openvpn not working from local network

Gertjan

@serj161 said in openvpn not working from local network:

127.0.0.1:8045

I don't understand the context "127.0.0.1".
This means the connection comes in at 127.0.0.1 : this means the OpenVPN client runs on pfSense itself ?
Normally, a connection comes in the (a) WAN interface.

I've selected :

and still don't understand the subject "openvpn not working from local network".

You've exported a opvpn config file with certificates, using OpenVPN > Client Export Utility, right ?

michmoor

@serj161 So you use OpenVPN to bypass any GeoIP restrictions?
Or are you trying to use OpenVPN for that use case? Its not really clear what it is you are asking.

serj161

if 2 wan connections are used, then the settings were made according to this instruction - https://docs.netgate.com/pfsense/en/latest/multiwan/openvpn.html
NAT

WAN1

WAN2

serj161

@gertjan

Gertjan

@serj161

Ah, ok saw https://docs.netgate.com/pfsense/en/latest/multiwan/openvpn.html.

Using a NAT rule -> Redirecting to localhost is a thing when you use multiple WANs.
Is this so you can create a openvp client config that will use any of the available WANs ?

Does it work if you set up a classic : one openvpn server on one WAN, and a second openvpn server on the other WAN ? So no need to nat to 127.0.0.1.

serj161

@gertjan
I use 1 VPN server, 2 remote connections are specified in the user config

Gertjan

@serj161

I've set up my OpenVPN server like you :

so now it listens to 127.0.0.1:1194 UDP.

I created a NAT rule (only one, as I have just one WAN) :

that redirects to 127.0.0.1:1194

A firewall was also created, as it is part of the NAT rule :

I've tested with my phone, and I can connect just fine to my pfSense OpenServer.

@serj161 said in openvpn not working from local network:

TLS Error: TLS key negotiation failed to occur within 60 seconds

https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/
? a generic 'network not ok', like upstream router not natted ?

serj161

@gertjan
maybe I don't have enough outbound rules, can you show the rules in the "Outbound" tab for the VPN?

Gertjan

@serj161

Nothing to do over there for a VPN server :

serj161

@gertjan
I agree, I have the same rules.
I'll try to return the default settings and configure a different vpn server for each interface. thank you for your help.