TLS Authentication Fails
I have a system where the OpenVPN is connected to the LAN side. Everything works fine until I try to lock down the LAN using the firewall. I opened ports 1194 and 2020 (the OpenVPN port for the VPN). The system continues to work until I restart pfsense. Then I get authentication failure. There are no entries in the firewall log showing that any traffic was blocked from the IP, but if I activate the 'allow any' firewall rule, then the connection completes successfully.
Using Wireshark, I was able to see that the first message after turning on the 'allow any' rule is a TLS Hello message. This message is being blocked by the firewall rules, somehow. I'm not certain why but it seems that the TLS protocol is blocked.
I would like to tighten down the rules on the firewall. Is there any way to allow the TLS protocol through without opening up the LAN firewall to everything?
Nevermind. I had inadvertently set source to LAN Subnet. It now works perfectly. Thanks!
Ignore the previous comment. Unknowingly had connected to the fallback server. It only works if the 'allow any' rule is in effect.