I'm just missing a bit, can you help?
-
Due to Unifi's awful implementation of OpenVPN by way of not allowing persistent custom options I've come back to my trusty PFSense.
I have internet to unifi router with UDP port 1194 forwarded to PFSense in the lan.
Pfsense is on a stand alone PC with just LAN cable connected.
In PFSense WAN is simply disabled.
I have configured OpenVPN to listen on LAN connection UDP port 1194I've tried a PCAP on PFSense and see the incoming packet.
19:28:52.221140 IP connecting.public.ip.address.21067 > 10.0.0.4.1194: UDP, length 54
and in sockets
root openvpn 44809 6 udp4 10.0.0.4:1194 :
So PFSense seems to be receiving the request and listening for it but not reacting to it.
OpenVPN logs show no reaction to the connection attempt either.
What am I missing?Happy to submit further information to assist.
Thanks in advance!
-
@alanbaker
Is UPD port 1194 allowed from anywhere in the LAN rules?
Possibly the source is limited to the LAN subnet.@alanbaker said in I'm just missing a bit, can you help?:
19:28:52.221140 IP connecting.public.ip.address.21067 > 10.0.0.4.1194: UDP, length 54
If the OpenVPN server is listening on this IP and port and the firewall allows the access, I expect to see something in the OpenVPN log. Otherwise there must be something wrong with the server.
-
Thanks but I'mafraid to say I've had a conversation with chatgpt about it and it didn't take long to find the solution, firstly as you suggested I binded to any interface, then created a dedicated firewall rule in the LAN interface.
Then got
Connection Attempt write UDPv4: No route to host (fd=6,code=65)
in OpenVPN logsWhich again chatgpt advised creating a default gateway route back to the UDM in System/Routing
Hope this helps someone else in the future.