Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My OpenVpn Server is behind my Optimum Altice Router

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Benhurharrison
      last edited by Benhurharrison

      Hi, This is my first time setting up a vpn and I'm having some problems contacting my server from a remote pfsense router. I've set-up both the client-side and the server-side using this guide here: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html

      After the initial boot when i check the status of my openVPN server the status is stuck on "Adding routes to system".

      And Trying to ping the server from the client doesn't work even though both of the services has a green check.

      Here are the logs after ending then restarting the server:

      GENERAL:

      Dec 22 19:56:34 php-fpm 652 /rc.start_packages: Restarting/Starting all packages.
      Dec 22 19:56:33 check_reload_status 481 Starting packages
      Dec 22 19:56:33 php-fpm 652 /rc.newwanip: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - -> 10.0.8.1 - Restarting packages.
      Dec 22 19:56:33 check_reload_status 481 Reloading filter
      Dec 22 19:56:33 php-fpm 652 /rc.newwanip: rc.newwanip called with empty interface.
      Dec 22 19:56:33 php-fpm 652 /rc.newwanip: rc.newwanip: on (IP address: 10.0.8.1) (interface: []) (real interface: ovpns1).
      Dec 22 19:56:33 php-fpm 652 /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
      Dec 22 19:56:32 check_reload_status 481 rc.newwanip starting ovpns1
      Dec 22 19:56:32 check_reload_status 481 Reloading filter
      Dec 22 19:56:32 php-fpm 72197 OpenVPN PID written: 23702
      Dec 22 14:56:32 kernel ovpns1: link state changed to UP
      **END**
      

      OpenVPN:

      Dec 22 14:56:32 openvpn 23702 UDPv4 link remote: [AF_UNSPEC]
      Dec 22 14:56:32 openvpn 23702 UDPv4 link local (bound): [AF_INET]192.168.1.132:1194
      Dec 22 14:56:32 openvpn 23702 Socket Buffers: R=[42080->42080] S=[57344->57344]
      Dec 22 14:56:32 openvpn 23702 /sbin/route add -net 192.168.20.0 10.0.8.2 255.255.255.0
      Dec 22 14:56:32 openvpn 23702 /usr/local/sbin/ovpn-linkup ovpns1 1500 0 10.0.8.1 10.0.8.2 init
      Dec 22 14:56:32 openvpn 23702 /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
      Dec 22 14:56:32 openvpn 23702 TUN/TAP device /dev/tun1 opened
      Dec 22 14:56:32 openvpn 23702 TUN/TAP device ovpns1 exists previously, keep at program end
      Dec 22 14:56:32 openvpn 23702 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=mvneta0.4090 HWADDR=f0:ad:4e:1d:17:8f
      

      I was wondering if it would matter if my netgate was behind a Optimum router and would i need to set firewall rules there for the VPN.

      Any help would be appreciated!

      V J 2 Replies Last reply Reply Quote 0
      • V
        viragomann @Benhurharrison
        last edited by

        @benhurharrison
        Nothing wrong to see.

        I was wondering if it would matter if my netgate was behind a Optimum router and would i need to set firewall rules there for the VPN.

        Of course you have to forward the OpenVPN UDP packets to pfSense WAN on port 1194. I assume, you did that already.

        What do you get on the client?

        B 1 Reply Last reply Reply Quote 0
        • J
          Jarhead @Benhurharrison
          last edited by Jarhead

          @benhurharrison
          Do you see your WAN address? 10.0.8.1, you don't receive a public address on your WAN because of the Altice router. Last I knew, they don't let customers into their equipment so you'll have to see if they will open the port for you. Good luck with that.
          Better to use a vpn that can work through NAT.

          Even better, buy your own modem and get rid of their router.

          B 1 Reply Last reply Reply Quote 0
          • B
            Benhurharrison @viragomann
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • B
              Benhurharrison @Jarhead
              last edited by

              @jarhead Yeah it's definitely a problem with NAT, I tried logging into the router to change it and I couldn't even change the wifi password..

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.