Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn permission denied, NAT FTP problem, traffic not forwarded to default gw

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nathou
      last edited by

      Hi,

      I recently applied a 1.2.3 configuration to a new 2.0.2-RELEASE pfsense box (as this page says it's possible : http://doc.pfsense.org/index.php/Can_I_restore_a_pfSense_configuration_to_a_different_version%3F ).

      This is a simple configuration with 3 interfaces : LAN - Wifi - WAN ; I have some experience in managing and upgrading 1.2.3 / 2.0 pfsense boxes, so it should be simple… but still I'm having trouble configuring external access : OpenVPN and FTP port forward, which were already configured and working in the 1.2.3 box. The only change is external IP address and gateway.

      • First weird thing : There is only one gateway, it is associated with the WAN interface, it is marked as default gateway. There is no static routing. However, to let LAN users access the Internet, I had to select the gateway in the default firewall rule. Leaving the "default" option, TCP and UDP didn't work but ping did work. Am I missing something here ?

      • OpenVPN server is set up, running as root. There is one rule to accept OpenVPN traffic. The OpenVPN server sees the incoming traffic but cannot answer : I get the following error message several times in the OpenVPN log when trying to connect from the outside :
        openvpn[301]: xxx.xxx.xxx.xxx:39652 write UDPv4: Permission denied (code=13)
        (xxx.xxx.xxx.xxx is the IP address of my OpenVPN client)
        And then I finally get the classic "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)".
        I searched this permission denied error on the Internet but mostly found threads about this happening to the client… not to the server... they were not helpful.

      • Port 21 forwarding to a FTP server in the LAN is configured (and was working well on the previous setup).
        But my FTP client cannot connect at all (I'm not talking about passive ftp not working, the client cannot connect from the beginning). After a few troubleshooting steps, it seems like the first SYN paquet is correctly passed to the FTP server, the SYN ACK paquet is sent from the FTP server in response and shows up on the LAN interface, but it is blocked by the default firewall rule and doesn't get to LAN... why ?
        I re-created the NAT associated firewall rule, and also tried using "pass" in the firewall rule association.

      With all these different problems, I think I'm missing something...

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.