New OpenVPN install accessible on lan but not from internet
-
@SteveITS That is what I was thinking, something "got stuck" but how do you figure out what it may have been? I would figure with all the logs that one may shed some light but I haven seen anything that jumps out at me. I setup the client on the laptop and over wifi it connects, havent had a chance to try it from the cell hot spot yet.
-
@LPD7 said in New OpenVPN install accessible on lan but not from internet:
havent had a chance to try it from the cell hot spot yet
Then do so.
Because that's what you want (I guess) : be able to reach your pfSense and/or LAN from 'everywhere'.As soon as you connect to your WAN IP, you should see this :
I have a VPN connection right now to my pfSense, so there is 1/ connection and /123 Kb of traffic. This counter goes up upon receiving traffic that matches that rule > a proof that OpenVPN traffic comes into the OpenVPN server.
If your counters stay at 0/0 then you know that traffic isn't even reaching pfSense.
I didn't know I could use a device on the pfSense LAN, and use it to connect to the OpenVPN server running at pfsense but, hey, why not. Using the WAN interface ( ?? ) that's more delicate as that would be needing NAT refection (I guess). Never needed to do that.
My situation : when I'm using a device on my LAN, I can use https (TLS), so the connection to the GUi is pretty good protected, no need to wrap that secure traffic in another encrypted tunnel.
When I'm outside, and want to access the GUI, I fire up the OpenVPN on my device, and then I can connect to my pfSense GUI, or any other LAN based device like the airco, NAS, dvr, printer, whatever.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan Hello Gertjan thanks for replying, I have pasted the floating rules below.
I have removed the RFC1918 rule but wondered if based on my read of the details if either option (see below ) isnt a good thing to have for added security. I am going to read up more on these to get better educated on their intended purpose.
Regarding your comment "Your second (and now only) OpenVPN firewall WAN rule : change "WAN_0 address" for 'This Firewall', what impact will that change have? This also is new to me.
I have tested the VPN access using my cell phone and the providers assigned IP address with wifi off and it is able to connect so am hoping/expecting that when using the hot spot from the laptop the results should be the same but will verify here shortly to confirm.
PS.. The chevron image in your profile, are you/were you Navy?
-
@Gertjan Ok so I was able to connect to the VPN from my laptop using the bluetooth connection for the hot spot since I disabled wifi on the cell phone to ensure all traffic going over cell provider. Cell service is weak here so it is slow but traffic is passing (see below). So I guess given this can now confirm vpn is working across the 2 devices as expected but why the initial issue or can it be considered a one off and is everything else setup as it should for best performance and security.
