default deny rule blocking allowed traffic

Popolou · Jan 31, 2024, 8:07 PM

If you reset the states does that still occur? The second server is configured for TCP rather than UDP?

ziggy94 · Jan 31, 2024, 8:09 PM

@Popolou 1195 is for a p2p that is unrelated.
The active primary remote access is 1194.
I did reset the state and I got the same error.

Popolou · Jan 31, 2024, 8:12 PM

@ziggy94 Sure, but i am referring to the second OpenVPN server as you wrote, not the second table entry.

ziggy94 · Jan 31, 2024, 8:14 PM

@Popolou yes the second one is to be used by end users while primary is for IT.
Should the second one be set for UDP over TCP even if it's not for a fail over or something along those lines?

ziggy94 · Jan 31, 2024, 8:17 PM

@ziggy94 UDP instead of TCP* sorry that was poor wording.

Popolou · Jan 31, 2024, 8:20 PM

@ziggy94 Either is fine & UDP is default but TCP is 443 IIRC. Is the second server configured to use the WAN interface?

ziggy94 · Jan 31, 2024, 8:22 PM

@Popolou sorry, I'm not sure what you mean here.

Popolou · Jan 31, 2024, 8:25 PM

Check your settings for the second OpenVPN server, such that this is what it should be for the default: -

If you want the second server to work against that FW rule, you want to change the protocol to TCP and the port to 1196 on the WAN.

ziggy94 · Jan 31, 2024, 8:33 PM

@Popolou yes so the default server was that and I did change it to use TCP instead of UDP on port 1194. That is the primary used by IT.
The secondary one I just built yesterday using TCP on port 1196.
both are using the WAN.
so did I make a config error here?

ziggy94 · Jan 31, 2024, 8:39 PM

@Popolou It's been a long day so sorry if I am just being a bit dense here. haha

Popolou · Jan 31, 2024, 11:19 PM

@ziggy94 Cannot see one myself. There is no special routing going on presumably? Very odd especially if one server is running well. Perhaps leave everything as is and do a reboot to see if that cleans things up. Not convenient, i know.