Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    TLS Authentication Fails

    Firewalling
    1
    3
    400
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      barrydbrown last edited by

      I have a system where the OpenVPN is connected to the LAN side. Everything works fine until I try to lock down the LAN using the firewall. I opened ports 1194 and 2020 (the OpenVPN port for the VPN). The system continues to work until I restart pfsense. Then I get authentication failure. There are no entries in the firewall log showing that any traffic was blocked from the IP, but if I activate the 'allow any' firewall rule, then the connection completes successfully.

      Using Wireshark, I was able to see that the first message after turning on the 'allow any' rule is a TLS Hello message. This message is being blocked by the firewall rules, somehow. I'm not certain why but it seems that the TLS protocol is blocked.

      I would like to tighten down the rules on the firewall. Is there any way to allow the TLS protocol through without opening up the LAN firewall to everything?

      1 Reply Last reply Reply Quote 0
      • B
        barrydbrown last edited by

        Nevermind. I had inadvertently set source to LAN Subnet. It now works perfectly. Thanks!

        1 Reply Last reply Reply Quote 0
        • B
          barrydbrown last edited by

          Ignore the previous comment. Unknowingly had connected to the fallback server. It only works if the 'allow any' rule is in effect.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy