default deny rule for some users?
-
I have a basic openVPN server setup on my pfsense (v 22.01), and have made a few VPNs for different users. My VPN works just fine, it connects, passes the appropriate routes, and I can access everything I expect to.
However an identical VPN for another user I just created does not allow any access to subnets behind the firewall at all. The VPN connects successfully, the openvpn logs all show a successful connection. If I check the routes when the user is connected everything looks fine, but still nothing is accessible.
When checking the firewall logs I can see that any traffic for this user is blocked by Default deny rule IPv4 (1000000104) or Default deny rule IPv4 (1000000103). I am confused why this is happening, I am testing them both from my computer and as far as I can tell everything is pretty identical.
Edit: I should add that the pfsense this VPN is on is behind another pfsense. The outside pfsense has an alias WAN address with a port forward pointing to the inside pfsense.
-
@wmw509 Bump....anyone else ever have anything like this happen? Kind of has me pulling my hair out, I have probably set up openvpn hundreds of times and never had this issue
-
@wmw509 said in OpenVPN traffic being blocked by default deny rule for some users?:
When checking the firewall logs I can see that any traffic for this user is blocked by Default deny rule IPv4 (1000000104) or Default deny rule IPv4 (1000000103).
Ensure that the blocked packets are SYN and not anything else.
Inexplicable blocks are often due to asymmetric routing. -
@wmw509 Post the rules on your OpenVPN tab. Also, did you assign your tunnels to interfaces? If so, are there rules allowing traffic on those interfaces?