Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Connection to pfSense

    Off-Topic & Non-Support Discussion
    3
    4
    919
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      crasht1me
      last edited by

      Hello,

      I have local NPS server, which I have setup as an authentication server for pfSense. NPS authenticates against an Active Directory database with MFA enabled. I have setup a OpenVPN server, which uses user authentication from the NPS server. When I connect using OpenVPN locally, I enter my credentials and authorize the login from Microsoft Authenticator and everything works - I get an IP assigned.

      When I try the same thing, but from outside the network - it fails. This means that it must be related to pfsense firewall rules and etc. Do you have any idea what could cause that or where can I start with the debug?

      Thanks

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @crasht1me
        last edited by

        @crasht1me Is your Windows Server firewall blocking traffic not from it's local subnet? Windows Defender has a nasty habit of blocking traffic from networks it doesn't see regularly. You can test this temporarily by disabling defender for a bit to see if it accepts the traffic request.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Mmm, I would have expected the authentication traffic to have been between pfSense and NPS in that situation. Maybe the MFA part is forwarded?

          The server side authentication logs are the first place I would check.

          1 Reply Last reply Reply Quote 1
          • C
            crasht1me
            last edited by

            Thank you for the answers! It turned out to be unrelated to pfsense issue, which is now resolved.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post