Connecting to pfSense OpenVPN from inside LAN



  • I can successfully connect to my pfSense 1.2.3 server through OpenVPN from a remote computer, but not from LAN the server belongs to.
    I get the following error in the logs: TCP/UDP: Incoming packet rejected from 192.168.10.1:1194[2], expected peer address: XX.XXX.XX.XXX:1194 (allow this incoming source address/port by removing –remote or adding --float)
    I don't have the --remote option in the client config.
    Please help!



  • Did you check the checkbox "Dynamic IP"?

    Allow connected clients to retain their connections if their IP address changes.



  • I didn't as i have a static WAN IP. Should it be on?
    it doesn't resolve my issue.



  • You're mixing up where you have dynamic and where you have static IPs.
    This option is to allow dynamic clients to connect.

    OpenVPN notes what the IP of a certain client is/was. If the source IP of the client changes, the server throws an error.
    You explicitly have to allow that the source IP of the client can change.

    I suggest you read the OpenVPN man-page on the available option.
    The GUI of pfSense does nothing more than generate an OpenVPN config file.
    You can look at this file under /var/etc/



  • Thanks for the tip, but switching this option on doesn't change anything, I still get the same error



  • Did you look at the generated config file?



  • @Xefan:

    I can successfully connect to my pfSense 1.2.3 server through OpenVPN from a remote computer, but not from LAN the server belongs to.
    I get the following error in the logs: TCP/UDP: Incoming packet rejected from 192.168.10.1:1194[2], expected peer address: XX.XXX.XX.XXX:1194 (allow this incoming source address/port by removing –remote or adding --float)
    I don't have the --remote option in the client config.
    Please help!

    same problem I had also. when i was using UDP Port. But if you use TCP. You can connect your opnvpn client to your openvpn server from lan.
    I dont know the reason why i couldnt use UDP. BUt same setting if i use tcp It works.
    make sure your opnvpn client config file has those lines…...

    float
    port 1194
    dev tun
    dev-node tap0
    proto tcp-client
    remote your wan ip
    1194
    ping 10
    persist-tun
    persist-key
    tls-client
    client
    ca ca.crt
    cert whatever your clint name.crt
    key whatever your clint name.key
    ns-cert-type server
    comp-lzo
    verb 4
    I hope it will help you....


Log in to reply