Can't connect to OpenVPN via mobile app
-
Greetings,
As title suggest I am unable to connect to OpenVPN setup. I followed a guide that was straight forward but when attempting to connect the app just spins with no errors and nothing pops up in OpenVPN logs on pfsense. I utilized the OpenVPN wizard with pfense and it created the firewall rules to allow connection (so I thought). Im honestly at a loss of where to even start the troubleshooting.
Guide I followed: https://www.youtube.com/watch?v=cxhIpmov4TY&list=PLMNJkVy5O0QxrEzEqTtq2ti9-cQcV7D7y&index=38
Setup:
- Pfsense version 2.7.0-RELEASE (amd64)
FreeBSD 14.0-CURRENT - OpenVPN-config-export from package manager
- Also running Snort version 4.1.6
-Note I turned this off the WAN interface and attempting VPN and still nothing
-Snort policy set to "Security" - Regarding domain setup, I am using a domain from namecheap with Cloudflare as the DDNS.
- Pfsense version 2.7.0-RELEASE (amd64)
-
@stl_saint said in Can't connect to OpenVPN via mobile app:
but when attempting to connect the app just spins with no errors and nothing pops up in OpenVPN logs
Which client app are you using?
I expect, that it even writes a log. So what does it show? -
@viragomann I am using "OpenVPN Connect".
Edit To add what OpenVPN Connect log says:
The log simply states it is trying to repeatedly connect to my ip via port 1194 using UDPv4. That action timeout's and an "EVENT WAIT" entry shows and it repeats the connection attempt. This happens back and forth between the IPv4 and IPv6 addresses of my ISP provider. -
@stl_saint
In the client config, you have stated your dynamic DNS name?Does it resolver properly to your WAN address?
If so is there any packet arriving at WAN? Check the firewall rule, it should show matching connections and states.
Or sniff the traffic on WAN, while you attempt to connect to find out if the packets come through. -
In the client config, you have stated your dynamic DNS name? Does it resolver properly to your WAN address?Yes the client config does show my ddns name and it does resolve to my WAN through Cloudflare.
I have no noticed any connection or state via the Firewall and I am not seeing logs when attempting to connect (last time I checked.) I am at work right now and will look to provide some logs when I get home to show what I am seeing.
-
@stl_saint So I ended up contacting my ISP and setting a static IP. I completely redid my openvpn_server and created a new user and was able to connect to the vpn server. At this point I am going to assume the issue was with how my ISP was doing double natting and preventing me from gaining access because I followed the exact same guide to create the new server with the only change being the ip address being static vs using ddns. Thank you for the replies and input!
-
@stl_saint said in Can't connect to OpenVPN via mobile app:
assume the issue was with how my ISP was doing double natting
So your IP on pfsense was rfc1918 or cgnat range before? 100.64/10
or was your cloudflare dns in proxy mode? When you use cloudfare for ddns, you want to make sure it is dns only mode, not proxy mode.
-
@johnpoz It was the CGNAT range with ISP. I definitely had Cloudflare DNS entry in DNS only mode. I was getting two different IP's I was seeing. On pfsense I had one IP but when I did a public ip check it was a completely different one.
-
@stl_saint ok then yeah, if you were on some cgnat IP for pfsense wan 100.64-127.x.x then no you wouldn't gotten anything inbound to pfsense - unless is was specifically setup on the isp for you.
