PfSense block IP, Default deny rule IPv4

charneval

Hi

by few days we have a problem with our installation.

Pfsense started blocking an IP which is our and is utilized for VPN connections

This IP can only connect with a dedicated Pass rule

Do you have any idea how this happens?

Thanks

Gertjan

@charneval said in PfSense block IP, Default deny rule IPv4:

Do you have any idea how this happens?

No. And we can't know, just presume several scenarios. And many are just imaginable / make no sense.

So, tell us more about your setup.
A VPN client on your side - connecting to where / what OpenVPN server ?
Or are 'you' (the firewall image above) the OpenVPN server, and a client is connecting ?

Your pfSense is connected to what - an ISP upstream ISP router ?
Are there more devices connected on that 'ISP' device ?
The firewall log can be explained if a device connected to an upstream ISP router connects to the pfSense WAN, to access it's LAN interface. If there is no firewall pass rule for this, you will hit the wall == rule number 10000000103 or the general block all rule.

If the image shown is your WAN interface, then the RFC1918 destination IPs (192.168.0.1) is a strange thing, as these can't come from the outside, also known as the Internet, as these are not rout-able over Internet.

stephenw10

Yup, what is 192.168.0.1?

What and where is the IP address you have redacted?

What are those connections if they're supposed to be passed?

Steve

charneval

Hi,

the problem was our fault, nothing wrong with PfSense.

The OpenVPN client stop working with 2.6.2 udpate. It starts working again with the one that PfSense have in bundle with the config.