TLS Authentication Fails

  • I have a system where the OpenVPN is connected to the LAN side. Everything works fine until I try to lock down the LAN using the firewall. I opened ports 1194 and 2020 (the OpenVPN port for the VPN). The system continues to work until I restart pfsense. Then I get authentication failure. There are no entries in the firewall log showing that any traffic was blocked from the IP, but if I activate the 'allow any' firewall rule, then the connection completes successfully.

    Using Wireshark, I was able to see that the first message after turning on the 'allow any' rule is a TLS Hello message. This message is being blocked by the firewall rules, somehow. I'm not certain why but it seems that the TLS protocol is blocked.

    I would like to tighten down the rules on the firewall. Is there any way to allow the TLS protocol through without opening up the LAN firewall to everything?

  • Nevermind. I had inadvertently set source to LAN Subnet. It now works perfectly. Thanks!

  • Ignore the previous comment. Unknowingly had connected to the fallback server. It only works if the 'allow any' rule is in effect.

Log in to reply